Encrypting passwords in memory when running on Windows desktop.

Author: stgates

Release/include/cpprest/oauth1.h

@@ -35,6 +35,12 @@ namespace web
 {
 namespace http
 {
+namespace client
+{
+    // Forward declaration to avoid circular include dependency.
+    class http_client_config;
+}
+
 /// oAuth 1.0 library.
 namespace oauth1
 {

Release/include/cpprest/oauth2.h

@@ -35,6 +35,12 @@ namespace web
 {
 namespace http
 {
+namespace client
+{
+    // Forward declaration to avoid circular include dependency.
+    class http_client_config;
+}
+
 /// oAuth 2.0 library.
 namespace oauth2
 {

Release/include/cpprest/web_utilities.h

@@ -32,56 +32,77 @@
 
 namespace web
 {
-    class web_proxy;
-namespace http { namespace client {
-    class http_client_config;
-}}
-
-namespace experimental { namespace websockets { namespace client {
-    class websocket_client_config;
-}}}
+namespace details
+{
+#if defined(_MS_WINDOWS) && !defined(__cplusplus_winrt)
+class win32_encryption
+{
+public:
+    win32_encryption() {}
+    _ASYNCRTIMP win32_encryption(const std::wstring &data);
+    _ASYNCRTIMP ~win32_encryption();
+    _ASYNCRTIMP std::wstring decrypt() const;
+private:
+    std::vector<char> m_buffer;
+    size_t m_numCharacters;
+};
+#endif
+}
 
 /// <summary>
-/// credentials represents a set of user credentials (username and password) to be used
-/// for the client and proxy authentication
+/// Represents a set of user credentials (user name and password) to be used
+/// for authentication.
 /// </summary>
 class credentials
 {
 public:
-    credentials(utility::string_t username, utility::string_t password) :
-        m_is_set(true),
+    /// <summary>
+    /// Constructs and empty set of credentials without a user name or password.
+    /// </summary>
+    credentials() {}
+
+    /// <summary>
+    /// Constructs credentials from given user name and password.
+    /// </summary>
+    /// <param name="username">User name as a string.</param>
+    /// <param name="password">Password as a string.</param>
+    credentials(utility::string_t username, const utility::string_t &password) :
         m_username(std::move(username)),
-        m_password(std::move(password))
+        m_password(password)
     {}
 
     /// <summary>
     /// The user name associated with the credentials.
     /// </summary>
-    /// <returns>A reference to the username string.</returns>
-    const utility::string_t& username() const { return m_username; }
+    /// <returns>A string containing the user name.</returns>
+    const utility::string_t &username() const { return m_username; }
 
     /// <summary>
     /// The password for the user name associated with the credentials.
     /// </summary>
-    /// <returns>A reference to the password string.</returns>
-    const utility::string_t& password() const { return m_password; }
+    /// <returns>A string containing the password.</returns>
+    utility::string_t password() const
+    {
+#if defined(_MS_WINDOWS) && !defined(__cplusplus_winrt)
+        return m_password.decrypt();
+#else
+        return m_password;
+#endif
+    }
 
     /// <summary>
     /// Checks if credentials have been set
     /// </summary>
-    /// <returns><c>true</c> if username and password is set, <c>false</c> otherwise.</returns>
-    bool is_set() const { return m_is_set; }
+    /// <returns><c>true</c> if user name and password is set, <c>false</c> otherwise.</returns>
+    bool is_set() const { return !m_username.empty(); }
 
 private:
-    friend class web::web_proxy;
-    friend class web::http::client::http_client_config;
-    friend class web::experimental::websockets::client::websocket_client_config;
-
-    credentials() : m_is_set(false) {}
-
-    bool m_is_set;
-    utility::string_t m_username;
-    utility::string_t m_password;
+    ::utility::string_t m_username;
+#if defined(_MS_WINDOWS) && !defined(__cplusplus_winrt)
+    ::web::details::win32_encryption m_password;
+#else
+    ::utility::string_t m_password;
+#endif
 };
 
 /// <summary>
@@ -160,7 +181,7 @@ class web_proxy
     bool is_specified() const { return m_mode == user_provided_; }
 
 private:
-    uri m_address;
+    web::uri m_address;
     web_proxy_mode_internal m_mode;
     web::credentials m_credentials;
 };

Release/src/CMakeLists.txt

@@ -8,6 +8,7 @@ if(UNIX)
     json/json_parsing.cpp
     json/json_serialization.cpp
     utilities/asyncrt_utils.cpp
+    utilities/web_utilities.cpp
     pplx/pplx.cpp
     pplx/threadpool.cpp
     uri/uri.cpp
@@ -46,6 +47,7 @@ elseif(WIN32)
     json/json_parsing.cpp
     json/json_serialization.cpp
     utilities/asyncrt_utils.cpp
+    utilities/web_utilities.cpp
     uri/uri.cpp
     uri/uri_builder.cpp
     uri/uri_parser.cpp

Release/src/build/sources.proj

@@ -182,6 +182,9 @@
     <ClCompile Include="$(CasablancaSrcDir)\utilities\asyncrt_utils.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="$(CasablancaSrcDir)\utilities\web_utilities.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
     <ClCompile Include="$(CasablancaSrcDir)\utilities\base64.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>

Release/src/http/client/http_win7.cpp

@@ -521,7 +521,7 @@ class winhttp_client : public _http_client_communicator
         // If credentials are specified, use autologon policy: WINHTTP_AUTOLOGON_SECURITY_LEVEL_HIGH
         //    => default credentials are not used.
         // Else, the default autologon policy WINHTTP_AUTOLOGON_SECURITY_LEVEL_MEDIUM will be used.
-        if ( !client_config().credentials().username().empty() )
+        if (!client_config().credentials().is_set())
         {
             DWORD data = WINHTTP_AUTOLOGON_SECURITY_LEVEL_HIGH;
 
@@ -674,17 +674,6 @@ class winhttp_client : public _http_client_communicator
         }
     }
 
-    static bool has_credentials(winhttp_request_context * p_request_context)
-    {
-        auto has_proxy_credentials = !p_request_context->m_http_client->client_config().proxy().credentials().username().empty() 
-            && !p_request_context->m_http_client->client_config().proxy().credentials().password().empty();
-
-        auto has_server_credentials = !p_request_context->m_http_client->client_config().credentials().username().empty() 
-            && !p_request_context->m_http_client->client_config().credentials().password().empty();
-
-        return has_proxy_credentials || has_server_credentials;
-    }
-
     // Helper function to query/read next part of response data from winhttp.
     static void read_next_response_chunk(winhttp_request_context *pContext, DWORD bytesRead, bool firstRead=false)
     {
@@ -865,7 +854,7 @@ class winhttp_client : public _http_client_communicator
         }
     }
 
-    // Returns true if we handle successfuly and resending the request
+    // Returns true if we handle successfully and resending the request
     // or false if we fail to handle.
     static bool handle_authentication_failure(
         HINTERNET hRequestHandle,
@@ -878,22 +867,12 @@ class winhttp_client : public _http_client_communicator
         _ASSERTE(response.status_code() == status_codes::Unauthorized  || response.status_code() == status_codes::ProxyAuthRequired
             || error == ERROR_WINHTTP_RESEND_REQUEST);
 
-        bool got_credentials = false;
-        BOOL results;
-        DWORD dwSupportedSchemes;
-        DWORD dwFirstScheme;
-        DWORD dwTarget = 0;
-        DWORD dwSelectedScheme = 0;
-        string_t username;
-        string_t password;
-
         // Check if the saved read position is valid
         auto rdpos = p_request_context->m_startingPosition;
         if (rdpos != static_cast<std::char_traits<uint8_t>::pos_type>(std::char_traits<uint8_t>::eof()))
         {
-            auto rbuf = p_request_context->_get_readbuffer();
-
             // Try to seek back to the saved read position
+            auto rbuf = p_request_context->_get_readbuffer();
             if (rbuf.seekpos(rdpos, std::ios::ios_base::in) != rdpos)
             {
                 return false;
@@ -904,66 +883,54 @@ class winhttp_client : public _http_client_communicator
         //  we cannot call WinHttpQueryAuthSchemes and WinHttpSetCredentials.
         if (error != ERROR_WINHTTP_RESEND_REQUEST)
         {
-            // The proxy requires authentication.  Sending credentials...
-            // Obtain the supported and preferred schemes.
-            results = WinHttpQueryAuthSchemes( hRequestHandle, 
-                &dwSupportedSchemes, 
-                &dwFirstScheme, 
-                &dwTarget );
+            DWORD dwSupportedSchemes;
+            DWORD dwFirstScheme;
+            DWORD dwSelectedScheme = 0;
+            DWORD dwAuthTarget;
+            credentials cred;
 
-            if (!results)
+            // Obtain the supported and preferred schemes.
+            if(!WinHttpQueryAuthSchemes(
+                hRequestHandle,
+                &dwSupportedSchemes,
+                &dwFirstScheme,
+                &dwAuthTarget)) 
             {
                 // This will return the authentication failure to the user, without reporting fatal errors
                 return false;
             }
 
-            dwSelectedScheme = ChooseAuthScheme( dwSupportedSchemes);
-            if( dwSelectedScheme == 0 )
+            dwSelectedScheme = ChooseAuthScheme(dwSupportedSchemes);
+            if(dwSelectedScheme == 0)
             {
                 // This will return the authentication failure to the user, without reporting fatal errors
                 return false;
             }
 
-            if(response.status_code() == status_codes::ProxyAuthRequired /*407*/ && !p_request_context->m_proxy_authentication_tried)
+            if (dwAuthTarget == WINHTTP_AUTH_TARGET_SERVER && !p_request_context->m_server_authentication_tried)
             {
-                // See if the credentials on the proxy were set. If not, there are no credentials to supply hence we cannot resend
-                web_proxy proxy = p_request_context->m_http_client->client_config().proxy();
-                // No need to check if proxy is disabled, because disabled proxies cannot have credentials set on them
-                credentials cred = proxy.credentials();
-                if(cred.is_set())
-                {
-                    username = cred.username();
-                    password = cred.password();
-                    dwTarget = WINHTTP_AUTH_TARGET_PROXY;
-                    got_credentials = !username.empty();
-                    p_request_context->m_proxy_authentication_tried = true;
-                }
+                cred = p_request_context->m_http_client->client_config().credentials();
+                p_request_context->m_server_authentication_tried = true;
             }
-            else if(response.status_code() == status_codes::Unauthorized /*401*/ && !p_request_context->m_server_authentication_tried)
+            else if (dwAuthTarget == WINHTTP_AUTH_TARGET_PROXY && !p_request_context->m_proxy_authentication_tried)
             {
-                username = p_request_context->m_http_client->client_config().credentials().username();
-                password = p_request_context->m_http_client->client_config().credentials().password();
-                dwTarget = WINHTTP_AUTH_TARGET_SERVER;
-                got_credentials = !username.empty();
-                p_request_context->m_server_authentication_tried = true;
+                cred = p_request_context->m_http_client->client_config().proxy().credentials();
+                p_request_context->m_proxy_authentication_tried = true;
             }
 
-            if(!got_credentials)
+            // No credentials found so can't resend.
+            if (!cred.is_set())
             {
-                // Either we cannot resend, or the user did not provide non-empty credentials.
-                // Return the authentication failure to the user.
                 return false;
             }
-
-            results = WinHttpSetCredentials( hRequestHandle,
-                dwTarget, 
+            if (!WinHttpSetCredentials(
+                hRequestHandle,
+                dwAuthTarget,
                 dwSelectedScheme,
-                username.c_str(),
-                password.c_str(),
-                nullptr );
-            if(!results)
+                cred.username().c_str(),
+                cred.password().c_str(),
+                nullptr))
             {
-                // This will return the authentication failure to the user, without reporting fatal errors
                 return false;
             }
         }