//+-------------------------------------------------------------------------
//
//  Microsoft Windows
//
//  Copyright 1996 - 1998 Microsoft Corporation.
//
//  File:       wintrust.h
//
//  Contents:   Microsoft Internet Security Trust Provider Model
//
//  History:    31-May-1997 created
//
//--------------------------------------------------------------------------

#ifndef WINTRUST_H
#define WINTRUST_H

//////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////
//
//      Client definitions, typedefs, and prototypes
//
//////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////

#pragma pack(8)

//////////////////////////////////////////////////////////////////////////////
//
// WINTRUST_DATA Structure
//----------------------------------------------------------------------------
//  Used when calling WinVerifyTrust to pass necessary information into
//  the Providers.
//
typedef struct _WINTRUST_DATA
{
    DWORD           cbStruct;                   // = sizeof(WINTRUST_DATA)

    LPVOID          pPolicyCallbackData;        // optional: used to pass data between the app and policy

    DWORD           dwUIChoice;                 // required: UI choice.  One of the following.
#                       define      WTD_UI_ALL              1
#                       define      WTD_UI_NONE             2
#                       define      WTD_UI_NOBAD            3
#                       define      WTD_UI_NOGOOD           4

    DWORD           fdwRevocationChecks;        // required: certificate revocation check options
#                       define      WTD_REVOKE_NONE         0x00000000
#                       define      WTD_REVOKE_WHOLECHAIN   0x00000001

    DWORD           dwUnionChoice;              // required: which structure is being passed in?
#                       define      WTD_CHOICE_FILE         1
#                       define      WTD_CHOICE_CATALOG      2
#                       define      WTD_CHOICE_BLOB         3
#                       define      WTD_CHOICE_SIGNER       4
#                       define      WTD_CHOICE_CERT         5
    union
    {
        struct WINTRUST_FILE_INFO_      *pFile;         // individual file
        struct WINTRUST_CATALOG_INFO_   *pCatalog;      // member of a Catalog File
        struct WINTRUST_BLOB_INFO_      *pBlob;         // memory blob
        struct WINTRUST_SGNR_INFO_      *pSgnr;         // signer structure only
        struct WINTRUST_CERT_INFO_      *pCert;
    };

    DWORD           dwStateAction;                      // future. DO NOT USE!!! (optional)
#                       define      WTD_STATEACTION_OPEN    1
#                       define      WTD_STATEACTION_VERIFY  2
#                       define      WTD_STATEACTION_CLOSE   3

    HANDLE          hWVTStateData;                      // future. DO NOT USE!!! (optional)

} WINTRUST_DATA, *PWINTRUST_DATA;

//////////////////////////////////////////////////////////////////////////////
//
// WINTRUST_FILE_INFO Structure
//----------------------------------------------------------------------------
//  Used when calling WinVerifyTrust against an individual file.
//
typedef struct WINTRUST_FILE_INFO_
{
    DWORD           cbStruct;                   // = sizeof(WINTRUST_FILE_INFO)

    LPCWSTR         pcwszFilePath;              // required, file name to be verified
    HANDLE          hFile;                      // optional, open handle to pcwszFilePath
      
} WINTRUST_FILE_INFO, *PWINTRUST_FILE_INFO;

//////////////////////////////////////////////////////////////////////////////
//
// WINTRUST_CATALOG_INFO Structure
//----------------------------------------------------------------------------
//  Used when calling WinVerifyTrust against a member of a Microsoft Catalog
//  file.
//
typedef struct WINTRUST_CATALOG_INFO_
{
    DWORD               cbStruct;               // = sizeof(WINTRUST_CATALOG_INFO)

    DWORD               dwCatalogVersion;       // optional: Catalog version number
    LPCWSTR             pcwszCatalogFilePath;   // required: path/name to Catalog file

    LPCWSTR             pcwszMemberTag;         // required: tag to member in Catalog
    LPCWSTR             pcwszMemberFilePath;    // required: path/name to member file
    HANDLE              hMemberFile;            // optional: open handle to pcwszMemberFilePath

} WINTRUST_CATALOG_INFO, *PWINTRUST_CATALOG_INFO;

//////////////////////////////////////////////////////////////////////////////
//
// WINTRUST_BLOB_INFO Structure
//----------------------------------------------------------------------------
//  Used when calling WinVerifyTrust against a memory blob.
//
typedef struct WINTRUST_BLOB_INFO_
{
    DWORD               cbStruct;               // = sizeof(WINTRUST_BLOB_INFO)

    LPCWSTR             pcwszDisplayName;       // name of the "thing" the pbMem is pointing to.

    DWORD               cbMem;
    BYTE                *pbMem;

} WINTRUST_BLOB_INFO, *PWINTRUST_BLOB_INFO;

//////////////////////////////////////////////////////////////////////////////
//
// WINTRUST_SGNR_INFO Structure
//----------------------------------------------------------------------------
//  Used when calling WinVerifyTrust against a CMSG_SIGNER_INFO Structure
//
typedef struct WINTRUST_SGNR_INFO_
{
    DWORD               cbStruct;               // = sizeof(WINTRUST_SGNR_INFO)

    LPCWSTR             pcwszDisplayName;       // name of the "thing" the pbMem is pointing to.

    CMSG_SIGNER_INFO    *psSignerInfo;

    DWORD               chStores;               // number of stores in pahStores
    HCERTSTORE          *pahStores;             // array of stores to add to internal list

} WINTRUST_SGNR_INFO, *PWINTRUST_SGNR_INFO;

//////////////////////////////////////////////////////////////////////////////
//
// WINTRUST_CERT_INFO Structure
//----------------------------------------------------------------------------
//  Used when calling WinVerifyTrust against a CERT_CONTEXT Structure
//
typedef struct WINTRUST_CERT_INFO_
{
    DWORD               cbStruct;               // = sizeof(WINTRUST_CERT_INFO)

    LPCWSTR             pcwszDisplayName;       // name of the "thing" the pbMem is pointing to.

    CERT_CONTEXT        *psCertContext;

    DWORD               chStores;               // number of stores in pahStores
    HCERTSTORE          *pahStores;             // array of stores to add to internal list

} WINTRUST_CERT_INFO, *PWINTRUST_CERT_INFO;

#pragma pack()


//////////////////////////////////////////////////////////////////////////////
//
// WinVerifyTrust
//----------------------------------------------------------------------------
//  Exported from WINTRUST.DLL.
//  Call this function to verify the trust based on a digital signer.
//
//  Returns:
//          ERROR_SUCCESS               If the trust is authenticated or
//                                      if the user accepted the risk.
//
//          TRUST_E_PROVIDER_UNKNOWN    there was an error loading one of the 
//                                      required Providers.
//
//          all error codes passed back are based on the Policy Provider used.
//

LONG WINAPI WinVerifyTrust(IN OPTIONAL HWND hwnd,
                              IN          GUID *pgActionID,
                              IN          LPVOID pWintrustData);


//////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////
//
//      Trust, Policy, and UI Provider definitions, typedefs, and prototypes
//
//  Model:
//      A client wishing to validate trust through WinVerifyTrust will
//      select an appropriate Action ID guid for the call.
//      This guid is defined by each Policy Provider and represents the 
//      functions called based on the policy for the given object.
//
//      In this model, the Policy Provider determines which style of UI
//      will be shown to the user (this only applies to style, the 
//      determination of whether UI is displayed is set by the calling client
//      in the UI flags member of WINTRUST_DATA).
//
//      Since the function entry points are common (same return value and
//      parameters), it allows Policy Provider developers to take advantage 
//      of existing, generic, code to fill the CRYPT_PROVIDER_DATA structure.
//    
//      This also allows the developer to simply add the specific policy they
//      need, then, call the generic Policy Provider - if appropriate.
//
//////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////

//////////////////////////////////////////////////////////////////////////////
//
// Supported ASN structures contained in WINTRUST.DLL
//----------------------------------------------------------------------------
//  
#pragma pack (8)

#define SPC_INDIRECT_DATA_CONTENT_STRUCT    ((LPCSTR)2003)
#define SPC_INDIRECT_DATA_OBJID             "1.3.6.1.4.1.311.2.1.4"
#define SPC_GLUE_RDN_OBJID                  "1.3.6.1.4.1.311.2.1.25"

typedef struct _SPC_INDIRECT_DATA_CONTENT 
{
    CRYPT_ATTRIBUTE_TYPE_VALUE    Data;
    CRYPT_ALGORITHM_IDENTIFIER    DigestAlgorithm;
    CRYPT_HASH_BLOB               Digest;

} SPC_INDIRECT_DATA_CONTENT, *PSPC_INDIRECT_DATA_CONTENT;

#pragma pack()


//////////////////////////////////////////////////////////////////////////////
//
// Wintrust Policy Flags
//----------------------------------------------------------------------------
//  These are set during install and can be modified by the user
//  through various means.  The SETREG.EXE utility (found in the Authenticode
//  Tools Pack) will select/deselect each of them.
//
#define WTPF_TRUSTTEST              0x00000020  // trust any "TEST" generated certificate
#define WTPF_TESTCANBEVALID         0x00000080 
#define WTPF_IGNOREEXPIRATION       0x00000100  // Use expiration date
#define WTPF_IGNOREREVOKATION       0x00000200  // Do revocation check
#define WTPF_OFFLINEOK_IND          0x00000400  // off-line is ok for individual certs
#define WTPF_OFFLINEOK_COM          0x00000800  // off-line is ok for commercial certs
#define WTPF_OFFLINEOKNBU_IND       0x00001000  // off-line is ok for individual certs, no bad ui
#define WTPF_OFFLINEOKNBU_COM       0x00002000  // off-line is ok for commercial certs, no bad ui
#define WTPF_TIMESTAMP_IND          0x00004000  // Use timestamp for individual certs
#define WTPF_TIMESTAMP_COM          0x00008000  // Use timestamp for commerical certs
#define WTPF_VERIFY_V1_OFF          0x00010000  // turn verify of v1 certs off
#define WTPF_IGNOREREVOCATIONONTS   0x00020000  // ignore TimeStamp revocation checks

//////////////////////////////////////////////////////////////////////////////
//
// WintrustGetRegPolicyFlags
//----------------------------------------------------------------------------
//  This API call is exported from WINTRUST.DLL and is the recommended method
//  of retrieving the DWORD representing the Policy Flags.
//
extern void WINAPI      WintrustGetRegPolicyFlags(DWORD *pdwPolicyFlags);


//////////////////////////////////////////////////////////////////////////////
//
// Trust Provider "Step" Error defines
//----------------------------------------------------------------------------
//  Each "step" of the Trust process has an error "slot" associated with it.
//  If an error occurs, the "step" will assign its result to this "slot".  These
//  errors can be any valid WINERROR.H HRESULT code.
//
#define TRUSTERROR_STEP_WVTPARAMS                   0
#define TRUSTERROR_STEP_FILEIO                      2
#define TRUSTERROR_STEP_SIP                         3
#define TRUSTERROR_STEP_SIPSUBJINFO                 5
#define TRUSTERROR_STEP_CATALOGFILE                 6
#define TRUSTERROR_STEP_CERTSTORE                   7
#define TRUSTERROR_STEP_MESSAGE                     8
#define TRUSTERROR_STEP_MSG_SIGNERCOUNT             9
#define TRUSTERROR_STEP_MSG_INNERCNTTYPE            10
#define TRUSTERROR_STEP_MSG_INNERCNT                11
#define TRUSTERROR_STEP_MSG_STORE                   12
#define TRUSTERROR_STEP_MSG_SIGNERINFO              13
#define TRUSTERROR_STEP_MSG_SIGNERCERT              14
#define TRUSTERROR_STEP_MSG_CERTCHAIN               15
#define TRUSTERROR_STEP_MSG_COUNTERSIGINFO          16
#define TRUSTERROR_STEP_MSG_COUNTERSIGCERT          17
#define TRUSTERROR_STEP_VERIFY_MSGHASH              18
#define TRUSTERROR_STEP_VERIFY_MSGINDIRECTDATA      19

#define TRUSTERROR_STEP_FINAL_WVTINIT               30
#define TRUSTERROR_STEP_FINAL_INITPROV              31
#define TRUSTERROR_STEP_FINAL_OBJPROV               32
#define TRUSTERROR_STEP_FINAL_SIGPROV               33
#define TRUSTERROR_STEP_FINAL_CERTPROV              34
#define TRUSTERROR_STEP_FINAL_CERTCHKPROV           35
#define TRUSTERROR_STEP_FINAL_POLICYPROV            36
#define TRUSTERROR_STEP_FINAL_UIPROV                37

#define TRUSTERROR_MAX_STEPS                        38

//////////////////////////////////////////////////////////////////////////////
//
//  allocation and free function prototypes
//----------------------------------------------------------------------------
//
typedef void        *(*PFN_CPD_MEM_ALLOC)(IN DWORD cbSize);
typedef void        (*PFN_CPD_MEM_FREE)(IN void *pvMem2Free);

typedef BOOL        (*PFN_CPD_ADD_STORE)(IN struct _CRYPT_PROVIDER_DATA *pProvData, 
                                         IN HCERTSTORE hStore2Add);

typedef BOOL        (*PFN_CPD_ADD_SGNR)(IN          struct _CRYPT_PROVIDER_DATA *pProvData, 
                                        IN          BOOL fCounterSigner,
                                        IN OPTIONAL DWORD idxSigner,
                                        IN          struct _CRYPT_PROVIDER_SGNR *pSgnr2Add);

typedef BOOL        (*PFN_CPD_ADD_CERT)(IN          struct _CRYPT_PROVIDER_DATA *pProvData, 
                                        IN          DWORD idxSigner,
                                        IN          BOOL fCounterSigner,
                                        IN OPTIONAL DWORD idxCounterSigner,
                                        IN          PCCERT_CONTEXT pCert2Add);

typedef BOOL        (*PFN_CPD_ADD_PRIVDATA)(IN struct _CRYPT_PROVIDER_DATA *pProvData,
                                            IN struct _CRYPT_PROVIDER_PRIVDATA *pPrivData2Add);

//////////////////////////////////////////////////////////////////////////////
//
//  Provider function prototypes
//----------------------------------------------------------------------------
//

//
//  entry point for the object provider
//
typedef HRESULT     (*PFN_PROVIDER_INIT_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);

//
//  entry point for the object provider
//
typedef HRESULT     (*PFN_PROVIDER_OBJTRUST_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);

//
//  entry point for the Signature Provider
//
typedef HRESULT     (*PFN_PROVIDER_SIGTRUST_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);

//
//  entry point for the Certificate Provider
//
typedef HRESULT     (*PFN_PROVIDER_CERTTRUST_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);

//
//  entry point for the Policy Provider's final call (from the trust provider)
//
typedef HRESULT     (*PFN_PROVIDER_FINALPOLICY_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);

//
//  entry point for the Policy Provider's "dump structure" call 
//
typedef HRESULT     (*PFN_PROVIDER_TESTFINALPOLICY_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);

//
//  entry point for the Policy Provider's Cert Check call.  This will return
//  true if the Trust Provider is to continue building the certificate chain.
//  If the PP returns FALSE, it is assumed that we have reached a "TRUSTED",
//  self-signed, root.
//
typedef BOOL        (*PFN_PROVIDER_CERTCHKPOLICY_CALL)( IN          struct _CRYPT_PROVIDER_DATA *pProvData, 
                                                        IN          DWORD idxSigner,
                                                        IN          BOOL fCounterSignerChain,
                                                        IN OPTIONAL DWORD idxCounterSigner);

#pragma pack(8)

//////////////////////////////////////////////////////////////////////////////
//
// CRYPT_PROVIDER_FUNCTIONS structure
//----------------------------------------------------------------------------
//
//
typedef struct _CRYPT_PROVIDER_FUNCTIONS
{
    DWORD                               cbStruct;

    PFN_CPD_MEM_ALLOC                   pfnAlloc;               // set in WVT
    PFN_CPD_MEM_FREE                    pfnFree;                // set in WVT

    PFN_CPD_ADD_STORE                   pfnAddStore2Chain;      // call to add a store to the chain.
    PFN_CPD_ADD_SGNR                    pfnAddSgnr2Chain;       // call to add a sgnr struct to a msg struct sgnr chain
    PFN_CPD_ADD_CERT                    pfnAddCert2Chain;       // call to add a cert struct to a sgnr struct cert chain
    PFN_CPD_ADD_PRIVDATA                pfnAddPrivData2Chain;   // call to add provider private data to struct.

    PFN_PROVIDER_INIT_CALL              pfnInitialize;          // initialize Policy data.
    PFN_PROVIDER_OBJTRUST_CALL          pfnObjectTrust;         // build info up to the signer info(s).
    PFN_PROVIDER_SIGTRUST_CALL          pfnSignatureTrust;      // build info to the signing cert
    PFN_PROVIDER_CERTTRUST_CALL         pfnCertificateTrust;    // build the chain
    PFN_PROVIDER_FINALPOLICY_CALL       pfnFinalPolicy;         // final call to policy
    PFN_PROVIDER_CERTCHKPOLICY_CALL     pfnCertCheckPolicy;     // check each cert will building chain
    PFN_PROVIDER_TESTFINALPOLICY_CALL   pfnTestFinalPolicy;     // dump structures to a file (or whatever the policy chooses)

} CRYPT_PROVIDER_FUNCTIONS, *PCRYPT_PROVIDER_FUNCTIONS;

//////////////////////////////////////////////////////////////////////////////
//
// CRYPT_PROVIDER_CERT structure
//----------------------------------------------------------------------------
//  After the Signature and Certificate Providers are finished there will 
//  be zero to many of these filled out in the CRYPT_PROVIDER_SGNR 
//  structure.  One for each certificate in the chain.
//  
//
typedef struct _CRYPT_PROVIDER_CERT
{
    DWORD                       cbStruct;

    PCCERT_CONTEXT              pCert;              // must have its own ref-count!

    BOOL                        fCommercial;
    BOOL                        fTrustedRoot;       // certchk policy should set this.
    BOOL                        fSelfSigned;        // set in cert provider

    BOOL                        fTestCert;          // certchk policy will set

    DWORD                       dwRevokedReason;

    DWORD                       dwConfidence;       // set in the Certificate Provider
#                                   define  CERT_CONFIDENCE_SIG          0x10000000
#                                   define  CERT_CONFIDENCE_TIME         0x01000000
#                                   define  CERT_CONFIDENCE_TIMENEST     0x00100000
#                                   define  CERT_CONFIDENCE_AUTHIDEXT    0x00010000
#                                   define  CERT_CONFIDENCE_HIGHEST      0x11110000

    DWORD                       dwError;

} CRYPT_PROVIDER_CERT, *PCRYPT_PROVIDER_CERT;

//////////////////////////////////////////////////////////////////////////////
//
// CRYPT_PROVIDER_SGNR structure
//----------------------------------------------------------------------------
//  After the Signature Provider is finished there will be zero to many of these
//  filled out.  One for each signer of the message.  Also, there will be zero 
//  to many of these filled out inside this structure.  One for each counter 
//  signer of the signer.
//  
//  IMPORTANT:  1.  All dynamically allocated members MUST use allocation
//                  and Add2 functions provided.
//
typedef struct _CRYPT_PROVIDER_SGNR
{
    DWORD                       cbStruct;

    FILETIME                    sftVerifyAsOf;      // either today's filetime or the timestamps

    DWORD                       csCertChain;        // do NOT set manually.
    CRYPT_PROVIDER_CERT         *pasCertChain;      // use the Add2 allocator

    DWORD                       dwSignerType;       // set if known by policy
#                                   define  SGNR_TYPE_TIMESTAMP     0x00000010

    CMSG_SIGNER_INFO            *psSigner;          // must use the pfnAlloc allocator!

    DWORD                       dwError;            // error encounted while building/verifying the signer.

    DWORD                       csCounterSigners;   // do NOT set manually.
    struct _CRYPT_PROVIDER_SGNR *pasCounterSigners; // use the Add2 allocator.

} CRYPT_PROVIDER_SGNR, *PCRYPT_PROVIDER_SGNR;

//////////////////////////////////////////////////////////////////////////////
//
// CRYPT_PROVIDER_PRIVDATA structure
//----------------------------------------------------------------------------
//  This structure is to allow Policy Provider functions to share
//  POLICY SPECIFIC data between Policy Functions.
//  The Policy must use the pfnAddPrivateData2Chain function and 
//  must free any data within the member before the Final Policy returns
//  to WVT.  
//  To allow multiple providers to use this feature, each provider that
//  uses this member must set the provider ID to it's Action ID so that 
//  the provider can find its data and ignore any other.
//
typedef struct _CRYPT_PROVIDER_PRIVDATA
{
    DWORD                           cbStruct;

    GUID                            gProviderID;

    DWORD                           cbProvData;
    void                            *pvProvData;

} CRYPT_PROVIDER_PRIVDATA, *PCRYPT_PROVIDER_PRIVDATA;

//////////////////////////////////////////////////////////////////////////////
//
// CRYPT_PROVIDER_DATA Structure
//----------------------------------------------------------------------------
//  Used to pass information between WinVerifyTrust and all of the Provider
//  calls.
//
//  IMPORTANT:  1.  All dynamically allocated members MUST use the allocation
//                  and Add2 functions provided.
//
typedef struct _CRYPT_PROVIDER_DATA
{
    DWORD                       cbStruct;               // = sizeof(TRUST_PROVIDER_DATA) (set in WVT)

    WINTRUST_DATA               *pWintrustData;         // NOT verified (set in WVT)
    BOOL                        fOpenedFile;            // the provider opened the file handle (if applicable)
    HWND                        hWndParent;             // if passed in, else, Desktop hWnd (set in WVT).
    GUID                        *pgActionID;            // represents the Provider combination (set in WVT).

    HCRYPTPROV                  hProv;                  // set in WVT

    DWORD                       dwError;                // error to be returned

    DWORD                       dwRegSecuritySettings;  // ie security settings (set in WVT)
    DWORD                       dwRegPolicySettings;    // setreg settings (set in WVT)

    CRYPT_PROVIDER_FUNCTIONS    sPfns;                  // set in WVT.

    DWORD                       cdwTrustStepErrors;     // set in WVT.
    DWORD                       *padwTrustStepErrors;   // allocated in WVT.  filled in WVT & Trust Provider

    DWORD                       chStores;               // number of stores in pahStores (root set in WVT)
    HCERTSTORE                  *pahStores;             // array of known stores (root set in WVT) root is ALWAYS #0!!!

    DWORD                       dwEncoding;             // message encoding type (set in WVT and Signature Prov)
    HCRYPTMSG                   hMsg;                   // set in Signature Prov.

    GUID                        gSubject;               // subject guid of file/member file. (set in Sig Prov)
    struct SIP_DISPATCH_INFO_   *pSip;                  // set in Sig Prov - defined in sipbase.h
    struct SIP_DISPATCH_INFO_   *pCATSip;               // set in Sig Prov - defined in sipbase.h
    struct SIP_SUBJECTINFO_     *psSipSubjectInfo;      // set in Sig Prov - defined in sipbase.h
    struct SIP_SUBJECTINFO_     *psSipCATSubjectInfo;   // set in Sig Prov - defined in sipbase.h
    struct SIP_INDIRECT_DATA_   *psIndirectData;        // set in Sig Prov - defined in sipbase.h

    DWORD                       csSigners;              // use Add2 function!
    CRYPT_PROVIDER_SGNR         *pasSigners;            // use Add2 function!

    DWORD                       csProvPrivData;         // use Add2 function!
    CRYPT_PROVIDER_PRIVDATA     *pasProvPrivData;       // use Add2 function!

} CRYPT_PROVIDER_DATA, *PCRYPT_PROVIDER_DATA;


//////////////////////////////////////////////////////////////////////////////
//
// structures used to register action IDs
//----------------------------------------------------------------------------
//
typedef struct _CRYPT_TRUST_REG_ENTRY
{
    DWORD                   cbStruct;

    WCHAR                   *pwszDLLName;
    WCHAR                   *pwszFunctionName;

} CRYPT_TRUST_REG_ENTRY, *PCRYPT_TRUST_REG_ENTRY;

typedef struct _CRYPT_REGISTER_ACTIONID
{
    DWORD                   cbStruct;

    CRYPT_TRUST_REG_ENTRY   sInitProvider;
    CRYPT_TRUST_REG_ENTRY   sObjectProvider;
    CRYPT_TRUST_REG_ENTRY   sSignatureProvider;
    CRYPT_TRUST_REG_ENTRY   sCertificateProvider;
    CRYPT_TRUST_REG_ENTRY   sCertificatePolicyProvider;
    CRYPT_TRUST_REG_ENTRY   sFinalPolicyProvider;
    CRYPT_TRUST_REG_ENTRY   sTestPolicyProvider;

} CRYPT_REGISTER_ACTIONID, *PCRYPT_REGISTER_ACTIONID;

#pragma pack()

//////////////////////////////////////////////////////////////////////////////
//
// WINTRUST.DLL Provider defines
//----------------------------------------------------------------------------
//  The following are definitions of the Microsoft Generic Cert Provider
//  
#define WT_CURRENT_VERSION                  0x00000200
#define WT_MAX_FUNC_NAME                    128

#define WT_PROVIDER_DLL_NAME                L"WINTRUST.DLL"
#define WT_PROVIDER_CERTTRUST_FUNCTION      L"WintrustCertificateTrust"

//////////////////////////////////////////////////////////////////////////////
//
// WintrustAddActionID
//----------------------------------------------------------------------------
//  Adds a new Provider combination to the users' 
//  system.  Creates all necessary registry entries, etc.  This should be done
//  during the Policy Provider's DllRegisterServer.
//
//  *** THE ONLY ONE WHO SHOULD CALL THIS IS THE POLICY PROVIDER ***
// 
// Returns: 
//      TRUE:                           No fatal errors
//      FALSE:                          Errors occured.  See GetLastError()
//
extern BOOL WINAPI  WintrustAddActionID(IN GUID *pgActionID, 
                                        IN DWORD fdwReserved,    // future use.
                                        IN CRYPT_REGISTER_ACTIONID *psProvInfo);


//////////////////////////////////////////////////////////////////////////////
//
// WintrustRemoveActionID
//----------------------------------------------------------------------------
//  Removes the Provider action combination from the users'
//  system.
// 
// Returns: 
//      TRUE:                           No fatal errors
//      FALSE:                          Errors occured.  See GetLastError()
//
extern BOOL WINAPI  WintrustRemoveActionID(IN GUID *pgActionID);

//////////////////////////////////////////////////////////////////////////////
//
// WintrustLoadFunctionPointers
//----------------------------------------------------------------------------
//  Retrieves the function entry points based on the Action ID given.
// 
// Returns: 
//      TRUE                            success.
//      FALSE                           fail.
//
extern BOOL WINAPI WintrustLoadFunctionPointers(GUID *pgActionID, CRYPT_PROVIDER_FUNCTIONS *pPfns);

//
//  helper functions exported from wintrust.dll
//
extern HANDLE WINAPI            WTHelperGetFileHandle(WINTRUST_DATA *pWintrustData);
extern WCHAR * WINAPI           WTHelperGetFileName(WINTRUST_DATA *pWintrustData);
extern PCCERT_CONTEXT WINAPI    WTHelperCertFindIssuerCertificate(CRYPT_PROVIDER_DATA *pProvData, 
                                                                  CRYPT_PROVIDER_SGNR *pSgnr,
                                                                  PCCERT_CONTEXT pChildContext,
                                                                  DWORD *pdwConfidence,
                                                                  DWORD *pdwError);
extern BOOL WINAPI              WTHelperCertIsSelfSigned(DWORD dwEncoding, CERT_INFO *pCert);
extern BOOL WINAPI              WTHelperOpenKnownStores(CRYPT_PROVIDER_DATA *pProvData);


#endif // WINTRUST_H