Saphe Implementation - SaphePlugin.h
/**
 *
 * This is the actual plugin implementation.
 * It inherits from the general-purpose nsPluginInstanceBase class which was 
 * written by Mozilla.
 *
 * The plugin consists from a class intance which handles functionality, and
 * a dialog box which interacts with the user.
 *
 * Only one plugin instance is allowed per Firefox 'tab' - this is enforced by
 * using a static map from HWND to plugin instance pointer, and is important to
 * ensure that only a single instance is created per web page.
 *
 * Currently - only a Windows version exists (tested on Windows XP SP2).
 *
 * Copyright (C) 2007-2008
 * Uri Sternfeld (saphesolution@yahoo.com)
 * All Rights Reserved
 *
 * Written by Uri Sternfeld
 * Last modified: 24/1/2008
 *
 **/
 
#ifndef __SAPHEPLUGIN_H__
#define __SAPHEPLUGIN_H__
 
#include <windows.h>
 
#include <map>
using namespace std;
 
#include "pluginbase.h"
#include "SapheData.h"
#include "CryptoStuff.h"
#include "hexlify.h"
 
// Messages that can be sent to the dialog box from the plugin instance.
// WM_APP is indicates the start of the 'private messages' part of the message ID range
static const DWORD WM_GET_IP = WM_APP + 1;
static const DWORD WM_GOT_IP = WM_GET_IP + 1;
static const DWORD WM_GOT_ENCRYPTED_DATA = WM_GOT_IP + 1;
 
class nsSaphePluginInstance : public nsPluginInstanceBase
{
public:        
 
    //////
    // Functions inherited from nsPluginInstanceBase
    //////
 
    /**
     * ctor
     **/
    nsSaphePluginInstance(NPP aInstance);
    /**
     * dtor
     **/
    ~nsSaphePluginInstance();
 
    /**
     * Initializes an instance (after construction) and creates the dialog box.
     **/
    NPBool init(NPWindow* aWindow);
 
    /**
     * Shuts down an instance (before deletion)
     **/
    void shut();
 
    /**
     * Was the instance initialized properly?
     **/
    NPBool isInitialized();    
 
    //////
    // Implementation of the base class Netscape methods.
    // See Gecko SDK API documentation: 
    //    http://developer.mozilla.org/en/docs/Gecko_Plugin_API_Reference
    //////
 
    /**
     * This function is called by the browser when a requested resourse is retrieved.
     * Initializes the buffer of the stream info struct passed by the requester.
     * (will not handle streams unless a stream info struct exists).
     *
     * See http://developer.mozilla.org/en/docs/NPP_NewStream
     **/
    virtual NPError NewStream(NPMIMEType type, NPStream* stream, NPBool seekable, uint16* stype);
 
    /**
     * This function is called by the browser when the retrieval is complete.
     * Does nothing (URLNotify will release the stream info buffer).
     *
     * See http://developer.mozilla.org/en/docs/NPP_DestroyStream
     **/
    virtual NPError DestroyStream(NPStream *stream, NPError reason);
 
    /**
     * This function is called by the browser before passing data to the plugin.
     * Returns max possible size.
     *
     * see http://developer.mozilla.org/en/docs/NPP_WriteReady
     **/
 
    virtual int32 WriteReady(NPStream *stream);
    /**
     * This function is called by the browser to pass recieved data to the plugin.
     * Copies the new data to the stream info buffer, re-allocating the buffer
     * as needed.
     * (will not handle streams unless a stream info struct exists).
     *
     * see http://developer.mozilla.org/en/docs/NPP_Write
     **/
    virtual int32 Write(NPStream *stream, int32 offset, int32 len, void *buffer);    
 
    /**
     * This function is called by the browser when a request-response transaction
     * is complete (the plugin requests a resource, the browser attempts to retrieve
     * it). The function is called even if the browser failed to retrieve the data.
     *
     * Handles the response according to the ID of the stream info created during
     * the request (either IP discovery or SapheData request).
     *
     * see http://developer.mozilla.org/en/docs/NPP_URLNotify
     **/
    virtual void URLNotify(const char* url, NPReason reason, void* notifyData);    
 
    //////
    // New functions of SaphePlugin
    //////
 
    /**
     *
     * Returns: 
     *    the NPP instance of the plugin (this is the general 'Mozilla instance')
     **/
    NPP GetNPPInstance() { return mInstance; }
 
    /** 
     *
     * Stores the URL for the Saphe data requests read from the original resource
     * that caused the plugin to initialize.
     *
     * In:
     *    url - the target URL for the initial Saphe exchange
     * Returns:
     *    nothing
     **/ 
    void SetSapheURL(const char* url);
 
    /**
     *
     * Returns:
     *    the Saphe URL for the initial Saphe exchange
     **/
    const char* GetSapheURL() { return mSapheURL; }        
 
    /** 
     *
     * Returns:
     *    the HWND handle of the dialog box
     **/
    HWND GetDialogHandle() { return mhDialog; }
 
    /**
     *
     * Returns: 
     *    the client's real IP address as a little-endian dword, or NULL if the 
     *    real IP was not yet discovered
     **/
    unsigned long GetRealIP() { return mlClientRealIP; }
 
    /**
     *
     * Sends the client's IP address and the requested URL to the given
     * report_url in a POST message.
     * The url is NOT verified to be safe.
     * Note that any responses to this HTTP message will not be handled
     * by the plugin, as there is no StreamInfo struct passed to the browser 
     * (because NPN_PostURL is used instead of NPN_PostURLNotify).
     *
     * In:
     *    report_url - the URL to send the report to
     * Returns:
     *    nothing
     **/
    void ReportPhishingAttemptToServer(const char* report_url);
 
    /**
     *
     * Sends a standard HTTP GET request to the currently used IP whois server.
     * A new stream-info struct is created to be used by the stream-handling
     * functions of the plugin.
     *
     * Returns:
     *    nothing
     **/ 
    void AskForRealIP();
 
    /**
     *
     * Sends a HTTP POST message to the server containing the user name and a 
     * randomly generated client challenge.
     * A new stream-info struct is created to be used by the stream-handling
     * functions of the plugin. This struct contains the user name, password and
     * client challenge.
     * Note that the password is NOT sent to the server.
     *
     * In:
     *    user_name - the entered user name
     *    password - the entered password
     * Returns:
     *    nothing
     **/
    void AskForSapheData(const char user_name[EDIT_BOX_MAX_SIZE], 
                         const char password[EDIT_BOX_MAX_SIZE]);
 
    // A global handle to the default cryptographic service provider
    static HCRYPTPROV crypt_prov;
    // The critical section is used to access the instances map
    static CRITICAL_SECTION critical_section;
    // This static map holds all the the HWND handles of all the parents
    // that created a plugin instance in this browser.
    // This allows for a single plugin instance only to be created per parent.
    // If multiple Saphe tags are embedded in a web page, only the first one
    // will be used.
    static map<HWND, nsSaphePluginInstance*> current_instances;
 
private:            
 
    /**
     *
     * Attempts to parse the returned HTML data to extract the client IP address.
     * It calls ExtractIPAddress and sets mlClientRealIP if the IP was
     * successfully extracted.
     *
     * In:
     *    url - the URL from which the IP was requested
     *    reason - the browser's return code for the resource retrieval
     *    stream_info - the StreamInfo identifying the stream, which contains the
     *        input buffer of the raw HTML data returned from the server
     * Returns:
     *    nothing
     **/
    void HandleRealIPResponse(const char* url, NPReason reason, StreamInfo* stream_info);
 
    /**
     *
     * Parses and decrypts the SapheData part from the server, and sends the appropriate
     * message to the dialog box.
     * Note that if the SapheData is verified, a POST request is sent to the server
     * containing the user name and password, instructing the browser to handle
     * the response by itself, which will cause the user to login and the plugin
     * to be destroyed.
     *
     * In:
     *    reason - the browser's return code for the resource retrieval
     *    stream_info - the StreamInfo identifying the stream, which contains the
     *        input buffer of the hex-string SapheData. In addition, it contains the
     *        user name, password and client challenge which will be used to derive
     *        the encryption key and send a login request to the server
     * Returns:
     *    nothing
     **/
    void HandleSapheDataResponse(NPReason reason, StreamInfoSapheEncryptedPart* saphe_info);
 
    NPP mInstance;                // The plugin instance
    NPBool mInitialized;        // Is the plugin intialized?
    HWND mhParent;                // The parent of the instance
    HWND mhDialog;                // The dialog box of the instance
    HWND mhDialogProgressBar;    // The progress bar in the dialog
    char mSapheURL[MAX_URL_SIZE+1];    // The URL to request Saphe data from
    unsigned long mlClientRealIP;    // The real IP of the client    
};
 
#endif // __SAPHEPLUGIN_H__

Back to SaphePlugin implementation

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License