/*++

Copyright (c) 1996  Microsoft Corporation

Module Name:

    certcach.hxx

Abstract:

    Contains class definition for certificate cache object.
    The class acts a container for common certificates.

    Contents:
        SECURITY_CACHE_LIST
        SECURITY_CACHE_LIST_ENTRY

Author:

    Arthur L Bierer (arthurbi) 20-Apr-1996

Revision History:

    20-Apr-1996 arthurbi
        Created

--*/


//
// SECURITY_INFO_LIST_ENTRY - contains all security info
// pertaining to all connections to a server.
//

class SECURITY_CACHE_LIST_ENTRY {

friend class SECURITY_CACHE_LIST;

private:

    //
    // _List - Generic List entry structure.
    //

    LIST_ENTRY _List;

    //
    // _cRef - Reference count for this element.
    //

    LONG _cRef;

    //
    // _CertInfo - Certificate and other security
    //             attributes for the connection to
    //             this machine.
    //

    INTERNET_SECURITY_INFO _CertInfo;

    //
    // _dwSecurityFlags - Overrides for warnings.
    //

    DWORD    _dwSecurityFlags;

    //
    // _dwStatusFlags - Tracker for all secure connection failure flags.
    //

    DWORD    _dwStatusFlags;

    //
    // _ServerName - The name of the server
    //

    ICSTRING _ServerName;

    //
    // _pCertChainList - If there is Client Authentication do be done with this server,
    //          then we'll cache it and remeber it later.
    //

    CERT_CONTEXT_ARRAY  *_pCertContextArray;

    //
    // _fInCache - indicates this element is held by the cache
    //

    BOOL _fInCache;

#if INET_DEBUG
    DWORD m_Signature;
#endif

public:

    LONG AddRef(VOID);
    LONG Release(VOID);

    //
    // Cleans up object, so it can be reused
    //

    BOOL InCache() { return _fInCache; }

    VOID
    Clear();

    SECURITY_CACHE_LIST_ENTRY(
        IN LPSTR lpszHostName
        );

    ~SECURITY_CACHE_LIST_ENTRY();

    //
    // Copy CERT_INFO IN Method -
    //  copies a structure into our object.
    //

    SECURITY_CACHE_LIST_ENTRY& operator=(LPINTERNET_SECURITY_INFO Cert)
    {

        if(_CertInfo.pCertificate)
        {
            WRAP_REVERT_USER_VOID(CertFreeCertificateContext,
                                  (_CertInfo.pCertificate));
        }
        _CertInfo.dwSize =                 sizeof(_CertInfo);
        WRAP_REVERT_USER(CertDuplicateCertificateContext,
                         (Cert->pCertificate),
                         _CertInfo.pCertificate);
        _CertInfo.dwProtocol  =            Cert->dwProtocol;

        _CertInfo.aiCipher =               Cert->aiCipher;
        _CertInfo.dwCipherStrength =       Cert->dwCipherStrength;
        _CertInfo.aiHash =                 Cert->aiHash;
        _CertInfo.dwHashStrength =         Cert->dwHashStrength;
        _CertInfo.aiExch =                 Cert->aiExch;
        _CertInfo.dwExchStrength =         Cert->dwExchStrength;

        return *this;
    }

    //
    // Copy CERT_INFO OUT Method -
    //  need to copy ourselves out.
    //

    VOID
    CopyOut(INTERNET_SECURITY_INFO &Cert)
    {
        Cert.dwSize =                 sizeof(Cert);
        WRAP_REVERT_USER(CertDuplicateCertificateContext,
                         (_CertInfo.pCertificate),
                         Cert.pCertificate);
        Cert.dwProtocol  =            _CertInfo.dwProtocol;

        Cert.aiCipher =               _CertInfo.aiCipher;
        Cert.dwCipherStrength =       _CertInfo.dwCipherStrength;
        Cert.aiHash =                 _CertInfo.aiHash;
        Cert.dwHashStrength =         _CertInfo.dwHashStrength;
        Cert.aiExch =                 _CertInfo.aiExch;
        Cert.dwExchStrength =         _CertInfo.dwExchStrength;
    }

    //
    // Sets and Gets the Client Authentication CertChain -
    //  we piggy back this pointer into the cache so we can cache
    //  previously generated and selected client auth certs.
    //

    VOID SetCertContextArray(CERT_CONTEXT_ARRAY *pCertContextArray) {
        if (_pCertContextArray) {
            delete _pCertContextArray;
        }
        _pCertContextArray = pCertContextArray;
    }

    CERT_CONTEXT_ARRAY * GetCertContextArray() {
        return _pCertContextArray;
    }

    DWORD GetSecureFlags() {
        return _dwSecurityFlags;
    }

    VOID SetSecureFlags(DWORD dwFlags) {
        _dwSecurityFlags |= dwFlags;
    }

    VOID ClearSecureFlags(DWORD dwFlags) {
        _dwSecurityFlags &= (~dwFlags);
    }

    DWORD GetStatusFlags(VOID)
    {
    	return _dwStatusFlags;
    }

    VOID SetStatusFlags(DWORD dwFlags)
    {
    	_dwStatusFlags |= dwFlags;
    }

    VOID ClearStatusFlags(DWORD dwFlags)
    {
    	_dwStatusFlags &= (~dwFlags);
    }

};



class SECURITY_CACHE_LIST {

private:

    //
    // _List - serialized list of SECURITY_CACHE_LIST_ENTRY objects
    //

    SERIALIZED_LIST _List;

#if INET_DEBUG
    DWORD m_Signature;
#endif

public:

    SECURITY_CACHE_LIST_ENTRY *
    Find(
        IN LPSTR lpszHostname
        );

    VOID Initialize(VOID) {
        InitializeSerializedList(&_List);
#if INET_DEBUG
        m_Signature = 0x4c436553;   // "SeCL"
#endif
    }

    VOID Terminate(VOID) {

        DEBUG_ENTER((DBG_OBJECTS,
                     None,
                     "SECURITY_CACHE_LIST::Terminate",
                     "{%#x}",
                     this
                     ));

        ClearList();

        TerminateSerializedList(&_List);

        DEBUG_LEAVE(0);
    }

    VOID
    ClearList(
        VOID
        );

    DWORD
    Add(
        IN SECURITY_CACHE_LIST_ENTRY * entry
        );

#if 0

    BOOL
    IsCertInCache(
        IN LPSTR lpszHostname
        )
    {
        SECURITY_CACHE_LIST_ENTRY *entry =
               Find(lpszHostname);

        if ( entry )
            return TRUE;

        return FALSE;
    }
#endif

};