dotnet · wfurt · Aug 4, 2020 · Jul 22, 2020 · Jul 22, 2020
diff --git a/src/libraries/Common/src/Interop/Windows/Crypt32/Interop.CERT_INFO.cs b/src/libraries/Common/src/Interop/Windows/Crypt32/Interop.CERT_INFO.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Runtime.InteropServices;
-using System.Runtime.InteropServices.ComTypes;
 
 internal static partial class Interop
 {
@@ -16,8 +15,8 @@ internal struct CERT_INFO
             internal DATA_BLOB SerialNumber;
             internal CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
             internal DATA_BLOB Issuer;
-            internal FILETIME NotBefore;
-            internal FILETIME NotAfter;
+            internal System.Runtime.InteropServices.ComTypes.FILETIME NotBefore;
+            internal System.Runtime.InteropServices.ComTypes.FILETIME NotAfter;
             internal DATA_BLOB Subject;
             internal CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo;
             internal CRYPT_BIT_BLOB IssuerUniqueId;

diff --git a/src/libraries/Common/src/Interop/Windows/Crypt32/Interop.certificates_types.cs b/src/libraries/Common/src/Interop/Windows/Crypt32/Interop.certificates_types.cs
@@ -86,16 +86,6 @@ internal static partial class CertChainPolicyErrors
             internal const uint CERT_E_ROLE = 0x800B0103;
         }
 
-        [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
-        internal struct CERT_CONTEXT
-        {
-            internal uint dwCertEncodingType;
-            internal IntPtr pbCertEncoded;
-            internal uint cbCertEncoded;
-            internal IntPtr pCertInfo;
-            internal IntPtr hCertStore;
-        }
-
         [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
         internal unsafe struct SSL_EXTRA_CERT_CHAIN_POLICY_PARA
         {

diff --git a/src/libraries/Common/src/Interop/Windows/SspiCli/ISSPIInterface.cs b/src/libraries/Common/src/Interop/Windows/SspiCli/ISSPIInterface.cs
@@ -13,7 +13,7 @@ internal interface ISSPIInterface
         SecurityPackageInfoClass[]? SecurityPackages { get; set; }
         int EnumerateSecurityPackages(out int pkgnum, out SafeFreeContextBuffer pkgArray);
         int AcquireCredentialsHandle(string moduleName, Interop.SspiCli.CredentialUse usage, ref SafeSspiAuthDataHandle authdata, out SafeFreeCredentials outCredential);
-        int AcquireCredentialsHandle(string moduleName, Interop.SspiCli.CredentialUse usage, ref Interop.SspiCli.SCHANNEL_CRED authdata, out SafeFreeCredentials outCredential);
+        unsafe int AcquireCredentialsHandle(string moduleName, Interop.SspiCli.CredentialUse usage, Interop.SspiCli.SCHANNEL_CRED* authdata, out SafeFreeCredentials outCredential);
         unsafe int AcquireCredentialsHandle(string moduleName, Interop.SspiCli.CredentialUse usage, Interop.SspiCli.SCH_CREDENTIALS* authdata, out SafeFreeCredentials outCredential);
         int AcquireDefaultCredential(string moduleName, Interop.SspiCli.CredentialUse usage, out SafeFreeCredentials outCredential);
         int AcceptSecurityContext(SafeFreeCredentials? credential, ref SafeDeleteSslContext? context, InputSecurityBuffers inputBuffers, Interop.SspiCli.ContextFlags inFlags, Interop.SspiCli.Endianness endianness, ref SecurityBuffer outputBuffer, ref Interop.SspiCli.ContextFlags outFlags);

diff --git a/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.SSPI.cs b/src/libraries/Common/src/Interop/Windows/SspiCli/Interop.SSPI.cs
@@ -172,21 +172,14 @@ internal unsafe struct SecPkgContext_IssuerListInfoEx
         }
 
         [StructLayout(LayoutKind.Sequential)]
-        internal struct SCHANNEL_CRED
+        internal unsafe struct SCHANNEL_CRED
         {
             public const int CurrentVersion = 0x4;
 
             public int dwVersion;
             public int cCreds;
 
-            // ptr to an array of pointers
-            // There is a hack done with this field.  AcquireCredentialsHandle requires an array of
-            // certificate handles; we only ever use one.  In order to avoid pinning a one element array,
-            // we copy this value onto the stack, create a pointer on the stack to the copied value,
-            // and replace this field with the pointer, during the call to AcquireCredentialsHandle.
-            // Then we fix it up afterwards.  Fine as long as all the SSPI credentials are not
-            // supposed to be threadsafe.
-            public IntPtr paCred;
+            public Crypt32.CERT_CONTEXT** paCred;
 
             public IntPtr hRootStore;               // == always null, OTHERWISE NOT RELIABLE
             public int cMappers;
@@ -223,9 +216,7 @@ internal unsafe struct SCH_CREDENTIALS
             public int dwCredformat;
             public int cCreds;
 
-            // This is pointer to arry of CERT_CONTEXT*
-            // We do not use it directly in .NET. Instead, we wrap returned OS pointer in safe handle.
-            public void* paCred;
+            public Crypt32.CERT_CONTEXT** paCred;
 
             public IntPtr hRootStore;               // == always null, OTHERWISE NOT RELIABLE
             public int cMappers;
@@ -423,7 +414,7 @@ internal static extern unsafe int AcquireCredentialsHandleW(
                   [In] string moduleName,
                   [In] int usage,
                   [In] void* logonID,
-                  [In] ref SCHANNEL_CRED authData,
+                  [In] SCHANNEL_CRED* authData,
                   [In] void* keyCallback,
                   [In] void* keyArgument,
                   ref CredHandle handlePtr,

diff --git a/src/libraries/Common/src/Interop/Windows/SspiCli/SSPIAuthType.cs b/src/libraries/Common/src/Interop/Windows/SspiCli/SSPIAuthType.cs
@@ -40,9 +40,9 @@ public int AcquireDefaultCredential(string moduleName, Interop.SspiCli.Credentia
             return SafeFreeCredentials.AcquireDefaultCredential(moduleName, usage, out outCredential);
         }
 
-        public int AcquireCredentialsHandle(string moduleName, Interop.SspiCli.CredentialUse usage, ref Interop.SspiCli.SCHANNEL_CRED authdata, out SafeFreeCredentials outCredential)
+        public unsafe int AcquireCredentialsHandle(string moduleName, Interop.SspiCli.CredentialUse usage, Interop.SspiCli.SCHANNEL_CRED* authdata, out SafeFreeCredentials outCredential)
         {
-            return SafeFreeCredentials.AcquireCredentialsHandle(moduleName, usage, ref authdata, out outCredential);
+            return SafeFreeCredentials.AcquireCredentialsHandle(moduleName, usage, authdata, out outCredential);
         }
 
         public unsafe int AcquireCredentialsHandle(string moduleName, Interop.SspiCli.CredentialUse usage, Interop.SspiCli.SCH_CREDENTIALS* authdata, out SafeFreeCredentials outCredential)

diff --git a/src/libraries/Common/src/Interop/Windows/SspiCli/SSPISecureChannelType.cs b/src/libraries/Common/src/Interop/Windows/SspiCli/SSPISecureChannelType.cs
@@ -40,9 +40,9 @@ public int AcquireDefaultCredential(string moduleName, Interop.SspiCli.Credentia
             return SafeFreeCredentials.AcquireDefaultCredential(moduleName, usage, out outCredential);
         }
 
-        public int AcquireCredentialsHandle(string moduleName, Interop.SspiCli.CredentialUse usage, ref Interop.SspiCli.SCHANNEL_CRED authdata, out SafeFreeCredentials outCredential)
+        public unsafe int AcquireCredentialsHandle(string moduleName, Interop.SspiCli.CredentialUse usage, Interop.SspiCli.SCHANNEL_CRED* authdata, out SafeFreeCredentials outCredential)
         {
-            return SafeFreeCredentials.AcquireCredentialsHandle(moduleName, usage, ref authdata, out outCredential);
+            return SafeFreeCredentials.AcquireCredentialsHandle(moduleName, usage, authdata, out outCredential);
         }
 
         public unsafe int AcquireCredentialsHandle(string moduleName, Interop.SspiCli.CredentialUse usage, Interop.SspiCli.SCH_CREDENTIALS* authdata, out SafeFreeCredentials outCredential)

diff --git a/src/libraries/Common/src/Interop/Windows/SspiCli/SSPIWrapper.cs b/src/libraries/Common/src/Interop/Windows/SspiCli/SSPIWrapper.cs
@@ -108,12 +108,12 @@ public static SafeFreeCredentials AcquireCredentialsHandle(ISSPIInterface secMod
             return credentialsHandle;
         }
 
-        public static SafeFreeCredentials AcquireCredentialsHandle(ISSPIInterface secModule, string package, Interop.SspiCli.CredentialUse intent, Interop.SspiCli.SCHANNEL_CRED scc)
+        public static unsafe SafeFreeCredentials AcquireCredentialsHandle(ISSPIInterface secModule, string package, Interop.SspiCli.CredentialUse intent, Interop.SspiCli.SCHANNEL_CRED* scc)
         {
             int errorCode = secModule.AcquireCredentialsHandle(
                                             package,
                                             intent,
-                                            ref scc,
+                                            scc,
                                             out SafeFreeCredentials outCredential);
 
             if (errorCode != 0)

diff --git a/src/libraries/Common/src/Interop/Windows/SspiCli/SecuritySafeHandles.cs b/src/libraries/Common/src/Interop/Windows/SspiCli/SecuritySafeHandles.cs
@@ -257,40 +257,24 @@ public static unsafe int AcquireCredentialsHandle(
         public static unsafe int AcquireCredentialsHandle(
             string package,
             Interop.SspiCli.CredentialUse intent,
-            ref Interop.SspiCli.SCHANNEL_CRED authdata,
+            Interop.SspiCli.SCHANNEL_CRED* authdata,
             out SafeFreeCredentials outCredential)
         {
             int errorCode = -1;
             long timeStamp;
 
-            // If there is a certificate, wrap it into an array.
-            // Not threadsafe.
-            IntPtr copiedPtr = authdata.paCred;
-            try
-            {
-                IntPtr certArrayPtr = new IntPtr(&copiedPtr);
-                if (copiedPtr != IntPtr.Zero)
-                {
-                    authdata.paCred = certArrayPtr;
-                }
-
-                outCredential = new SafeFreeCredential_SECURITY();
+            outCredential = new SafeFreeCredential_SECURITY();
 
-                errorCode = Interop.SspiCli.AcquireCredentialsHandleW(
+            errorCode = Interop.SspiCli.AcquireCredentialsHandleW(
                                 null,
                                 package,
                                 (int)intent,
                                 null,
-                                ref authdata,
+                                authdata,
                                 null,
                                 null,
                                 ref outCredential._handle,
                                 out timeStamp);
-            }
-            finally
-            {
-                authdata.paCred = copiedPtr;
-            }
 
             if (NetEventSource.Log.IsEnabled()) NetEventSource.Verbose(null, $"{nameof(Interop.SspiCli.AcquireCredentialsHandleW)} returns 0x{errorCode:x}, handle = {outCredential}");
 

diff --git a/src/libraries/System.Net.Http.WinHttpHandler/src/System.Net.Http.WinHttpHandler.csproj b/src/libraries/System.Net.Http.WinHttpHandler/src/System.Net.Http.WinHttpHandler.csproj
@@ -17,6 +17,20 @@
   <ItemGroup Condition="'$(TargetsWindows)' == 'true'" >
     <Compile Include="$(CommonPath)\Interop\Windows\Interop.Libraries.cs"
              Link="Common\Interop\Windows\Interop.Libraries.cs" />
+    <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CERT_CONTEXT.cs"
+             Link="Common\Interop\Windows\Crypt32\Interop.CERT_CONTEXT.cs" />
+    <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CERT_INFO.cs"
+             Link="Common\Interop\Windows\Crypt32\Interop.CERT_INFO.cs" />
+    <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CERT_PUBLIC_KEY_INFO.cs"
+             Link="Common\Interop\Windows\Crypt32\Interop.CERT_PUBLIC_KEY_INFO.cs" />
+    <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CRYPT_ALGORITHM_IDENTIFIER.cs"
+             Link="Common\Interop\Windows\Crypt32\Interop.Interop.CRYPT_ALGORITHM_IDENTIFIER.cs" />
+    <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CRYPT_BIT_BLOB.cs"
+             Link="Common\Interop\Windows\Crypt32\Interop.Interop.CRYPT_BIT_BLOB.cs" />
+    <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.DATA_BLOB.cs"
+             Link="Common\Interop\Windows\Crypt32\Interop.DATA_BLOB.cs" />
+    <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.MsgEncodingType.cs"
+             Link="Common\Interop\Windows\Crypt32\Interop.Interop.MsgEncodingType.cs" />
     <Compile Include="$(CommonPath)\Interop\Windows\Crypt32\Interop.CertEnumCertificatesInStore.cs"
              Link="Common\Interop\Windows\Crypt32\Interop.CertEnumCertificatesInStore.cs" />
     <Compile Include="$(CommonPath)\Interop\Windows\Crypt32\Interop.certificates_types.cs"

diff --git a/src/libraries/System.Net.Http.WinHttpHandler/tests/UnitTests/FakeInterop.cs b/src/libraries/System.Net.Http.WinHttpHandler/tests/UnitTests/FakeInterop.cs
@@ -20,6 +20,34 @@ internal static partial class Interop
 {
     internal static partial class Crypt32
     {
+        [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+        internal unsafe struct CERT_CHAIN_POLICY_PARA
+        {
+            public uint cbSize;
+            public uint dwFlags;
+            public void* pvExtraPolicyPara;
+        }
+
+        [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+        internal unsafe struct CERT_CHAIN_POLICY_STATUS
+        {
+            public uint cbSize;
+            public uint dwError;
+            public int lChainIndex;
+            public int lElementIndex;
+            public void* pvExtraPolicyStatus;
+        }
+
+        [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+        internal struct CERT_CONTEXT
+        {
+            internal uint dwCertEncodingType;
+            internal IntPtr pbCertEncoded;
+            internal uint cbCertEncoded;
+            internal IntPtr pCertInfo;
+            internal IntPtr hCertStore;
+        }
+
         public static bool CertFreeCertificateContext(IntPtr certContext)
         {
             return true;
@@ -33,6 +61,7 @@ public static bool CertVerifyCertificateChainPolicy(
         {
             return true;
         }
+
     }
 
     internal static partial class Kernel32

diff --git a/src/libraries/System.Net.Http.WinHttpHandler/tests/UnitTests/FakeX509Certificates.cs b/src/libraries/System.Net.Http.WinHttpHandler/tests/UnitTests/FakeX509Certificates.cs
@@ -3,8 +3,27 @@
 
 using System.Diagnostics;
 using System.Net.Http.WinHttpHandlerUnitTests;
+using System.Net.Security;
 using System.Security.Cryptography.X509Certificates;
 
+namespace System.Net.Http
+{
+    internal static class WinHttpCertificateHelper
+    {
+        public static void BuildChain(
+            X509Certificate2 certificate,
+            X509Certificate2Collection remoteCertificateStore,
+            string hostName,
+            bool checkCertificateRevocationList,
+            out X509Chain chain,
+            out SslPolicyErrors sslPolicyErrors)
+        {
+            chain = null;
+            sslPolicyErrors = SslPolicyErrors.None;
+        }
+    }
+}
+
 namespace System.Security.Cryptography.X509Certificates
 {
     public class X509Store : IDisposable

diff --git a/....Net.Http.WinHttpHandler/tests/UnitTests/System.Net.Http.WinHttpHandler.Unit.Tests.csproj b/....Net.Http.WinHttpHandler/tests/UnitTests/System.Net.Http.WinHttpHandler.Unit.Tests.csproj
@@ -17,8 +17,6 @@
              Link="Common\Interop\Windows\Interop.Libraries.cs" />
     <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CertEnumCertificatesInStore.cs"
              Link="Common\Interop\Windows\Crypt32\Interop.CertEnumCertificatesInStore.cs" />
-    <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.certificates_types.cs"
-             Link="Common\Interop\Windows\Crypt32\Interop.certificates_types.cs" />
     <Compile Include="$(CommonPath)Interop\Windows\Interop.HRESULT_FROM_WIN32.cs"
              Link="Common\Interop\Windows\Interop.HRESULT_FROM_WIN32.cs" />
     <Compile Include="$(CommonPath)Interop\Windows\SChannel\UnmanagedCertificateContext.IntPtr.cs"
@@ -65,8 +63,6 @@
              Link="ProductionCode\NoWriteNoSeekStreamContent.cs" />
     <Compile Include="..\..\src\System\Net\Http\WinHttpAuthHelper.cs"
              Link="ProductionCode\WinHttpAuthHelper.cs" />
-    <Compile Include="..\..\src\System\Net\Http\WinHttpCertificateHelper.cs"
-             Link="ProductionCode\WinHttpCertificateHelper.cs" />
     <Compile Include="..\..\src\System\Net\Http\WinHttpChannelBinding.cs"
              Link="ProductionCode\WinHttpChannelBinding.cs" />
     <Compile Include="..\..\src\System\Net\Http\WinHttpCookieContainerAdapter.cs"

diff --git a/src/libraries/System.Net.Http/src/System.Net.Http.csproj b/src/libraries/System.Net.Http/src/System.Net.Http.csproj
@@ -431,20 +431,28 @@
              Link="Common\Interop\Windows\Interop.Libraries.cs" />
     <Compile Include="$(CommonPath)Interop\Windows\Interop.UNICODE_STRING.cs"
             Link="Common\Interop\Windows\Interop.UNICODE_STRING.cs" />
-    <Compile Include="$(CommonPath)\Interop\Windows\Crypt32\Interop.CertEnumCertificatesInStore.cs"
-             Link="Common\Interop\Windows\Crypt32\Interop.CertEnumCertificatesInStore.cs" />
-    <Compile Include="$(CommonPath)\Interop\Windows\Crypt32\Interop.certificates_types.cs"
-             Link="Common\Interop\Windows\Crypt32\Interop.certificates_types.cs" />
-    <Compile Include="$(CommonPath)\Interop\Windows\Crypt32\Interop.certificates.cs"
-             Link="Common\Interop\Windows\Crypt32\Interop.certificates.cs" />
+    <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CERT_CONTEXT.cs"
+             Link="Common\Interop\Windows\Crypt32\Interop.CERT_CONTEXT.cs" />
+    <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CERT_INFO.cs"
+             Link="Common\Interop\Windows\Crypt32\Interop.CERT_INFO.cs" />
+    <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CERT_PUBLIC_KEY_INFO.cs"
+             Link="Common\Interop\Windows\Crypt32\Interop.CERT_PUBLIC_KEY_INFO.cs" />
+    <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CRYPT_ALGORITHM_IDENTIFIER.cs"
+             Link="Common\Interop\Windows\Crypt32\Interop.Interop.CRYPT_ALGORITHM_IDENTIFIER.cs" />
+    <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CRYPT_BIT_BLOB.cs"
+             Link="Common\Interop\Windows\Crypt32\Interop.Interop.CRYPT_BIT_BLOB.cs" />
+    <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.DATA_BLOB.cs"
+             Link="Common\Interop\Windows\Crypt32\Interop.DATA_BLOB.cs" />
+    <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.MsgEncodingType.cs"
+             Link="Common\Interop\Windows\Crypt32\Interop.Interop.MsgEncodingType.cs" />
+    <Compile Include="$(CommonPath)Interop\Windows\Crypt32\Interop.CertFreeCertificateContext.cs"
+             Link="Common\Interop\Windows\Crypt32\Interop.Interop.CertFreeCertificateContext.cs" />
     <Compile Include="$(CommonPath)Interop\Windows\Kernel32\Interop.FormatMessage.cs"
              Link="Common\Interop\Windows\Kernel32\Interop.FormatMessage.cs" />
     <Compile Include="$(CommonPath)\Interop\Windows\Kernel32\Interop.GetModuleHandle.cs"
              Link="Common\Interop\Windows\Kernel32\Interop.GetModuleHandle.cs" />
     <Compile Include="$(CommonPath)\Interop\Windows\Interop.HRESULT_FROM_WIN32.cs"
              Link="Common\Interop\Windows\Interop.HRESULT_FROM_WIN32.cs" />
-    <Compile Include="$(CommonPath)\Interop\Windows\SChannel\UnmanagedCertificateContext.IntPtr.cs"
-             Link="Common\Interop\Windows\SChannel\UnmanagedCertificateContext.IntPtr.cs" />
     <Compile Include="$(CommonPath)\Interop\Windows\WinHttp\Interop.SafeWinHttpHandle.cs"
              Link="Common\Interop\Windows\WinHttp\Interop.SafeWinHttpHandle.cs" />
     <Compile Include="$(CommonPath)\Interop\Windows\WinHttp\Interop.winhttp_types.cs"
@@ -473,12 +481,8 @@
              Link="Common\System\Net\Security\CertificateHelper.Windows.cs" />
     <Compile Include="$(CommonPath)\System\Runtime\ExceptionServices\ExceptionStackTrace.cs"
              Link="Common\System\Runtime\ExceptionServices\ExceptionStackTrace.cs" />
-    <Compile Include="$(CommonPath)\System\Threading\Tasks\RendezvousAwaitable.cs"
-             Link="Common\System\Threading\Tasks\RendezvousAwaitable.cs" />
     <Compile Include="$(CommonPath)System\Threading\Tasks\TaskToApm.cs"
              Link="Common\System\Threading\Tasks\TaskToApm.cs" />
-    <Compile Include="$(CommonPath)Interop\Windows\SChannel\Interop.SecPkgContext_ApplicationProtocol.cs"
-             Link="Common\Interop\Windows\SChannel\Interop.SecPkgContext_ApplicationProtocol.cs" />
     <Compile Include="$(CommonPath)System\Net\Security\SecurityBuffer.Windows.cs"
              Link="Common\System\Net\Security\SecurityBuffer.Windows.cs" />
     <Compile Include="$(CommonPath)System\Net\Security\SecurityBufferType.Windows.cs"
@@ -505,8 +509,6 @@
              Link="Common\Interop\Windows\SspiCli\SecPkgContext_NegotiationInfoW.cs" />
     <Compile Include="$(CommonPath)Interop\Windows\SspiCli\NegotiationInfoClass.cs"
              Link="Common\Interop\Windows\SspiCli\NegotiationInfoClass.cs" />
-    <Compile Include="$(CommonPath)Interop\Windows\SChannel\SecPkgContext_ConnectionInfo.cs"
-             Link="Common\Interop\Windows\SChannel\SecPkgContext_ConnectionInfo.cs" />
     <Compile Include="$(CommonPath)Interop\Windows\SChannel\SecPkgContext_CipherInfo.cs"
              Link="Common\Interop\Windows\SChannel\SecPkgContext_CipherInfo.cs" />
     <Compile Include="$(CommonPath)Interop\Windows\SspiCli\SSPISecureChannelType.cs"