windows-server-2003/inetcore/winhttp/v5.1/inc/cliauth.hxx

#ifdef INET_DEBUG
#define CERT_CONTEXT_ARRAY_ALLOC_UNIT 1 // made small for testing
#else
// now always small since enum chains are no longer built
#define CERT_CONTEXT_ARRAY_ALLOC_UNIT 1
#endif

#define ClearCreds(CredHandle) \
            CredHandle.dwLower = CredHandle.dwUpper = 0

#define IsCredClear(CredHandle) \
            (( CredHandle.dwLower == 0 && CredHandle.dwUpper == 0 ) ? TRUE : FALSE )


typedef BOOL
(WINAPI *CERT_FREE_CERTIFICATE_CONTEXT_FN)
(IN PCCERT_CONTEXT pCertContext
);

typedef PCCERT_CONTEXT
(WINAPI *CERT_DUPLICATE_CERTIFICATE_CONTEXT_FN)
(IN PCCERT_CONTEXT pCertContext
);

extern CERT_DUPLICATE_CERTIFICATE_CONTEXT_FN  g_pfnCertDuplicateCertificateContext;
extern CERT_FREE_CERTIFICATE_CONTEXT_FN       g_pfnCertFreeCertificateContext;


class CERT_CONTEXT_ARRAY
{

private:

    //
    // number of cert chains in array
    //

    DWORD           _cCertContexts;

    //
    // number of slots allocated in array
    //

    DWORD           _cAlloced;

    //
    // array of Cert Context pointers
    //

    PCCERT_CONTEXT*   _ppCertContexts;

    //
    // Index of Cert Chain, selected to be used by user.
    //

    INT             _iSelected;

    //
    // Not Equal to ERROR_SUCCESS upon error at intialization.
    //

    DWORD           _error;

    // Critical section to guard the Cred Handle
    CCritSec _cs ; 

    // Cred Handle created for the selected cert context which we should re-use
    // to prevent multiple prompts to the user.
    CredHandle _hCreds;

    //
    // Determines whether impersonation should be reverted for SSL handling.
    //
    BOOL _fNoRevert;


public:

    CERT_CONTEXT_ARRAY(BOOL fNoRevert);
    ~CERT_CONTEXT_ARRAY();

    void Reset (void);

    DWORD
    AddCertContext(
        PCCERT_CONTEXT    pCertContext
        )
    {
        DWORD error = ERROR_SUCCESS;
        INET_ASSERT(pCertContext);

        //
        // If the Array is already full, Realloc
        //

        if ( _cAlloced <= _cCertContexts )
        {
            INET_ASSERT(_cAlloced == _cCertContexts);

			PCCERT_CONTEXT* pNew = (PCCERT_CONTEXT *)
                        REALLOCATE_MEMORY(_ppCertContexts,
                                      (sizeof(PCERT_CONTEXT)*
                                        (CERT_CONTEXT_ARRAY_ALLOC_UNIT+_cAlloced))
                                      );

            _cAlloced += CERT_CONTEXT_ARRAY_ALLOC_UNIT;

            if ( pNew == NULL )
            {
                error = GetLastError();
				FREE_MEMORY(_ppCertContexts);
				_ppCertContexts = NULL;
                goto quit;
            }
			else
				_ppCertContexts = pNew;
        }

        //
        // Store new Pointer into array
        //
        PCCERT_CONTEXT pNewCertContext;
        WRAP_REVERT_USER((*g_pfnCertDuplicateCertificateContext),
                         _fNoRevert,
                         (pCertContext),
                         pNewCertContext);

        if (pNewCertContext == NULL)
        {
            error = GetLastError();
            goto quit;
        }

        _ppCertContexts[_cCertContexts] = pNewCertContext;

        _cCertContexts++;

    quit:

        return error;
    }


    VOID
    SelectCertContext(
        INT index
        )
    {
        INET_ASSERT((index >= 0 && index < (INT) _cCertContexts) || index == -1);

        _iSelected = index;
    }


    PCCERT_CONTEXT
    GetCertContext(
        DWORD dwIndex
        )
    {

        INET_ASSERT(dwIndex < _cCertContexts);
        return _ppCertContexts[dwIndex];
    }

    PCCERT_CONTEXT
    GetSelectedCertContext(
        VOID
        )
    {
        INET_ASSERT(_iSelected >= 0 || _iSelected == -1);

        if ( _iSelected == -1 )
            return NULL;

        return GetCertContext((DWORD) _iSelected);
    }


    DWORD
    GetError(
        VOID
        )
    {
        return _error;
    }

    DWORD
    GetArraySize(
        VOID
        )
    {
        return _cCertContexts;
    }

    BOOL 
    LockCredHandle( )
    {
        if (_cs.IsInitialized())
            return _cs.Lock();
        else
            // try initializing again
            return (_cs.Init() && _cs.Lock());
    }

    VOID 
    UnlockCredHandle( )
    {
        _cs.Unlock();
    }

    CredHandle 
    GetCredHandle( )
    {
        return _hCreds;
    }

    VOID 
    SetCredHandle(CredHandle hCreds )
    {
        _hCreds = hCreds;
    }
};


typedef HRESULT
(WINAPI * WIN_VERIFY_TRUST_FN)
(   
    IN OPTIONAL HWND hwnd,
    IN          GUID *pgActionID,
    IN          WINTRUST_DATA *pWinTrustData
);

typedef CRYPT_PROVIDER_DATA * (WINAPI * WT_HELPER_PROV_DATA_FROM_STATE_DATA_FN)
(
    IN HANDLE hStateData
);


#define WIN_VERIFY_TRUST_NAME       TEXT("WinVerifyTrust")
#define WT_HELPER_PROV_DATA_FROM_STATE_DATA_NAME TEXT("WTHelperProvDataFromStateData")

#define ADVAPI_DLLNAME              TEXT("advapi32.dll")
#define WINTRUST_DLLNAME            TEXT("wintrust.dll")
#define SOFTPUB_DLLNAME             TEXT("softpub.dll")

#define SP_REG_KEY_SCHANNEL_BASE    TEXT("System\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL")
#define SP_REG_WINTRUST             TEXT("Wintrust")
#define CLIENT_AUTH_TYPE            L"ClientAuth"
#define CHAIN_BUFFER_SIZE           32768
#define ISSUER_SIZE_FIELD_SIZE      2

DWORD
CliAuthSelectCredential(
    IN PCtxtHandle       phContext,
    IN LPTSTR            pszPackageName,
    IN CERT_CONTEXT_ARRAY  *pCertContextArray,
    OUT PCredHandle      phCredential,
    IN LPDWORD           pdwStatus,
    IN DWORD             dwSecureProtocols,
    IN BOOL              fNoRevert);