// Licensed under the Apache License, Version 2.0
// <LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
// All files in the project carrying such notice may not be copied, modified, or distributed
// except according to those terms.
//! Public Definitions for SCHANNEL Security Provider
use shared::guiddef::GUID;
use shared::minwindef::{BYTE, DWORD, PBYTE, WORD};
use shared::windef::HWND;
use um::wincrypt::{ALG_ID, HCERTSTORE, HCRYPTPROV, PCCERT_CONTEXT, PCERT_NAME_BLOB};
use um::winnt::{HRESULT, LPWSTR, PVOID, WCHAR};
pub const UNISP_NAME: &'static str = "Microsoft Unified Security Protocol Provider";
pub const SSL2SP_NAME: &'static str = "Microsoft SSL 2.0";
pub const SSL3SP_NAME: &'static str = "Microsoft SSL 3.0";
pub const TLS1SP_NAME: &'static str = "Microsoft TLS 1.0";
pub const PCT1SP_NAME: &'static str = "Microsoft PCT 1.0";
pub const SCHANNEL_NAME: &'static str = "Schannel";
ENUM!{enum eTlsSignatureAlgorithm {
    TlsSignatureAlgorithm_Anonymous = 0,
    TlsSignatureAlgorithm_Rsa = 1,
    TlsSignatureAlgorithm_Dsa = 2,
    TlsSignatureAlgorithm_Ecdsa = 3,
}}
ENUM!{enum eTlsHashAlgorithm {
    TlsHashAlgorithm_None = 0,
    TlsHashAlgorithm_Md5 = 1,
    TlsHashAlgorithm_Sha1 = 2,
    TlsHashAlgorithm_Sha224 = 3,
    TlsHashAlgorithm_Sha256 = 4,
    TlsHashAlgorithm_Sha384 = 5,
    TlsHashAlgorithm_Sha512 = 6,
}}
pub const UNISP_RPC_ID: DWORD = 14;
STRUCT!{struct SecPkgContext_RemoteCredentialInfo {
    cbCertificateChain: DWORD,
    pbCertificateChain: PBYTE,
    cCertificates: DWORD,
    fFlags: DWORD,
    dwBits: DWORD,
}}
pub type PSecPkgContext_RemoteCredentialInfo = *mut SecPkgContext_RemoteCredentialInfo;
pub type SecPkgContext_RemoteCredenitalInfo = SecPkgContext_RemoteCredentialInfo;
pub type PSecPkgContext_RemoteCredenitalInfo = *mut SecPkgContext_RemoteCredentialInfo;
pub const RCRED_STATUS_NOCRED: DWORD = 0x00000000;
pub const RCRED_CRED_EXISTS: DWORD = 0x00000001;
pub const RCRED_STATUS_UNKNOWN_ISSUER: DWORD = 0x00000002;
STRUCT!{struct SecPkgContext_LocalCredentialInfo {
    cbCertificateChain: DWORD,
    pbCertificateChain: PBYTE,
    cCertificates: DWORD,
    fFlags: DWORD,
    dwBits: DWORD,
}}
pub type PSecPkgContext_LocalCredentialInfo = *mut SecPkgContext_LocalCredentialInfo;
pub type SecPkgContext_LocalCredenitalInfo = SecPkgContext_LocalCredentialInfo;
pub type PSecPkgContext_LocalCredenitalInfo = *mut SecPkgContext_LocalCredentialInfo;
pub const LCRED_STATUS_NOCRED: DWORD = 0x00000000;
pub const LCRED_CRED_EXISTS: DWORD = 0x00000001;
pub const LCRED_STATUS_UNKNOWN_ISSUER: DWORD = 0x00000002;
STRUCT!{struct SecPkgContext_ClientCertPolicyResult {
    dwPolicyResult: HRESULT,
    guidPolicyId: GUID,
}}
pub type PSecPkgContext_ClientCertPolicyResult = *mut SecPkgContext_ClientCertPolicyResult;
STRUCT!{struct SecPkgContext_IssuerListInfoEx {
    aIssuers: PCERT_NAME_BLOB,
    cIssuers: DWORD,
}}
pub type PSecPkgContext_IssuerListInfoEx = *mut SecPkgContext_IssuerListInfoEx;
STRUCT!{struct SecPkgContext_ConnectionInfo {
    dwProtocol: DWORD,
    aiCipher: ALG_ID,
    dwCipherStrength: DWORD,
    aiHash: ALG_ID,
    dwHashStrength: DWORD,
    aiExch: ALG_ID,
    dwExchStrength: DWORD,
}}
pub type PSecPkgContext_ConnectionInfo = *mut SecPkgContext_ConnectionInfo;
pub const SZ_ALG_MAX_SIZE: usize = 64;
pub const SECPKGCONTEXT_CIPHERINFO_V1: DWORD = 1;
STRUCT!{struct SecPkgContext_CipherInfo {
    dwVersion: DWORD,
    dwProtocol: DWORD,
    dwCipherSuite: DWORD,
    dwBaseCipherSuite: DWORD,
    szCipherSuite: [WCHAR; SZ_ALG_MAX_SIZE],
    szCipher: [WCHAR; SZ_ALG_MAX_SIZE],
    dwCipherLen: DWORD,
    dwCipherBlockLen: DWORD,
    szHash: [WCHAR; SZ_ALG_MAX_SIZE],
    dwHashLen: DWORD,
    szExchange: [WCHAR; SZ_ALG_MAX_SIZE],
    dwMinExchangeLen: DWORD,
    dwMaxExchangeLen: DWORD,
    szCertificate: [WCHAR; SZ_ALG_MAX_SIZE],
    dwKeyType: DWORD,
}}
pub type PSecPkgContext_CipherInfo = *mut SecPkgContext_CipherInfo;
STRUCT!{struct SecPkgContext_EapKeyBlock {
    rgbKeys: [BYTE; 128],
    rgbIVs: [BYTE; 64],
}}
pub type PSecPkgContext_EapKeyBlock = *mut SecPkgContext_EapKeyBlock;
STRUCT!{struct SecPkgContext_MappedCredAttr {
    dwAttribute: DWORD,
    pvBuffer: PVOID,
}}
pub type PSecPkgContext_MappedCredAttr = *mut SecPkgContext_MappedCredAttr;
pub const SSL_SESSION_RECONNECT: DWORD = 1;
STRUCT!{struct SecPkgContext_SessionInfo {
    dwFlags: DWORD,
    cbSessionId: DWORD,
    rgbSessionId: [BYTE; 32],
}}
pub type PSecPkgContext_SessionInfo = *mut SecPkgContext_SessionInfo;
STRUCT!{struct SecPkgContext_SessionAppData {
    dwFlags: DWORD,
    cbAppData: DWORD,
    pbAppData: PBYTE,
}}
pub type PSecPkgContext_SessionAppData = *mut SecPkgContext_SessionAppData;
STRUCT!{struct SecPkgContext_EapPrfInfo {
    dwVersion: DWORD,
    cbPrfData: DWORD,
    pbPrfData: PBYTE,
}}
pub type PSecPkgContext_EapPrfInfo = *mut SecPkgContext_EapPrfInfo;
STRUCT!{struct SecPkgContext_SupportedSignatures {
    cSignatureAndHashAlgorithms: WORD,
    pSignatureAndHashAlgorithms: *mut WORD,
}}
pub type PSecPkgContext_SupportedSignatures = *mut SecPkgContext_SupportedSignatures;
STRUCT!{struct SecPkgContext_Certificates {
    cCertificates: DWORD,
    cbCertificateChain: DWORD,
    pbCertificateChain: PBYTE,
}}
pub type PSecPkgContext_Certificates = *mut SecPkgContext_Certificates;
STRUCT!{struct SecPkgContext_CertInfo {
    dwVersion: DWORD,
    cbSubjectName: DWORD,
    pwszSubjectName: LPWSTR,
    cbIssuerName: DWORD,
    pwszIssuerName: LPWSTR,
    dwKeySize: DWORD,
}}
pub type PSecPkgContext_CertInfo = *mut SecPkgContext_CertInfo;
pub const KERN_CONTEXT_CERT_INFO_V1: DWORD = 0x00000000;
STRUCT!{struct SecPkgContext_UiInfo {
    hParentWindow: HWND,
}}
pub type PSecPkgContext_UiInfo = *mut SecPkgContext_UiInfo;
STRUCT!{struct SecPkgContext_EarlyStart {
    dwEarlyStartFlags: DWORD,
}}
pub type PSecPkgContext_EarlyStart = *mut SecPkgContext_EarlyStart;
pub const ENABLE_TLS_CLIENT_EARLY_START: DWORD = 0x00000001;
pub const SCH_CRED_V1: DWORD = 0x00000001;
pub const SCH_CRED_V2: DWORD = 0x00000002;
pub const SCH_CRED_VERSION: DWORD = 0x00000002;
pub const SCH_CRED_V3: DWORD = 0x00000003;
pub const SCHANNEL_CRED_VERSION: DWORD = 0x00000004;
pub const SCHANNEL_SECRET_TYPE_CAPI: DWORD = 0x00000001;
pub const SCHANNEL_SECRET_PRIVKEY: DWORD = 0x00000002;
pub const SCH_CRED_X509_CERTCHAIN: DWORD = 0x00000001;
pub const SCH_CRED_X509_CAPI: DWORD = 0x00000002;
pub const SCH_CRED_CERT_CONTEXT: DWORD = 0x00000003;
pub enum _HMAPPER {}
STRUCT!{struct SCHANNEL_CRED {
    dwVersion: DWORD,
    cCreds: DWORD,
    paCred: *mut PCCERT_CONTEXT,
    hRootStore: HCERTSTORE,
    cMappers: DWORD,
    aphMappers: *mut *mut _HMAPPER,
    cSupportedAlgs: DWORD,
    palgSupportedAlgs: *mut ALG_ID,
    grbitEnabledProtocols: DWORD,
    dwMinimumCipherStrength: DWORD,
    dwMaximumCipherStrength: DWORD,
    dwSessionLifespan: DWORD,
    dwFlags: DWORD,
    dwCredFormat: DWORD,
}}
pub type PSCHANNEL_CRED = *mut SCHANNEL_CRED;
pub const SCH_CRED_FORMAT_CERT_CONTEXT: DWORD = 0x00000000;
pub const SCH_CRED_FORMAT_CERT_HASH: DWORD = 0x00000001;
pub const SCH_CRED_FORMAT_CERT_HASH_STORE: DWORD = 0x00000002;
pub const SCH_CRED_MAX_STORE_NAME_SIZE: usize = 128;
pub const SCH_CRED_MAX_SUPPORTED_ALGS: DWORD = 256;
pub const SCH_CRED_MAX_SUPPORTED_CERTS: DWORD = 100;
STRUCT!{struct SCHANNEL_CERT_HASH {
    dwLength: DWORD,
    dwFlags: DWORD,
    hProv: HCRYPTPROV,
    ShaHash: [BYTE; 20],
}}
pub type PSCHANNEL_CERT_HASH = *mut SCHANNEL_CERT_HASH;
STRUCT!{struct SCHANNEL_CERT_HASH_STORE {
    dwLength: DWORD,
    dwFlags: DWORD,
    hProv: HCRYPTPROV,
    ShaHash: [BYTE; 20],
    pwszStoreName: [WCHAR; SCH_CRED_MAX_STORE_NAME_SIZE],
}}
pub type PSCHANNEL_CERT_HASH_STORE = *mut SCHANNEL_CERT_HASH_STORE;
pub const SCH_MACHINE_CERT_HASH: DWORD = 0x00000001;
pub const SCH_CRED_NO_SYSTEM_MAPPER: DWORD = 0x00000002;
pub const SCH_CRED_NO_SERVERNAME_CHECK: DWORD = 0x00000004;
pub const SCH_CRED_MANUAL_CRED_VALIDATION: DWORD = 0x00000008;
pub const SCH_CRED_NO_DEFAULT_CREDS: DWORD = 0x00000010;
pub const SCH_CRED_AUTO_CRED_VALIDATION: DWORD = 0x00000020;
pub const SCH_CRED_USE_DEFAULT_CREDS: DWORD = 0x00000040;
pub const SCH_CRED_DISABLE_RECONNECTS: DWORD = 0x00000080;
pub const SCH_CRED_REVOCATION_CHECK_END_CERT: DWORD = 0x00000100;
pub const SCH_CRED_REVOCATION_CHECK_CHAIN: DWORD = 0x00000200;
pub const SCH_CRED_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT: DWORD = 0x00000400;
pub const SCH_CRED_IGNORE_NO_REVOCATION_CHECK: DWORD = 0x00000800;
pub const SCH_CRED_IGNORE_REVOCATION_OFFLINE: DWORD = 0x00001000;
pub const SCH_CRED_RESTRICTED_ROOTS: DWORD = 0x00002000;
pub const SCH_CRED_REVOCATION_CHECK_CACHE_ONLY: DWORD = 0x00004000;
pub const SCH_CRED_CACHE_ONLY_URL_RETRIEVAL: DWORD = 0x00008000;
pub const SCH_CRED_MEMORY_STORE_CERT: DWORD = 0x00010000;
pub const SCH_CRED_CACHE_ONLY_URL_RETRIEVAL_ON_CREATE: DWORD = 0x00020000;
pub const SCH_SEND_ROOT_CERT: DWORD = 0x00040000;
pub const SCH_CRED_SNI_CREDENTIAL: DWORD = 0x00080000;
pub const SCH_CRED_SNI_ENABLE_OCSP: DWORD = 0x00100000;
pub const SCH_SEND_AUX_RECORD: DWORD = 0x00200000;
pub const SCH_USE_STRONG_CRYPTO: DWORD = 0x00400000;
pub const SCHANNEL_RENEGOTIATE: DWORD = 0;
pub const SCHANNEL_SHUTDOWN: DWORD = 1;
pub const SCHANNEL_ALERT: DWORD = 2;
pub const SCHANNEL_SESSION: DWORD = 3;
STRUCT!{struct SCHANNEL_ALERT_TOKEN {
    dwTokenType: DWORD,
    dwAlertType: DWORD,
    dwAlertNumber: DWORD,
}}
pub const TLS1_ALERT_WARNING: DWORD = 1;
pub const TLS1_ALERT_FATAL: DWORD = 2;
pub const TLS1_ALERT_CLOSE_NOTIFY: DWORD = 0;
pub const TLS1_ALERT_UNEXPECTED_MESSAGE: DWORD = 10;
pub const TLS1_ALERT_BAD_RECORD_MAC: DWORD = 20;
pub const TLS1_ALERT_DECRYPTION_FAILED: DWORD = 21;
pub const TLS1_ALERT_RECORD_OVERFLOW: DWORD = 22;
pub const TLS1_ALERT_DECOMPRESSION_FAIL: DWORD = 30;
pub const TLS1_ALERT_HANDSHAKE_FAILURE: DWORD = 40;
pub const TLS1_ALERT_BAD_CERTIFICATE: DWORD = 42;
pub const TLS1_ALERT_UNSUPPORTED_CERT: DWORD = 43;
pub const TLS1_ALERT_CERTIFICATE_REVOKED: DWORD = 44;
pub const TLS1_ALERT_CERTIFICATE_EXPIRED: DWORD = 45;
pub const TLS1_ALERT_CERTIFICATE_UNKNOWN: DWORD = 46;
pub const TLS1_ALERT_ILLEGAL_PARAMETER: DWORD = 47;
pub const TLS1_ALERT_UNKNOWN_CA: DWORD = 48;
pub const TLS1_ALERT_ACCESS_DENIED: DWORD = 49;
pub const TLS1_ALERT_DECODE_ERROR: DWORD = 50;
pub const TLS1_ALERT_DECRYPT_ERROR: DWORD = 51;
pub const TLS1_ALERT_EXPORT_RESTRICTION: DWORD = 60;
pub const TLS1_ALERT_PROTOCOL_VERSION: DWORD = 70;
pub const TLS1_ALERT_INSUFFIENT_SECURITY: DWORD = 71;
pub const TLS1_ALERT_INTERNAL_ERROR: DWORD = 80;
pub const TLS1_ALERT_USER_CANCELED: DWORD = 90;
pub const TLS1_ALERT_NO_RENEGOTIATION: DWORD = 100;
pub const TLS1_ALERT_UNSUPPORTED_EXT: DWORD = 110;
pub const TLS1_ALERT_NO_APP_PROTOCOL: DWORD = 120;
pub const SSL_SESSION_ENABLE_RECONNECTS: DWORD = 1;
pub const SSL_SESSION_DISABLE_RECONNECTS: DWORD = 2;
STRUCT!{struct SCHANNEL_SESSION_TOKEN {
    dwTokenType: DWORD,
    dwFlags: DWORD,
}}
STRUCT!{struct SCHANNEL_CLIENT_SIGNATURE {
    cbLength: DWORD,
    aiHash: ALG_ID,
    cbHash: DWORD,
    HashValue: [BYTE; 36],
    CertThumbprint: [BYTE; 20],
}}
pub type PSCHANNEL_CLIENT_SIGNATURE = *mut SCHANNEL_CLIENT_SIGNATURE;
pub const SP_PROT_PCT1_SERVER: DWORD = 0x00000001;
pub const SP_PROT_PCT1_CLIENT: DWORD = 0x00000002;
pub const SP_PROT_PCT1: DWORD = SP_PROT_PCT1_SERVER | SP_PROT_PCT1_CLIENT;
pub const SP_PROT_SSL2_SERVER: DWORD = 0x00000004;
pub const SP_PROT_SSL2_CLIENT: DWORD = 0x00000008;
pub const SP_PROT_SSL2: DWORD = SP_PROT_SSL2_SERVER | SP_PROT_SSL2_CLIENT;
pub const SP_PROT_SSL3_SERVER: DWORD = 0x00000010;
pub const SP_PROT_SSL3_CLIENT: DWORD = 0x00000020;
pub const SP_PROT_SSL3: DWORD = SP_PROT_SSL3_SERVER | SP_PROT_SSL3_CLIENT;
pub const SP_PROT_TLS1_SERVER: DWORD = 0x00000040;
pub const SP_PROT_TLS1_CLIENT: DWORD = 0x00000080;
pub const SP_PROT_TLS1: DWORD = SP_PROT_TLS1_SERVER | SP_PROT_TLS1_CLIENT;
pub const SP_PROT_SSL3TLS1_CLIENTS: DWORD = SP_PROT_TLS1_CLIENT | SP_PROT_SSL3_CLIENT;
pub const SP_PROT_SSL3TLS1_SERVERS: DWORD = SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER;
pub const SP_PROT_SSL3TLS1: DWORD = SP_PROT_SSL3 | SP_PROT_TLS1;
pub const SP_PROT_UNI_SERVER: DWORD = 0x40000000;
pub const SP_PROT_UNI_CLIENT: DWORD = 0x80000000;
pub const SP_PROT_UNI: DWORD = SP_PROT_UNI_SERVER | SP_PROT_UNI_CLIENT;
pub const SP_PROT_ALL: DWORD = 0xffffffff;
pub const SP_PROT_NONE: DWORD = 0;
pub const SP_PROT_CLIENTS: DWORD = SP_PROT_PCT1_CLIENT | SP_PROT_SSL2_CLIENT
    | SP_PROT_SSL3_CLIENT | SP_PROT_UNI_CLIENT | SP_PROT_TLS1_CLIENT;
pub const SP_PROT_SERVERS: DWORD = SP_PROT_PCT1_SERVER | SP_PROT_SSL2_SERVER
    | SP_PROT_SSL3_SERVER | SP_PROT_UNI_SERVER | SP_PROT_TLS1_SERVER;
pub const SP_PROT_TLS1_0_SERVER: DWORD = SP_PROT_TLS1_SERVER;
pub const SP_PROT_TLS1_0_CLIENT: DWORD = SP_PROT_TLS1_CLIENT;
pub const SP_PROT_TLS1_0: DWORD = SP_PROT_TLS1_0_SERVER | SP_PROT_TLS1_0_CLIENT;
pub const SP_PROT_TLS1_1_SERVER: DWORD = 0x00000100;
pub const SP_PROT_TLS1_1_CLIENT: DWORD = 0x00000200;
pub const SP_PROT_TLS1_1: DWORD = SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_1_CLIENT;
pub const SP_PROT_TLS1_2_SERVER: DWORD = 0x00000400;
pub const SP_PROT_TLS1_2_CLIENT: DWORD = 0x00000800;
pub const SP_PROT_TLS1_2: DWORD = SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_2_CLIENT;
pub const SP_PROT_DTLS_SERVER: DWORD = 0x00010000;
pub const SP_PROT_DTLS_CLIENT: DWORD = 0x00020000;
pub const SP_PROT_DTLS: DWORD = SP_PROT_DTLS_SERVER | SP_PROT_DTLS_CLIENT;
pub const SP_PROT_DTLS1_0_SERVER: DWORD = SP_PROT_DTLS_SERVER;
pub const SP_PROT_DTLS1_0_CLIENT: DWORD = SP_PROT_DTLS_CLIENT;
pub const SP_PROT_DTLS1_0: DWORD = SP_PROT_DTLS1_0_SERVER | SP_PROT_DTLS1_0_CLIENT;
pub const SP_PROT_DTLS1_X_SERVER: DWORD = SP_PROT_DTLS1_0_SERVER;
pub const SP_PROT_DTLS1_X_CLIENT: DWORD = SP_PROT_DTLS1_0_CLIENT;
pub const SP_PROT_DTLS1_X: DWORD = SP_PROT_DTLS1_X_SERVER | SP_PROT_DTLS1_X_CLIENT;
pub const SP_PROT_TLS1_1PLUS_SERVER: DWORD = SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_2_SERVER;
pub const SP_PROT_TLS1_1PLUS_CLIENT: DWORD = SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT;
pub const SP_PROT_TLS1_1PLUS: DWORD = SP_PROT_TLS1_1PLUS_SERVER | SP_PROT_TLS1_1PLUS_CLIENT;
pub const SP_PROT_TLS1_X_SERVER: DWORD = SP_PROT_TLS1_0_SERVER | SP_PROT_TLS1_1_SERVER
    | SP_PROT_TLS1_2_SERVER;
pub const SP_PROT_TLS1_X_CLIENT: DWORD = SP_PROT_TLS1_0_CLIENT | SP_PROT_TLS1_1_CLIENT
    | SP_PROT_TLS1_2_CLIENT;
pub const SP_PROT_TLS1_X: DWORD = SP_PROT_TLS1_X_SERVER | SP_PROT_TLS1_X_CLIENT;
pub const SP_PROT_SSL3TLS1_X_CLIENTS: DWORD = SP_PROT_TLS1_X_CLIENT | SP_PROT_SSL3_CLIENT;
pub const SP_PROT_SSL3TLS1_X_SERVERS: DWORD = SP_PROT_TLS1_X_SERVER | SP_PROT_SSL3_SERVER;
pub const SP_PROT_SSL3TLS1_X: DWORD = SP_PROT_SSL3 | SP_PROT_TLS1_X;
pub const SP_PROT_X_CLIENTS: DWORD = SP_PROT_CLIENTS | SP_PROT_TLS1_X_CLIENT
    | SP_PROT_DTLS1_X_CLIENT;
pub const SP_PROT_X_SERVERS: DWORD = SP_PROT_SERVERS | SP_PROT_TLS1_X_SERVER
    | SP_PROT_DTLS1_X_SERVER;
pub const SSL_CRACK_CERTIFICATE_NAME: &'static str = "SslCrackCertificate";
pub const SSL_FREE_CERTIFICATE_NAME: &'static str = "SslFreeCertificate";