First
This commit is contained in:
16
.gitignore
vendored
Normal file
16
.gitignore
vendored
Normal file
@ -0,0 +1,16 @@
|
||||
# ---> Rust
|
||||
# Generated by Cargo
|
||||
# will have compiled files and executables
|
||||
debug/
|
||||
target/
|
||||
|
||||
# Remove Cargo.lock from gitignore if creating an executable, leave it for libraries
|
||||
# More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
|
||||
Cargo.lock
|
||||
|
||||
# These are backup files generated by rustfmt
|
||||
**/*.rs.bk
|
||||
|
||||
# MSVC Windows builds of rustc generate these, which store debugging information
|
||||
*.pdb
|
||||
|
||||
19
Cargo.toml
Normal file
19
Cargo.toml
Normal file
@ -0,0 +1,19 @@
|
||||
[package]
|
||||
name = "XWBSSOi"
|
||||
version = "0.0.1"
|
||||
edition = "2018"
|
||||
|
||||
[dependencies]
|
||||
windows-sys = { features = [
|
||||
"Win32_Foundation",
|
||||
"Win32_Security_Cryptography",
|
||||
"Win32_Security_Cryptography_UI",
|
||||
"Win32_System",
|
||||
"Win32_System_Registry",
|
||||
"Win32_System_SystemInformation",
|
||||
] }
|
||||
|
||||
[profile.release]
|
||||
codegen-units = 1
|
||||
lto = true
|
||||
strip = true
|
||||
9
LICENSE
Normal file
9
LICENSE
Normal file
@ -0,0 +1,9 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2023 Jiang Yio
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
164
src/common.rs
Normal file
164
src/common.rs
Normal file
@ -0,0 +1,164 @@
|
||||
use std::os::windows::ffi::OsStringExt;
|
||||
use windows_sys::Win32::Security::Cryptography;
|
||||
use windows_sys::Win32::System::Registry;
|
||||
|
||||
const DEFAULT_USER_AGENT: &str = "Borland SOAP 1.2";
|
||||
const DEFAULT_COMPUTER_NAME: &str = "localhost";
|
||||
const DEFAULT_APP_NAME: &str = "CPRSChart.exe";
|
||||
const DEFAULT_ISSUER: &str = "https://ssoi.sts.va.gov/Issuer/smtoken/SAML2";
|
||||
|
||||
#[derive(Debug)]
|
||||
pub struct SystemError { pub code: windows_sys::Win32::Foundation::WIN32_ERROR }
|
||||
impl std::fmt::Display for SystemError {
|
||||
fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
|
||||
write!(f, "System error: {:x}", self.code)
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug)]
|
||||
pub enum StringSystemError { String(std::string::FromUtf8Error), OsString(std::ffi::OsString), SystemError(SystemError) }
|
||||
|
||||
struct ManagedCertificateStore(pub Cryptography::HCERTSTORE);
|
||||
impl Drop for ManagedCertificateStore {
|
||||
fn drop(&mut self) {
|
||||
if self.0 != std::ptr::null_mut() { unsafe { Cryptography::CertCloseStore(self.0, 0); } }
|
||||
}
|
||||
}
|
||||
|
||||
fn get_registry_reg_sz(key: Registry::HKEY, subkey: windows_sys::core::PCWSTR, value: windows_sys::core::PCWSTR) -> Result<String, StringSystemError> {
|
||||
let mut bufsz: u32 = 0;
|
||||
unsafe { Registry::RegGetValueW(key, subkey, value, Registry::RRF_RT_REG_SZ, std::ptr::null_mut(), std::ptr::null_mut(), &mut bufsz); }
|
||||
loop {
|
||||
let mut buffer = vec![0 as u16; bufsz as usize >> 1];
|
||||
match unsafe { Registry::RegGetValueW(key, subkey, value, Registry::RRF_RT_REG_SZ, std::ptr::null_mut(), buffer.as_mut_ptr() as *mut std::ffi::c_void, &mut bufsz) } {
|
||||
windows_sys::Win32::Foundation::ERROR_MORE_DATA => continue,
|
||||
windows_sys::Win32::Foundation::ERROR_SUCCESS => return Ok(std::ffi::OsString::from_wide(&buffer[0 .. (bufsz as usize >> 1) - 1]).into_string().map_err(|err| StringSystemError::OsString(err))?),
|
||||
value => return Err(StringSystemError::SystemError(SystemError { code: value }))
|
||||
}
|
||||
}
|
||||
}
|
||||
pub fn get_registry_iam() -> String {
|
||||
get_registry_reg_sz(Registry::HKEY_LOCAL_MACHINE, windows_sys::w!("SOFTWARE\\Vista\\Common\\IAM"), std::ptr::null()).unwrap_or_else(|_| "https://services.eauth.va.gov:9301/STS/RequestSecurityToken".to_owned())
|
||||
}
|
||||
pub fn get_registry_iam_ad() -> String {
|
||||
get_registry_reg_sz(Registry::HKEY_LOCAL_MACHINE, windows_sys::w!("SOFTWARE\\Vista\\Common\\IAM_AD"), std::ptr::null()).unwrap_or_else(|_| "https://services.eauth.va.gov:9201/STS/RequestSecurityToken".to_owned())
|
||||
}
|
||||
pub fn get_registry_rioserver() -> String {
|
||||
get_registry_reg_sz(Registry::HKEY_LOCAL_MACHINE, windows_sys::w!("SOFTWARE\\Vista\\Common\\RIOSERVER"), std::ptr::null()).unwrap_or_else(|_| "SecurityTokenService".to_owned())
|
||||
}
|
||||
pub fn get_registry_rioport() -> String {
|
||||
get_registry_reg_sz(Registry::HKEY_LOCAL_MACHINE, windows_sys::w!("SOFTWARE\\Vista\\Common\\RIOPORT"), std::ptr::null()).unwrap_or_else(|_| "RequestSecurityToken".to_owned())
|
||||
}
|
||||
|
||||
pub fn get_iam_request(application: &str, issuer: &str) -> String {
|
||||
format!("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\
|
||||
<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:ns=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">\
|
||||
<soapenv:Header/>\
|
||||
<soapenv:Body>\
|
||||
<ns:RequestSecurityToken>\
|
||||
<ns:Base>\
|
||||
<wss:TLS xmlns:wss=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"/>\
|
||||
</ns:Base>\
|
||||
<wsp:AppliesTo xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\
|
||||
<wsa:EndpointReference xmlns:wsa=\"http://schemas.xmlsoap.org/ws/2004/08/addressing\">\
|
||||
<wsa:Address>{application}</wsa:Address>\
|
||||
</wsa:EndpointReference>\
|
||||
</wsp:AppliesTo>\
|
||||
<ns:Issuer>\
|
||||
<wsa:Address xmlns:wsa=\"http://schemas.xmlsoap.org/ws/2004/08/addressing\">{issuer}</wsa:Address>\
|
||||
</ns:Issuer>\
|
||||
<ns:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Validate</ns:RequestType>\
|
||||
</ns:RequestSecurityToken>\
|
||||
</soapenv:Body>\
|
||||
</soapenv:Envelope>")
|
||||
}
|
||||
|
||||
pub fn get_local_computer_name() -> Result<String, StringSystemError> {
|
||||
use windows_sys::Win32::System::SystemInformation;
|
||||
let mut bufsz: u32 = 0;
|
||||
unsafe { SystemInformation::GetComputerNameExW(SystemInformation::ComputerNameDnsFullyQualified, std::ptr::null_mut() as windows_sys::core::PWSTR, &mut bufsz); }
|
||||
let mut buffer = vec![0 as u16; bufsz as usize];
|
||||
match unsafe { SystemInformation::GetComputerNameExW(SystemInformation::ComputerNameDnsFullyQualified, buffer.as_mut_ptr() as windows_sys::core::PWSTR, &mut bufsz) } {
|
||||
0 => unsafe { Err(StringSystemError::SystemError(SystemError { code: windows_sys::Win32::Foundation::GetLastError() })) },
|
||||
_ => std::ffi::OsString::from_wide(&buffer[0 .. bufsz as usize]).into_string().map_err(|err| StringSystemError::OsString(err))
|
||||
}
|
||||
}
|
||||
|
||||
pub fn get_app_name() -> Option<String> {
|
||||
std::env::current_exe().ok()?.file_name()?.to_str()?.to_owned().into()
|
||||
}
|
||||
|
||||
pub fn get_vista_certificate(show_cert_dialog: bool) -> Result<*const Cryptography::CERT_CONTEXT, StringSystemError> {
|
||||
let void_p_null = std::ptr::null_mut();
|
||||
unsafe {
|
||||
let store_system = ManagedCertificateStore(Cryptography::CertOpenSystemStoreW(0, windows_sys::w!("MY")));
|
||||
let store_memory = ManagedCertificateStore(Cryptography::CertOpenStore(Cryptography::CERT_STORE_PROV_MEMORY, 0, 0, 0, void_p_null));
|
||||
let mut cert_selection = void_p_null as *const Cryptography::CERT_CONTEXT;
|
||||
let mut cert_iter = void_p_null as *const Cryptography::CERT_CONTEXT;
|
||||
while { cert_iter = Cryptography::CertEnumCertificatesInStore(store_system.0, cert_iter); cert_iter } != void_p_null as *const Cryptography::CERT_CONTEXT {
|
||||
let mut cert_valid = Cryptography::CertFindCertificateInStore(store_system.0, Cryptography::X509_ASN_ENCODING | Cryptography::PKCS_7_ASN_ENCODING, 0, Cryptography::CERT_FIND_ANY, void_p_null, void_p_null as *const Cryptography::CERT_CONTEXT);
|
||||
if cert_valid != void_p_null as *mut Cryptography::CERT_CONTEXT {
|
||||
let name_bufsz = Cryptography::CertGetNameStringW(cert_iter, Cryptography::CERT_NAME_FRIENDLY_DISPLAY_TYPE, 0, void_p_null, void_p_null as windows_sys::core::PWSTR, 0);
|
||||
let mut name_buffer = vec![0 as u16; name_bufsz as usize];
|
||||
Cryptography::CertGetNameStringW(cert_iter, Cryptography::CERT_NAME_FRIENDLY_DISPLAY_TYPE, 0, void_p_null, name_buffer.as_mut_ptr() as windows_sys::core::PWSTR, name_bufsz);
|
||||
let name_string = std::ffi::OsString::from_wide(&name_buffer[0 .. name_bufsz as usize - 1]).into_string().map_err(|err| StringSystemError::OsString(err))?;
|
||||
let mut key_usage_bits: u8 = 0;
|
||||
Cryptography::CertGetIntendedKeyUsage(Cryptography::X509_ASN_ENCODING | Cryptography::PKCS_7_ASN_ENCODING, (*cert_iter).pCertInfo, &mut key_usage_bits, std::mem::size_of_val(&key_usage_bits) as u32);
|
||||
let valid_date = Cryptography::CertVerifyTimeValidity(void_p_null as *const windows_sys::Win32::Foundation::FILETIME, (*cert_iter).pCertInfo);
|
||||
if ((key_usage_bits as u32 & Cryptography::CERT_DIGITAL_SIGNATURE_KEY_USAGE) == Cryptography::CERT_DIGITAL_SIGNATURE_KEY_USAGE) && (valid_date == 0) && (!name_string.contains("Card Authentication")) && (!name_string.contains("0,")) && (!name_string.contains("Signature")) {
|
||||
Cryptography::CertAddCertificateContextToStore(store_memory.0, cert_iter, Cryptography::CERT_STORE_ADD_ALWAYS, &mut cert_valid);
|
||||
cert_selection = cert_valid;
|
||||
}
|
||||
}
|
||||
}
|
||||
//Cryptography::CertCloseStore(store_system.0, 0);
|
||||
if show_cert_dialog {
|
||||
cert_selection = Cryptography::UI::CryptUIDlgSelectCertificateFromStore(store_memory.0, 0, windows_sys::w!("VistA Logon - Certificate Selection"), windows_sys::w!("Select a certificate for VistA authentication"), 0, 0, void_p_null);
|
||||
}
|
||||
//Cryptography::CertCloseStore(store_memory.0, 0);
|
||||
if cert_selection != void_p_null as *const Cryptography::CERT_CONTEXT { Ok(cert_selection) } else { Err(StringSystemError::SystemError(SystemError { code: windows_sys::Win32::Foundation::ERROR_REQUEST_REFUSED })) }
|
||||
}
|
||||
}
|
||||
|
||||
pub fn get_certificate_thumbprint(certificate: *const Cryptography::CERT_CONTEXT) -> String {
|
||||
let mut bufsz: u32 = 0;
|
||||
unsafe { Cryptography::CertGetCertificateContextProperty(certificate, Cryptography::CERT_HASH_PROP_ID, std::ptr::null_mut(), &mut bufsz); }
|
||||
let mut buffer = vec![0 as u8; bufsz as usize];
|
||||
unsafe { Cryptography::CertGetCertificateContextProperty(certificate, Cryptography::CERT_HASH_PROP_ID, buffer.as_mut_ptr() as *mut std::ffi::c_void, &mut bufsz); }
|
||||
buffer.iter().map(|b| format!("{:02x}", b)).collect::<Vec<String>>().join("")
|
||||
}
|
||||
|
||||
pub struct TokenConfig {
|
||||
pub iam: String,
|
||||
pub ua: String,
|
||||
pub certificate: String,
|
||||
pub issuer: String,
|
||||
pub hostname: String,
|
||||
pub application: String,
|
||||
}
|
||||
|
||||
impl Default for TokenConfig {
|
||||
fn default() -> Self {
|
||||
Self {
|
||||
iam: String::new(),
|
||||
ua: String::new(),
|
||||
certificate: String::new(),
|
||||
issuer: String::new(),
|
||||
hostname: String::new(),
|
||||
application: String::new(),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
pub fn get_sso_token(config: TokenConfig) -> Result<String, StringSystemError> {
|
||||
let config_certificate = match config.certificate.as_str() { "" => get_certificate_thumbprint(get_vista_certificate(true)?), _ => config.certificate };
|
||||
let config_hostname = match config.hostname.as_str() { "" => get_local_computer_name().unwrap_or_else(|_| DEFAULT_COMPUTER_NAME.to_owned()), _ => config.hostname };
|
||||
let config_application = match config.application.as_str() { "" => get_app_name().unwrap_or_else(|| DEFAULT_APP_NAME.to_owned()), _ => config.application };
|
||||
let mut req = std::process::Command::new("curl");
|
||||
req.arg("-fsSL").arg("-X").arg("POST").arg(match config.iam.as_str() { "" => get_registry_iam(), _ => config.iam })
|
||||
.arg("--ca-native").arg("--cert").arg(format!("CurrentUser\\MY\\{config_certificate}"))
|
||||
.arg("-A").arg(match config.ua.as_str() { "" => DEFAULT_USER_AGENT, v => v })
|
||||
.arg("-H").arg("Content-Type: application/xml").arg("-H").arg("Accept: application/xml")
|
||||
.arg("-d").arg(get_iam_request(format!("https://{config_hostname}/Delphi_RPC_Broker/{config_application}").as_str(), match config.issuer.as_str() { "" => DEFAULT_ISSUER, v => v }));
|
||||
String::from_utf8(req.stdin(std::process::Stdio::null()).stdout(std::process::Stdio::piped()).stderr(std::process::Stdio::inherit()).output().unwrap().stdout).map_err(|err| StringSystemError::String(err))
|
||||
}
|
||||
2
src/lib.rs
Normal file
2
src/lib.rs
Normal file
@ -0,0 +1,2 @@
|
||||
mod common;
|
||||
pub use common::*;
|
||||
10
src/main.rs
Normal file
10
src/main.rs
Normal file
@ -0,0 +1,10 @@
|
||||
mod common;
|
||||
|
||||
fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||
match common::get_sso_token(common::TokenConfig::default()) {
|
||||
Ok(value) => println!("{:?}", value),
|
||||
Err(common::StringSystemError::SystemError(common::SystemError { code })) => { std::process::exit(code as i32) },
|
||||
_ => { std::process::exit(1) }
|
||||
};
|
||||
Ok(())
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user