Version set to 1.0-alpha12

(Hopefully resolving issue with Radiator)

.gitmodules

@@ -4,3 +4,6 @@
 [submodule "lib/WinStd"]
 	path = lib/WinStd
 	url = https://github.com/Amebis/WinStd.git
+[submodule "lib/wxExtend"]
+	path = lib/wxExtend
+	url = https://github.com/Amebis/wxExtend.git

CredWrite/Main.cpp

@@ -23,7 +23,7 @@
 using namespace std;
 using namespace winstd;
 
-eap::module g_module(eap::type_undefined);
+eap::module g_module;
 
 
 static int CredWrite()
@@ -81,28 +81,25 @@ static int CredWrite()
     }
 
     // Write credentials.
-    EAP_ERROR *pEapError = NULL;
 #ifdef _DEBUG
     {
         eap::credentials_pap cred_stored(g_module);
-        if (!cred_stored.retrieve(target_name.c_str(), &pEapError)) {
-            if (pEapError) {
-                OutputDebugStr(_T("%ls (error %u)\n"), pEapError->pRootCauseString, pEapError->dwWinError);
-                g_module.free_error_memory(pEapError);
-                pEapError = NULL;
-            } else
-                OutputDebugStr(_T("Reading credentials failed.\n"));
+        try {
+            cred_stored.retrieve(target_name.c_str());
+        } catch(win_runtime_error &err) {
+            OutputDebugStr(_T("%hs (error %u)\n"), err.what(), err.number());
+        } catch(...) {
+            OutputDebugStr(_T("Reading credentials failed.\n"));
         }
     }
 #endif
-    if (!cred.store(target_name.c_str(), &pEapError)) {
-        if (pEapError) {
-            OutputDebugStr(_T("%ls (error %u)\n"), pEapError->pRootCauseString, pEapError->dwWinError);
-            g_module.free_error_memory(pEapError);
-            pEapError = NULL;
-        } else
-            OutputDebugStr(_T("Writing credentials failed.\n"));
-
+    try {
+        cred.store(target_name.c_str());
+    } catch(win_runtime_error &err) {
+        OutputDebugStr(_T("%hs (error %u)\n"), err.what(), err.number());
+        return 2;
+    } catch(...) {
+        OutputDebugStr(_T("Writing credentials failed.\n"));
         return 2;
     }
 

CredWrite/StdAfx.h

@@ -20,6 +20,7 @@
 
 #pragma once
 
+#include "../lib/PAP/include/Config.h"
 #include "../lib/PAP/include/Credentials.h"
 #include "../lib/EAPBase/include/Module.h"
 

EAPMethods/EAPTTLS/StdAfx.h

@@ -20,5 +20,5 @@
 
 #pragma once
 
+#include "../../lib/TTLS/include/Method.h"
 #include "../../lib/TTLS/include/Module.h"
-#include "../../lib/TTLS/include/Session.h"

EAPMethods/locale/EAPMethods.pot

@@ -2,7 +2,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: EAPMethods\n"
-"POT-Creation-Date: 2016-06-10 12:06+0200\n"
+"POT-Creation-Date: 2016-08-25 10:43+0200\n"
 "PO-Revision-Date: 2016-06-02 12:27+0200\n"
 "Last-Translator: Simon Rozman <simon.rozman@amebis.si>\n"
 "Language-Team: Amebis, d. o. o., Kamnik <info@amebis.si>\n"
@@ -11,8 +11,6 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "X-Generator: Poedit 1.8.8\n"
 "X-Poedit-Basepath: ../..\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"Language: en_US\n"
 "X-Poedit-SourceCharset: UTF-8\n"
 "X-Poedit-KeywordsList: _\n"
 "X-Poedit-SearchPath-0: lib/EAPBase_UI\n"
@@ -21,70 +19,203 @@ msgstr ""
 "X-Poedit-SearchPath-3: lib/TTLS_UI\n"
 "X-Poedit-SearchPath-4: EAPMethods\n"
 
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:123 lib/EAPBase_UI/res/wxEAP_UI.cpp:200
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:37
+msgid "Advanced..."
+msgstr ""
+
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:38
+msgid "Opens dialog with provider settings"
+msgstr ""
+
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:174 lib/EAPBase_UI/res/wxEAP_UI.cpp:296
 msgid "Client Credentials"
 msgstr ""
 
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:134
-msgid "Manage your credentials stored in Windows Credential Manager."
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:185
+msgid "Manage credentials used to connect."
 msgstr ""
 
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:144
-msgid "Identity:"
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:198
+msgid "Use &own credentials:"
 msgstr ""
 
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:149
-msgid "Enter your user name here (user@domain.org, DOMAINUser, etc.)"
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:199
+msgid "Select this option if you have your unique credentials to connect"
 msgstr ""
 
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:159
-msgid "&Set Credentials..."
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:204
+msgid "Your credentials loaded from Windows Credential Manager"
 msgstr ""
 
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:160
-msgid "Click here to set or modify your credentials"
-msgstr ""
-
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:164
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:214
 msgid "&Clear Credentials"
 msgstr ""
 
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:165
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:215
 msgid ""
 "Click to clear your credentials from Credential Manager.\n"
 "Note: You will be prompted to enter credentials when connecting."
 msgstr ""
 
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:211
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:219 lib/EAPBase_UI/res/wxEAP_UI.cpp:252
+msgid "&Set Credentials..."
+msgstr ""
+
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:220 lib/EAPBase_UI/res/wxEAP_UI.cpp:253
+msgid "Click here to set or modify your credentials"
+msgstr ""
+
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:236
+msgid "Use &pre-shared credentials:"
+msgstr ""
+
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:237
+msgid "Select this options if all clients connect using the same credentials"
+msgstr ""
+
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:242
+msgid "Common (pre-shared) credentials"
+msgstr ""
+
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:307
 msgid "Please provide your user ID and password."
 msgstr ""
 
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:221
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:317
 msgid "User ID:"
 msgstr ""
 
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:226
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:322
 msgid "Enter your user name here (user@domain.org, DOMAIN\\User, etc.)"
 msgstr ""
 
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:230
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:326
 msgid "Password:"
 msgstr ""
 
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:235
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:331
 msgid "Enter your password here"
 msgstr ""
 
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:242 lib/TLS_UI/res/wxTLS_UI.cpp:164
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:338 lib/TLS_UI/res/wxTLS_UI.cpp:183
 msgid "&Remember"
 msgstr ""
 
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:243
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:339
 msgid "Check if you would like to save username and password"
 msgstr ""
 
-#: lib/PAP_UI/src/PAP_UI.cpp:41
-msgid "This method requires no additional settings."
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:361
+msgid "Your Organization"
+msgstr ""
+
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:372
+msgid "Describe your organization to customize user prompts.  When organization is introduced, end-users find program messages easier to understand and act."
+msgstr ""
+
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:379
+msgid "Your organization &name:"
+msgstr ""
+
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:384
+msgid "Your organization name as it will appear on helpdesk contact notifications"
+msgstr ""
+
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:388
+msgid "(Keep it short, please)"
+msgstr ""
+
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:398
+msgid "Helpdesk contact &information:"
+msgstr ""
+
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:408
+msgid "¶"
+msgstr ""
+
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:415
+msgid "Your helpdesk website address"
+msgstr ""
+
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:419
+msgid "*"
+msgstr ""
+
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:426
+msgid "Your helpdesk e-mail address"
+msgstr ""
+
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:430
+msgid ")"
+msgstr ""
+
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:437
+msgid "Your helpdesk phone number"
+msgstr ""
+
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:471
+msgid "Configuration Lock"
+msgstr ""
+
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:482
+msgid "Your configuration can be locked to prevent accidental modification by end-users. Users will only be allowed to enter credentials."
+msgstr ""
+
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:489
+msgid "&Lock this configuration and prevent any further modification via user interface."
+msgstr ""
+
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:492
+msgid "(Warning: Once locked, you can not revert using this dialog!)"
+msgstr ""
+
+#: lib/EAPBase_UI/src/EAP_UI.cpp:88
+#, c-format
+msgid "%s Credentials"
+msgstr ""
+
+#: lib/EAPBase_UI/src/EAP_UI.cpp:118
+#, c-format
+msgid "For additional help and instructions, please contact %s at:"
+msgstr ""
+
+#: lib/EAPBase_UI/src/EAP_UI.cpp:120
+#, c-format
+msgid "your %ls provider"
+msgstr ""
+
+#: lib/EAPBase_UI/src/EAP_UI.cpp:120
+msgid "your provider"
+msgstr ""
+
+#: lib/EAPBase_UI/src/EAP_UI.cpp:139
+msgid "Open the default web browser"
+msgstr ""
+
+#: lib/EAPBase_UI/src/EAP_UI.cpp:150
+msgid "Open your e-mail program"
+msgstr ""
+
+#: lib/EAPBase_UI/src/EAP_UI.cpp:161
+msgid "Dial the phone number"
+msgstr ""
+
+#: lib/EAPBase_UI/src/EAP_UI.cpp:180
+#, c-format
+msgid "%s has pre-set parts of this configuration. Those parts are locked to prevent accidental modification."
+msgstr ""
+
+#: lib/EAPBase_UI/src/EAP_UI.cpp:182
+#, c-format
+msgid "Your %ls provider"
+msgstr ""
+
+#: lib/EAPBase_UI/src/EAP_UI.cpp:182
+msgid "Your provider"
+msgstr ""
+
+#: lib/EAPBase_UI/src/EAP_UI.cpp:201
+msgid "Previous attempt to connect failed. Please, make sure your credentials are correct, or try again later."
 msgstr ""
 
 #: lib/TLS_UI/res/wxTLS_UI.cpp:17
@@ -132,11 +263,11 @@ msgid "Acceptable server &names:"
 msgstr ""
 
 #: lib/TLS_UI/res/wxTLS_UI.cpp:77
-msgid "A semicolon delimited list of acceptable server FQDN names; blank to skip name check; \"*\" wildchar allowed"
+msgid "A semicolon delimited list of acceptable server FQDN names; blank to skip name check; Unicode characters allowed"
 msgstr ""
 
 #: lib/TLS_UI/res/wxTLS_UI.cpp:81
-msgid "(Example: foo.bar.com;*.domain.org)"
+msgid "(Example: foo.bar.com;server2.bar.com)"
 msgstr ""
 
 #: lib/TLS_UI/res/wxTLS_UI.cpp:120
@@ -167,48 +298,59 @@ msgstr ""
 msgid "Client certificate to use for authentication"
 msgstr ""
 
-#: lib/TLS_UI/res/wxTLS_UI.cpp:165
+#: lib/TLS_UI/res/wxTLS_UI.cpp:167
+msgid "Custom &identity:"
+msgstr ""
+
+#: lib/TLS_UI/res/wxTLS_UI.cpp:172
+msgid "Your identity (username@domain) to override one from certificate; or blank to use one provided in certificate"
+msgstr ""
+
+#: lib/TLS_UI/res/wxTLS_UI.cpp:176
+msgid "(Example: user@contoso.com)"
+msgstr ""
+
+#: lib/TLS_UI/res/wxTLS_UI.cpp:184
 msgid "Check if you would like to save certificate selection"
 msgstr ""
 
-#: lib/TLS_UI/src/TLS_UI.cpp:199
+#: lib/TLS_UI/src/TLS_UI.cpp:118
 #, c-format
 msgid "Invalid character in host name found: %c"
 msgstr ""
 
-#: lib/TLS_UI/src/TLS_UI.cpp:199
+#: lib/TLS_UI/src/TLS_UI.cpp:118
 msgid "Validation conflict"
 msgstr ""
 
-#: lib/TLS_UI/src/TLS_UI.cpp:551
+#: lib/TLS_UI/src/TLS_UI.cpp:514
 msgid "Add Certificate"
 msgstr ""
 
-#: lib/TLS_UI/src/TLS_UI.cpp:552
+#: lib/TLS_UI/src/TLS_UI.cpp:515
 msgid "Certificate Files (*.cer;*.crt;*.der;*.p7b;*.pem)"
 msgstr ""
 
-#: lib/TLS_UI/src/TLS_UI.cpp:553
+#: lib/TLS_UI/src/TLS_UI.cpp:516
 msgid "X.509 Certificate Files (*.cer;*.crt;*.der;*.pem)"
 msgstr ""
 
-#: lib/TLS_UI/src/TLS_UI.cpp:554
+#: lib/TLS_UI/src/TLS_UI.cpp:517
 msgid "PKCS #7 Certificate Files (*.p7b)"
 msgstr ""
 
-#: lib/TLS_UI/src/TLS_UI.cpp:555
+#: lib/TLS_UI/src/TLS_UI.cpp:518
 msgid "All Files (*.*)"
 msgstr ""
 
-#: lib/TLS_UI/src/TLS_UI.cpp:571
+#: lib/TLS_UI/src/TLS_UI.cpp:534
 #, c-format
 msgid "Invalid or unsupported certificate file %s"
 msgstr ""
 
-#: lib/TLS_UI/src/TLS_UI.cpp:571
-#, fuzzy
+#: lib/TLS_UI/src/TLS_UI.cpp:534
 msgid "Error"
-msgstr "Napaka pri nalaganju knjižnice MSI.DLL (%1!ld!)."
+msgstr ""
 
 #: lib/TTLS_UI/res/wxTTLS_UI.cpp:17
 msgid "Outer Identity"
@@ -219,7 +361,7 @@ msgid "Select the user ID supplicant introduces itself as to authenticator:"
 msgstr ""
 
 #: lib/TTLS_UI/res/wxTTLS_UI.cpp:35
-msgid "&Same as inner identity"
+msgid "&True identity"
 msgstr ""
 
 #: lib/TTLS_UI/res/wxTTLS_UI.cpp:36
@@ -246,96 +388,93 @@ msgstr ""
 msgid "Custom outer identity to use"
 msgstr ""
 
-#: lib/TTLS_UI/src/TTLS_UI.cpp:92
-msgid "Outer Authentication"
+#: lib/TTLS_UI/src/Module.cpp:231 lib/TTLS_UI/src/Module.cpp:241
+#: lib/EAPBase_UI/include/EAP_UI.h:582
+#, c-format
+msgid "Error writing credentials to Credential Manager: %hs (error %u)"
 msgstr ""
 
-#: lib/TTLS_UI/src/TTLS_UI.cpp:105
+#: lib/TTLS_UI/src/Module.cpp:233 lib/TTLS_UI/src/Module.cpp:243
+#: lib/EAPBase_UI/include/EAP_UI.h:584
+msgid "Writing credentials failed."
+msgstr ""
+
+#: lib/TTLS_UI/src/TTLS_UI.cpp:108 lib/TTLS_UI/src/TTLS_UI.cpp:215
 msgid "Inner Authentication"
 msgstr ""
 
-#: lib/TTLS_UI/src/TTLS_UI.cpp:111
+#: lib/TTLS_UI/src/TTLS_UI.cpp:114
 msgid "Select inner authentication method from the list"
 msgstr ""
 
-#: lib/TTLS_UI/src/TTLS_UI.cpp:112
+#: lib/TTLS_UI/src/TTLS_UI.cpp:116
 msgid "PAP"
 msgstr ""
 
-#: lib/EAPBase_UI/include/EAP_UI.h:217
+#: lib/TTLS_UI/src/TTLS_UI.cpp:121 lib/TTLS_UI/src/TTLS_UI.cpp:236
+msgid "Outer Authentication"
+msgstr ""
+
+#: lib/EAPBase_UI/include/EAP_UI.h:253
+msgid "EAP Credentials"
+msgstr ""
+
+#: lib/EAPBase_UI/include/EAP_UI.h:422
+msgid "Provider Settings"
+msgstr ""
+
+#: lib/EAPBase_UI/include/EAP_UI.h:502 lib/EAPBase_UI/include/EAP_UI.h:529
 msgid "<blank>"
 msgstr ""
 
-#: lib/EAPBase_UI/include/EAP_UI.h:223
+#: lib/EAPBase_UI/include/EAP_UI.h:508
 #, c-format
 msgid "<error %u>"
 msgstr ""
 
-#: lib/EAPBase_UI/include/EAP_UI.h:246
+#: lib/EAPBase_UI/include/EAP_UI.h:568
+#, c-format
+msgid "Error reading credentials from Credential Manager: %hs (error %u)"
+msgstr ""
+
+#: lib/EAPBase_UI/include/EAP_UI.h:570
+msgid "Reading credentials failed."
+msgstr ""
+
+#: lib/EAPBase_UI/include/EAP_UI.h:595
 #, c-format
 msgid "Deleting credentials failed (error %u)."
 msgstr ""
 
-#: lib/EAPBase_UI/include/EAP_UI.h:300
-#, c-format
-msgid "Error reading credentials from Credential Manager: %ls (error %u)"
+#: lib/EAPBase_UI/include/EAP_UI.h:817
+msgid "<Your Organization>"
 msgstr ""
 
-#: lib/EAPBase_UI/include/EAP_UI.h:303
-#, c-format
-msgid "Reading credentials failed (error %u)."
-msgstr ""
-
-#: lib/EAPBase_UI/include/EAP_UI.h:318
-#, c-format
-msgid "Error writing credentials to Credential Manager: %ls (error %u)"
-msgstr ""
-
-#: lib/EAPBase_UI/include/EAP_UI.h:321
-#, c-format
-msgid "Writing credentials failed (error %u)."
-msgstr ""
-
-#: lib/EAPBase_UI/res/wxEAP_UI.h:56
+#: lib/EAPBase_UI/res/wxEAP_UI.h:60
 msgid "EAP Method Configuration"
 msgstr ""
 
-#: lib/EAPBase_UI/res/wxEAP_UI.h:81
-msgid "EAP Credentials"
-msgstr ""
-
-#: EAPMethods/MSIBuild/En.Win32.Debug.Feature-2.idtx:3
 #: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:3
-#: EAPMethods/MSIBuild/En.x64.Debug.Feature-2.idtx:3
 #: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:3
-#, fuzzy
 msgid "1252"
-msgstr "1250"
-
-#: EAPMethods/MSIBuild/En.Win32.Debug.Feature-2.idtx:4
-#: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:4
-#: EAPMethods/MSIBuild/En.x64.Debug.Feature-2.idtx:4
-#: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:4
-msgid "EAP Peer Methods"
 msgstr ""
 
-#: EAPMethods/MSIBuild/En.Win32.Debug.Feature-2.idtx:4
 #: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:4
-#: EAPMethods/MSIBuild/En.x64.Debug.Feature-2.idtx:4
+#: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:4
+msgid "EAP Methods"
+msgstr ""
+
+#: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:4
 #: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:4
 msgid "Modules to support individual EAP methods"
 msgstr ""
 
-#: EAPMethods/MSIBuild/En.Win32.Debug.Feature-2.idtx:5
 #: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:5
-#: EAPMethods/MSIBuild/En.x64.Debug.Feature-2.idtx:5
 #: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:5
 msgid "TTLS"
 msgstr ""
 
-#: EAPMethods/MSIBuild/En.Win32.Debug.Feature-2.idtx:5
 #: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:5
-#: EAPMethods/MSIBuild/En.x64.Debug.Feature-2.idtx:5
 #: EAPMethods/MSIBuild/En.x64.Release.Feature-2.idtx:5
 msgid "Tunneled Transport Layer Security"
 msgstr ""

EAPMethods/src/Main.cpp

@@ -23,10 +23,10 @@
 using namespace std;
 using namespace winstd;
 
+#pragma comment(lib, "Ws2_32.lib")
 
 #if EAPMETHOD_TYPE==21
 #define _EAPMETHOD_PEER    eap::peer_ttls
-#define _EAPMETHOD_SESSION eap::session_ttls
 #else
 #error Unknown EAP Method type.
 #endif
@@ -131,6 +131,9 @@ DWORD WINAPI EapPeerGetInfo(_In_ EAP_TYPE* pEapType, _Out_ EAP_PEER_METHOD_ROUTI
 }
 
 
+#pragma warning(push)
+#pragma warning(disable: 4702) // Compiler is smart enough to find out the initialize() method is empty => never throws an exception.
+
 ///
 /// Initializes an EAP peer method for EAPHost.
 ///
@@ -150,17 +153,23 @@ DWORD APIENTRY EapPeerInitialize(_Out_ EAP_ERROR **ppEapError)
 
     assert(!*ppEapError);
 
-    if (!g_peer.initialize(ppEapError)) {
-        if (*ppEapError) {
-            g_peer.log_error(*ppEapError);
-            dwResult = (*ppEapError)->dwWinError;
-        } else
-            dwResult = ERROR_INVALID_DATA;
+    try {
+        g_peer.initialize();
+    } catch (std::exception &err) {
+        g_peer.log_error(*ppEapError = g_peer.make_error(err));
+        dwResult = (*ppEapError)->dwWinError;
+    } catch (...) {
+        dwResult = ERROR_INVALID_DATA;
     }
 
     return dwResult;
 }
 
+#pragma warning(pop)
+
+
+#pragma warning(push)
+#pragma warning(disable: 4702) // Compiler is smart enough to find out the shutdown() method is empty => never throws an exception.
 
 ///
 /// Shuts down the EAP method and prepares to unload its corresponding DLL.
@@ -181,17 +190,20 @@ DWORD APIENTRY EapPeerShutdown(_Out_ EAP_ERROR **ppEapError)
 
     assert(!*ppEapError);
 
-    if (!g_peer.shutdown(ppEapError)) {
-        if (*ppEapError) {
-            g_peer.log_error(*ppEapError);
-            dwResult = (*ppEapError)->dwWinError;
-        } else
-            dwResult = ERROR_INVALID_DATA;
+    try {
+        g_peer.shutdown();
+    } catch (std::exception &err) {
+        g_peer.log_error(*ppEapError = g_peer.make_error(err));
+        dwResult = (*ppEapError)->dwWinError;
+    } catch (...) {
+        dwResult = ERROR_INVALID_DATA;
     }
 
     return dwResult;
 }
 
+#pragma warning(pop)
+
 
 ///
 /// Returns the user data and user identity after being called by EAPHost.
@@ -236,18 +248,13 @@ DWORD APIENTRY EapPeerGetIdentity(
     else if (!ppwszIdentity)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppwszIdentity is NULL.")));
     else {
-        _EAPMETHOD_PEER::config_type cfg(g_peer);
-        _EAPMETHOD_PEER::identity_type usr(g_peer);
-        if (!g_peer.unpack(cfg, pConnectionData, dwConnectionDataSize, ppEapError) ||
-            !g_peer.unpack(usr, pUserData, dwUserDataSize, ppEapError) ||
-            !g_peer.get_identity(dwFlags, cfg, usr, hTokenImpersonateUser, pfInvokeUI, ppwszIdentity, ppEapError) ||
-            !g_peer.pack(usr, ppUserDataOut, pdwUserDataOutSize, ppEapError))
-        {
-            if (*ppEapError) {
-                g_peer.log_error(*ppEapError);
-                dwResult = (*ppEapError)->dwWinError;
-            } else
-                dwResult = ERROR_INVALID_DATA;
+        try {
+            g_peer.get_identity(dwFlags, pConnectionData, dwConnectionDataSize, pUserData, dwUserDataSize, ppUserDataOut, pdwUserDataOutSize, hTokenImpersonateUser, pfInvokeUI, ppwszIdentity);
+        } catch (std::exception &err) {
+            g_peer.log_error(*ppEapError = g_peer.make_error(err));
+            dwResult = (*ppEapError)->dwWinError;
+        } catch (...) {
+            dwResult = ERROR_INVALID_DATA;
         }
     }
 
@@ -291,28 +298,14 @@ DWORD APIENTRY EapPeerBeginSession(
     else if (!phSession)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" phSession is NULL.")));
     else {
-        *phSession = NULL;
-
-        // Allocate new session.
-        unique_ptr<_EAPMETHOD_SESSION> session(new _EAPMETHOD_SESSION(g_peer));
-        if (!session) {
-            g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_OUTOFMEMORY, _T(" Error allocating memory for EAP session.")));
-            return dwResult;
+        try {
+            *phSession = g_peer.begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, pConnectionData, dwConnectionDataSize, pUserData, dwUserDataSize, dwMaxSendPacketSize);
+        } catch (std::exception &err) {
+            g_peer.log_error(*ppEapError = g_peer.make_error(err));
+            dwResult = (*ppEapError)->dwWinError;
+        } catch (...) {
+            dwResult = ERROR_INVALID_DATA;
         }
-
-        // Begin the session.
-        if (!g_peer.unpack(session->m_cfg, pConnectionData, dwConnectionDataSize, ppEapError) ||
-            !g_peer.unpack(session->m_id, pUserData, dwUserDataSize, ppEapError) ||
-            !session->begin(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize, ppEapError))
-        {
-            if (*ppEapError) {
-                g_peer.log_error(*ppEapError);
-                return dwResult = (*ppEapError)->dwWinError;
-            } else
-                return dwResult = ERROR_INVALID_DATA;
-        }
-
-        *phSession = session.release();
     }
 
     return dwResult;
@@ -324,7 +317,9 @@ DWORD APIENTRY EapPeerBeginSession(
 ///
 /// \sa [EapPeerEndSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363604.aspx)
 ///
-DWORD APIENTRY EapPeerEndSession(_In_ EAP_SESSION_HANDLE hSession, _Out_ EAP_ERROR **ppEapError)
+DWORD APIENTRY EapPeerEndSession(
+    _In_  EAP_SESSION_HANDLE hSession,
+    _Out_ EAP_ERROR          **ppEapError)
 {
     DWORD dwResult = ERROR_SUCCESS;
     event_fn_auto_ret<DWORD> event_auto(g_peer.get_event_fn_auto(__FUNCTION__, dwResult));
@@ -341,8 +336,14 @@ DWORD APIENTRY EapPeerEndSession(_In_ EAP_SESSION_HANDLE hSession, _Out_ EAP_ERR
     if (!hSession)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" hSession is NULL.")));
     else {
-        static_cast<_EAPMETHOD_SESSION*>(hSession)->end(ppEapError);
-        delete static_cast<_EAPMETHOD_SESSION*>(hSession);
+        try {
+            g_peer.end_session(hSession);
+        } catch (std::exception &err) {
+            g_peer.log_error(*ppEapError = g_peer.make_error(err));
+            dwResult = (*ppEapError)->dwWinError;
+        } catch (...) {
+            dwResult = ERROR_INVALID_DATA;
+        }
     }
 
     return dwResult;
@@ -375,17 +376,20 @@ DWORD APIENTRY EapPeerProcessRequestPacket(
 
     if (!hSession)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" hSession is NULL.")));
-    else if (!pReceivedPacket && dwReceivedPacketSize)
-        g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pReceivedPacket is NULL.")));
+    else if (!pReceivedPacket || dwReceivedPacketSize < 6)
+        g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pReceivedPacket is NULL or too short.")));
+    else if (pReceivedPacket->Data[0] != EAPMETHOD_TYPE)
+        g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, wstring_printf(_T(__FUNCTION__) _T(" Packet EAP type (%d) does not match the supported EAP type (%d)."), (int)pReceivedPacket->Data[0], (int)EAPMETHOD_TYPE).c_str()));
     else if (!pEapOutput)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pEapOutput is NULL.")));
     else {
-        if (!static_cast<_EAPMETHOD_SESSION*>(hSession)->process_request_packet(dwReceivedPacketSize, pReceivedPacket, pEapOutput, ppEapError)) {
-            if (*ppEapError) {
-                g_peer.log_error(*ppEapError);
-                dwResult = (*ppEapError)->dwWinError;
-            } else
-                dwResult = ERROR_INVALID_DATA;
+        try {
+            g_peer.process_request_packet(hSession, pReceivedPacket, dwReceivedPacketSize, pEapOutput);
+        } catch (std::exception &err) {
+            g_peer.log_error(*ppEapError = g_peer.make_error(err));
+            dwResult = (*ppEapError)->dwWinError;
+        } catch (...) {
+            dwResult = ERROR_INVALID_DATA;
         }
     }
 
@@ -423,12 +427,13 @@ DWORD APIENTRY EapPeerGetResponsePacket(
     else if (!pSendPacket && *pdwSendPacketSize)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pSendPacket is NULL.")));
     else {
-        if (!static_cast<_EAPMETHOD_SESSION*>(hSession)->get_response_packet(pdwSendPacketSize, pSendPacket, ppEapError)) {
-            if (*ppEapError) {
-                g_peer.log_error(*ppEapError);
-                dwResult = (*ppEapError)->dwWinError;
-            } else
-                dwResult = ERROR_INVALID_DATA;
+        try {
+            g_peer.get_response_packet(hSession, pSendPacket, pdwSendPacketSize);
+        } catch (std::exception &err) {
+            g_peer.log_error(*ppEapError = g_peer.make_error(err));
+            dwResult = (*ppEapError)->dwWinError;
+        } catch (...) {
+            dwResult = ERROR_INVALID_DATA;
         }
     }
 
@@ -441,7 +446,11 @@ DWORD APIENTRY EapPeerGetResponsePacket(
 ///
 /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
 ///
-DWORD APIENTRY EapPeerGetResult(_In_ EAP_SESSION_HANDLE hSession, _In_ EapPeerMethodResultReason reason, _Out_ EapPeerMethodResult *ppResult, _Out_ EAP_ERROR **ppEapError)
+DWORD APIENTRY EapPeerGetResult(
+    _In_  EAP_SESSION_HANDLE        hSession,
+    _In_  EapPeerMethodResultReason reason,
+    _Out_ EapPeerMethodResult       *ppResult,
+    _Out_ EAP_ERROR                 **ppEapError)
 {
     DWORD dwResult = ERROR_SUCCESS;
     event_fn_auto_ret<DWORD> event_auto(g_peer.get_event_fn_auto(__FUNCTION__, dwResult));
@@ -460,12 +469,13 @@ DWORD APIENTRY EapPeerGetResult(_In_ EAP_SESSION_HANDLE hSession, _In_ EapPeerMe
     else if (!ppResult)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppResult is NULL.")));
     else {
-        if (!static_cast<_EAPMETHOD_SESSION*>(hSession)->get_result(reason, ppResult, ppEapError)) {
-            if (*ppEapError) {
-                g_peer.log_error(*ppEapError);
-                dwResult = (*ppEapError)->dwWinError;
-            } else
-                dwResult = ERROR_INVALID_DATA;
+        try {
+            g_peer.get_result(hSession, reason, ppResult);
+        } catch (std::exception &err) {
+            g_peer.log_error(*ppEapError = g_peer.make_error(err));
+            dwResult = (*ppEapError)->dwWinError;
+        } catch (...) {
+            dwResult = ERROR_INVALID_DATA;
         }
     }
 
@@ -505,15 +515,13 @@ DWORD APIENTRY EapPeerGetUIContext(
     else if (!ppUIContextData)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppUIContextData is NULL.")));
     else {
-        _EAPMETHOD_SESSION::interactive_request_type req;
-        if (!static_cast<_EAPMETHOD_SESSION*>(hSession)->get_ui_context(req, ppEapError) ||
-            !g_peer.pack(req, ppUIContextData, pdwUIContextDataSize, ppEapError))
-        {
-            if (*ppEapError) {
-                g_peer.log_error(*ppEapError);
-                dwResult = (*ppEapError)->dwWinError;
-            } else
-                dwResult = ERROR_INVALID_DATA;
+        try {
+            g_peer.get_ui_context(hSession, ppUIContextData, pdwUIContextDataSize);
+        } catch (std::exception &err) {
+            g_peer.log_error(*ppEapError = g_peer.make_error(err));
+            dwResult = (*ppEapError)->dwWinError;
+        } catch (...) {
+            dwResult = ERROR_INVALID_DATA;
         }
     }
 
@@ -554,15 +562,13 @@ DWORD APIENTRY EapPeerSetUIContext(
     else if (!pEapOutput)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pEapOutput is NULL.")));
     else {
-        _EAPMETHOD_SESSION::interactive_response_type res;
-        if (!g_peer.unpack(res, pUIContextData, dwUIContextDataSize, ppEapError) ||
-            !static_cast<_EAPMETHOD_SESSION*>(hSession)->set_ui_context(res, pEapOutput, ppEapError))
-        {
-            if (*ppEapError) {
-                g_peer.log_error(*ppEapError);
-                dwResult = (*ppEapError)->dwWinError;
-            } else
-                dwResult = ERROR_INVALID_DATA;
+        try {
+            g_peer.set_ui_context(hSession, pUIContextData, dwUIContextDataSize, pEapOutput);
+        } catch (std::exception &err) {
+            g_peer.log_error(*ppEapError = g_peer.make_error(err));
+            dwResult = (*ppEapError)->dwWinError;
+        } catch (...) {
+            dwResult = ERROR_INVALID_DATA;
         }
     }
 
@@ -575,7 +581,10 @@ DWORD APIENTRY EapPeerSetUIContext(
 ///
 /// \sa [EapPeerGetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363609.aspx)
 ///
-DWORD APIENTRY EapPeerGetResponseAttributes(_In_ EAP_SESSION_HANDLE hSession, _Out_ EapAttributes *pAttribs, _Out_ EAP_ERROR **ppEapError)
+DWORD APIENTRY EapPeerGetResponseAttributes(
+    _In_  EAP_SESSION_HANDLE hSession,
+    _Out_ EapAttributes      *pAttribs,
+    _Out_ EAP_ERROR          **ppEapError)
 {
     DWORD dwResult = ERROR_SUCCESS;
     event_fn_auto_ret<DWORD> event_auto(g_peer.get_event_fn_auto(__FUNCTION__, dwResult));
@@ -594,12 +603,13 @@ DWORD APIENTRY EapPeerGetResponseAttributes(_In_ EAP_SESSION_HANDLE hSession, _O
     else if (!pAttribs)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pAttribs is NULL.")));
     else {
-        if (!static_cast<_EAPMETHOD_SESSION*>(hSession)->get_response_attributes(pAttribs, ppEapError)) {
-            if (*ppEapError) {
-                g_peer.log_error(*ppEapError);
-                dwResult = (*ppEapError)->dwWinError;
-            } else
-                dwResult = ERROR_INVALID_DATA;
+        try {
+            g_peer.get_response_attributes(hSession, pAttribs);
+        } catch (std::exception &err) {
+            g_peer.log_error(*ppEapError = g_peer.make_error(err));
+            dwResult = (*ppEapError)->dwWinError;
+        } catch (...) {
+            dwResult = ERROR_INVALID_DATA;
         }
     }
 
@@ -612,7 +622,11 @@ DWORD APIENTRY EapPeerGetResponseAttributes(_In_ EAP_SESSION_HANDLE hSession, _O
 ///
 /// \sa [EapPeerSetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363625.aspx)
 ///
-DWORD APIENTRY EapPeerSetResponseAttributes(_In_ EAP_SESSION_HANDLE hSession, _In_ /*const*/ EapAttributes *pAttribs, _Out_ EapPeerMethodOutput *pEapOutput, _Out_ EAP_ERROR **ppEapError)
+DWORD APIENTRY EapPeerSetResponseAttributes(
+    _In_            EAP_SESSION_HANDLE  hSession,
+    _In_  /*const*/ EapAttributes       *pAttribs,
+    _Out_           EapPeerMethodOutput *pEapOutput,
+    _Out_           EAP_ERROR           **ppEapError)
 {
     DWORD dwResult = ERROR_SUCCESS;
     event_fn_auto_ret<DWORD> event_auto(g_peer.get_event_fn_auto(__FUNCTION__, dwResult));
@@ -631,12 +645,13 @@ DWORD APIENTRY EapPeerSetResponseAttributes(_In_ EAP_SESSION_HANDLE hSession, _I
     else if (!pEapOutput)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pEapOutput is NULL.")));
     else {
-        if (!static_cast<_EAPMETHOD_SESSION*>(hSession)->set_response_attributes(pAttribs, pEapOutput, ppEapError)) {
-            if (*ppEapError) {
-                g_peer.log_error(*ppEapError);
-                dwResult = (*ppEapError)->dwWinError;
-            } else
-                dwResult = ERROR_INVALID_DATA;
+        try {
+            g_peer.set_response_attributes(hSession, pAttribs, pEapOutput);
+        } catch (std::exception &err) {
+            g_peer.log_error(*ppEapError = g_peer.make_error(err));
+            dwResult = (*ppEapError)->dwWinError;
+        } catch (...) {
+            dwResult = ERROR_INVALID_DATA;
         }
     }
 
@@ -650,16 +665,16 @@ DWORD APIENTRY EapPeerSetResponseAttributes(_In_ EAP_SESSION_HANDLE hSession, _I
 /// \sa [EapPeerGetMethodProperties function](https://msdn.microsoft.com/en-us/library/windows/desktop/hh706636.aspx)
 ///
 DWORD WINAPI EapPeerGetMethodProperties(
-    _In_                                DWORD                     dwVersion,
-    _In_                                DWORD                     dwFlags,
-    _In_                                EAP_METHOD_TYPE           eapMethodType,
-    _In_                                HANDLE                    hUserImpersonationToken,
-    _In_                                DWORD                     dwEapConnDataSize,
-    _In_count_(dwEapConnDataSize) const BYTE                      *pEapConnData,
-    _In_                                DWORD                     dwUserDataSize,
-    _In_count_(dwUserDataSize)    const BYTE                      *pUserData,
-    _Out_                               EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray,
-    _Out_                               EAP_ERROR                 **ppEapError)
+    _In_                                   DWORD                     dwVersion,
+    _In_                                   DWORD                     dwFlags,
+    _In_                                   EAP_METHOD_TYPE           eapMethodType,
+    _In_                                   HANDLE                    hUserImpersonationToken,
+    _In_                                   DWORD                     dwConnectionDataSize,
+    _In_count_(dwConnectionDataSize) const BYTE                      *pConnectionData,
+    _In_                                   DWORD                     dwUserDataSize,
+    _In_count_(dwUserDataSize)       const BYTE                      *pUserData,
+    _Out_                                  EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray,
+    _Out_                                  EAP_ERROR                 **ppEapError)
 {
     DWORD dwResult = ERROR_SUCCESS;
     event_fn_auto_ret<DWORD> event_auto(g_peer.get_event_fn_auto(__FUNCTION__, dwResult));
@@ -677,31 +692,20 @@ DWORD WINAPI EapPeerGetMethodProperties(
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_NOT_SUPPORTED, wstring_printf(_T(__FUNCTION__) _T(" Input EAP type (%d) does not match the supported EAP type (%d)."), (int)eapMethodType.eapType.type, (int)EAPMETHOD_TYPE).c_str()));
     else if (eapMethodType.dwAuthorId != 67532)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_NOT_SUPPORTED, wstring_printf(_T(__FUNCTION__) _T(" EAP author (%d) does not match the supported author (%d)."), (int)eapMethodType.dwAuthorId, (int)67532).c_str()));
-    else if (!pEapConnData && dwEapConnDataSize)
-        g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pEapConnData is NULL.")));
+    else if (!pConnectionData && dwConnectionDataSize)
+        g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pConnectionData is NULL.")));
     else if (!pUserData && dwUserDataSize)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pUserData is NULL.")));
     else if (!pMethodPropertyArray)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pMethodPropertyArray is NULL.")));
     else {
-        _EAPMETHOD_PEER::config_type cfg(g_peer);
-        _EAPMETHOD_PEER::identity_type usr(g_peer);
-        if (!g_peer.unpack(cfg, pEapConnData, dwEapConnDataSize, ppEapError) ||
-            !g_peer.unpack(usr, pUserData, dwUserDataSize, ppEapError) ||
-            !g_peer.get_method_properties(
-                dwVersion,
-                dwFlags,
-                hUserImpersonationToken,
-                cfg,
-                usr,
-                pMethodPropertyArray,
-                ppEapError))
-        {
-            if (*ppEapError) {
-                g_peer.log_error(*ppEapError);
-                dwResult = (*ppEapError)->dwWinError;
-            } else
-                dwResult = ERROR_INVALID_DATA;
+        try {
+            g_peer.get_method_properties(dwVersion, dwFlags, hUserImpersonationToken, pConnectionData, dwConnectionDataSize, pUserData, dwUserDataSize, pMethodPropertyArray);
+        } catch (std::exception &err) {
+            g_peer.log_error(*ppEapError = g_peer.make_error(err));
+            dwResult = (*ppEapError)->dwWinError;
+        } catch (...) {
+            dwResult = ERROR_INVALID_DATA;
         }
     }
 
@@ -715,14 +719,14 @@ DWORD WINAPI EapPeerGetMethodProperties(
 /// \sa [EapPeerCredentialsXml2Blob function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363603.aspx)
 ///
 DWORD WINAPI EapPeerCredentialsXml2Blob(
-    _In_                             DWORD            dwFlags,
-    _In_                             EAP_METHOD_TYPE  eapMethodType,
-    _In_                             IXMLDOMDocument2 *pCredentialsDoc,
-    _In_count_(dwConfigInSize) const BYTE             *pConfigIn,
-    _In_                             DWORD            dwConfigInSize,
-    _Out_                            BYTE             **ppCredentialsOut,
-    _Out_                            DWORD            *pdwCredentialsOutSize,
-    _Out_                            EAP_ERROR        **ppEapError)
+    _In_                                   DWORD            dwFlags,
+    _In_                                   EAP_METHOD_TYPE  eapMethodType,
+    _In_                                   IXMLDOMDocument2 *pCredentialsDoc,
+    _In_count_(dwConnectionDataSize) const BYTE             *pConnectionData,
+    _In_                                   DWORD            dwConnectionDataSize,
+    _Out_                                  BYTE             **ppCredentialsOut,
+    _Out_                                  DWORD            *pdwCredentialsOutSize,
+    _Out_                                  EAP_ERROR        **ppEapError)
 {
     DWORD dwResult = ERROR_SUCCESS;
     event_fn_auto_ret<DWORD> event_auto(g_peer.get_event_fn_auto(__FUNCTION__, dwResult));
@@ -742,35 +746,29 @@ DWORD WINAPI EapPeerCredentialsXml2Blob(
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_NOT_SUPPORTED, wstring_printf(_T(__FUNCTION__) _T(" EAP author (%d) does not match the supported author (%d)."), (int)eapMethodType.dwAuthorId, (int)67532).c_str()));
     else if (!pCredentialsDoc)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pCredentialsDoc is NULL.")));
-    else if (!pConfigIn && dwConfigInSize)
-        g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pConfigIn is NULL.")));
+    else if (!pConnectionData && dwConnectionDataSize)
+        g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pConnectionData is NULL.")));
     else if (!ppCredentialsOut)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppCredentialsOut is NULL.")));
     else if (!pdwCredentialsOutSize)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pdwCredentialsOutSize is NULL.")));
     else {
-        UNREFERENCED_PARAMETER(dwFlags);
-        UNREFERENCED_PARAMETER(pConfigIn);
-        UNREFERENCED_PARAMETER(dwConfigInSize);
-
         // <Credentials>
         com_obj<IXMLDOMNode> pXmlElCredentials;
-        if ((dwResult = eapxml::select_node(pCredentialsDoc, bstr(L"//EapHostUserCredentials/Credentials"), &pXmlElCredentials)) != ERROR_SUCCESS) {
-            g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_NOT_FOUND, _T(__FUNCTION__) _T(" Error selecting <EapHostUserCredentials><Credentials> element."), _T("Please make sure credential XML is a valid ") _T(PRODUCT_NAME_STR) _T(" credential XML document.")));
+        if (FAILED(eapxml::select_node(pCredentialsDoc, bstr(L"//EapHostUserCredentials/Credentials"), &pXmlElCredentials))) {
+            g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_NOT_FOUND, _T(__FUNCTION__) _T(" Error selecting <EapHostUserCredentials><Credentials> element.")));
             return dwResult;
         }
 
         // Load credentials.
         pCredentialsDoc->setProperty(bstr(L"SelectionNamespaces"), variant(L"xmlns:eap-metadata=\"urn:ietf:params:xml:ns:yang:ietf-eap-metadata\""));
-        _EAPMETHOD_PEER::identity_type usr(g_peer);
-        if (!usr.load(pXmlElCredentials, ppEapError) ||
-            !g_peer.pack(usr, ppCredentialsOut, pdwCredentialsOutSize, ppEapError))
-        {
-            if (*ppEapError) {
-                g_peer.log_error(*ppEapError);
-                return dwResult = (*ppEapError)->dwWinError;
-            } else
-                return dwResult = ERROR_INVALID_DATA;
+        try {
+            g_peer.credentials_xml2blob(dwFlags, pXmlElCredentials, pConnectionData, dwConnectionDataSize, ppCredentialsOut, pdwCredentialsOutSize);
+        } catch (std::exception &err) {
+            g_peer.log_error(*ppEapError = g_peer.make_error(err));
+            dwResult = (*ppEapError)->dwWinError;
+        } catch (...) {
+            dwResult = ERROR_INVALID_DATA;
         }
     }
 
@@ -784,13 +782,13 @@ DWORD WINAPI EapPeerCredentialsXml2Blob(
 /// \sa [EapPeerQueryCredentialInputFields function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363622.aspx)
 ///
 DWORD WINAPI EapPeerQueryCredentialInputFields(
-    _In_                                HANDLE                       hUserImpersonationToken,
-    _In_                                EAP_METHOD_TYPE              eapMethodType,
-    _In_                                DWORD                        dwFlags,
-    _In_                                DWORD                        dwEapConnDataSize,
-    _In_count_(dwEapConnDataSize) const BYTE                         *pEapConnData,
-    _Out_                               EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldsArray,
-    _Out_                               EAP_ERROR                    **ppEapError)
+    _In_                                   HANDLE                       hUserImpersonationToken,
+    _In_                                   EAP_METHOD_TYPE              eapMethodType,
+    _In_                                   DWORD                        dwFlags,
+    _In_                                   DWORD                        dwConnectionDataSize,
+    _In_count_(dwConnectionDataSize) const BYTE                         *pConnectionData,
+    _Out_                                  EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldsArray,
+    _Out_                                  EAP_ERROR                    **ppEapError)
 {
     DWORD dwResult = ERROR_SUCCESS;
     event_fn_auto_ret<DWORD> event_auto(g_peer.get_event_fn_auto(__FUNCTION__, dwResult));
@@ -808,24 +806,18 @@ DWORD WINAPI EapPeerQueryCredentialInputFields(
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_NOT_SUPPORTED, wstring_printf(_T(__FUNCTION__) _T(" Input EAP type (%d) does not match the supported EAP type (%d)."), (int)eapMethodType.eapType.type, (int)EAPMETHOD_TYPE).c_str()));
     else if (eapMethodType.dwAuthorId != 67532)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_NOT_SUPPORTED, wstring_printf(_T(__FUNCTION__) _T(" EAP author (%d) does not match the supported author (%d)."), (int)eapMethodType.dwAuthorId, (int)67532).c_str()));
-    else if (!pEapConnData && dwEapConnDataSize)
-        g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pEapConnData is NULL.")));
+    else if (!pConnectionData && dwConnectionDataSize)
+        g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pConnectionData is NULL.")));
     else if (!pEapConfigInputFieldsArray)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pEapConfigInputFieldsArray is NULL.")));
     else {
-        if (!g_peer.query_credential_input_fields(
-            hUserImpersonationToken,
-            dwFlags,
-            dwEapConnDataSize,
-            pEapConnData,
-            pEapConfigInputFieldsArray,
-            ppEapError))
-        {
-            if (*ppEapError) {
-                g_peer.log_error(*ppEapError);
-                dwResult = (*ppEapError)->dwWinError;
-            } else
-                dwResult = ERROR_INVALID_DATA;
+        try {
+            g_peer.query_credential_input_fields(hUserImpersonationToken, dwFlags, dwConnectionDataSize, pConnectionData, pEapConfigInputFieldsArray);
+        } catch (std::exception &err) {
+            g_peer.log_error(*ppEapError = g_peer.make_error(err));
+            dwResult = (*ppEapError)->dwWinError;
+        } catch (...) {
+            dwResult = ERROR_INVALID_DATA;
         }
     }
 
@@ -839,15 +831,15 @@ DWORD WINAPI EapPeerQueryCredentialInputFields(
 /// \sa [EapPeerQueryUserBlobFromCredentialInputFields function](https://msdn.microsoft.com/en-us/library/windows/desktop/bb204697.aspx)
 ///
 DWORD WINAPI EapPeerQueryUserBlobFromCredentialInputFields(
-    _In_                                HANDLE                       hUserImpersonationToken,
-    _In_                                EAP_METHOD_TYPE              eapMethodType,
-    _In_                                DWORD                        dwFlags,
-    _In_                                DWORD                        dwEapConnDataSize,
-    _In_count_(dwEapConnDataSize) const BYTE                         *pEapConnData,
-    _In_                          const EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldArray,
-    _Inout_                             DWORD                        *pdwUsersBlobSize,
-    _Inout_                             BYTE                         **ppUserBlob,
-    _Out_                               EAP_ERROR                    **ppEapError)
+    _In_                                   HANDLE                       hUserImpersonationToken,
+    _In_                                   EAP_METHOD_TYPE              eapMethodType,
+    _In_                                   DWORD                        dwFlags,
+    _In_                                   DWORD                        dwConnectionDataSize,
+    _In_count_(dwConnectionDataSize) const BYTE                         *pConnectionData,
+    _In_                             const EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldArray,
+    _Inout_                                DWORD                        *pdwUsersBlobSize,
+    _Inout_                                BYTE                         **ppUserBlob,
+    _Out_                                  EAP_ERROR                    **ppEapError)
 {
     DWORD dwResult = ERROR_SUCCESS;
     event_fn_auto_ret<DWORD> event_auto(g_peer.get_event_fn_auto(__FUNCTION__, dwResult));
@@ -865,8 +857,8 @@ DWORD WINAPI EapPeerQueryUserBlobFromCredentialInputFields(
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_NOT_SUPPORTED, wstring_printf(_T(__FUNCTION__) _T(" Input EAP type (%d) does not match the supported EAP type (%d)."), (int)eapMethodType.eapType.type, (int)EAPMETHOD_TYPE).c_str()));
     else if (eapMethodType.dwAuthorId != 67532)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_NOT_SUPPORTED, wstring_printf(_T(__FUNCTION__) _T(" EAP author (%d) does not match the supported author (%d)."), (int)eapMethodType.dwAuthorId, (int)67532).c_str()));
-    else if (!pEapConnData && dwEapConnDataSize)
-        g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pEapConnData is NULL.")));
+    else if (!pConnectionData && dwConnectionDataSize)
+        g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pConnectionData is NULL.")));
     else if (!pEapConfigInputFieldArray)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pEapConfigInputFieldArray is NULL.")));
     else if (!pdwUsersBlobSize)
@@ -874,21 +866,13 @@ DWORD WINAPI EapPeerQueryUserBlobFromCredentialInputFields(
     else if (!ppUserBlob)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppUserBlob is NULL.")));
     else {
-        if (!g_peer.query_user_blob_from_credential_input_fields(
-            hUserImpersonationToken,
-            dwFlags,
-            dwEapConnDataSize,
-            pEapConnData,
-            pEapConfigInputFieldArray,
-            pdwUsersBlobSize,
-            ppUserBlob,
-            ppEapError))
-        {
-            if (*ppEapError) {
-                g_peer.log_error(*ppEapError);
-                dwResult = (*ppEapError)->dwWinError;
-            } else
-                dwResult = ERROR_INVALID_DATA;
+        try {
+            g_peer.query_user_blob_from_credential_input_fields(hUserImpersonationToken, dwFlags, dwConnectionDataSize, pConnectionData, pEapConfigInputFieldArray, pdwUsersBlobSize, ppUserBlob);
+        } catch (std::exception &err) {
+            g_peer.log_error(*ppEapError = g_peer.make_error(err));
+            dwResult = (*ppEapError)->dwWinError;
+        } catch (...) {
+            dwResult = ERROR_INVALID_DATA;
         }
     }
 
@@ -908,7 +892,7 @@ DWORD WINAPI EapPeerQueryInteractiveUIInputFields(
     _In_count_(dwUIContextDataSize) const BYTE                    *pUIContextData,
     _Out_                                 EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData,
     _Out_                                 EAP_ERROR               **ppEapError,
-    _Inout_                               LPVOID                  *pvReserved)
+    _Inout_                               LPVOID                  *ppvReserved)
 {
     DWORD dwResult = ERROR_SUCCESS;
     event_fn_auto_ret<DWORD> event_auto(g_peer.get_event_fn_auto(__FUNCTION__, dwResult));
@@ -929,20 +913,15 @@ DWORD WINAPI EapPeerQueryInteractiveUIInputFields(
     else if (!pEapInteractiveUIData)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pEapInteractiveUIData is NULL.")));
     else {
-        if (!g_peer.query_interactive_ui_input_fields(
-            dwVersion,
-            dwFlags,
-            dwUIContextDataSize,
-            pUIContextData,
-            pEapInteractiveUIData,
-            ppEapError,
-            pvReserved))
-        {
-            if (*ppEapError) {
-                g_peer.log_error(*ppEapError);
-                dwResult = (*ppEapError)->dwWinError;
-            } else
-                dwResult = ERROR_INVALID_DATA;
+        UNREFERENCED_PARAMETER(ppvReserved);
+
+        try {
+            g_peer.query_interactive_ui_input_fields(dwVersion, dwFlags, dwUIContextDataSize, pUIContextData, pEapInteractiveUIData);
+        } catch (std::exception &err) {
+            g_peer.log_error(*ppEapError = g_peer.make_error(err));
+            dwResult = (*ppEapError)->dwWinError;
+        } catch (...) {
+            dwResult = ERROR_INVALID_DATA;
         }
     }
 
@@ -987,22 +966,15 @@ DWORD WINAPI EapPeerQueryUIBlobFromInteractiveUIInputFields(
     else if (!ppDataFromInteractiveUI)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppDataFromInteractiveUI is NULL.")));
     else {
-        if (!g_peer.query_ui_blob_from_interactive_ui_input_fields(
-            dwVersion,
-            dwFlags,
-            dwUIContextDataSize,
-            pUIContextData,
-            pEapInteractiveUIData,
-            pdwDataFromInteractiveUISize,
-            ppDataFromInteractiveUI,
-            ppEapError,
-            ppvReserved))
-        {
-            if (*ppEapError) {
-                g_peer.log_error(*ppEapError);
-                dwResult = (*ppEapError)->dwWinError;
-            } else
-                dwResult = ERROR_INVALID_DATA;
+        UNREFERENCED_PARAMETER(ppvReserved);
+
+        try {
+            g_peer.query_ui_blob_from_interactive_ui_input_fields(dwVersion, dwFlags, dwUIContextDataSize, pUIContextData, pEapInteractiveUIData, pdwDataFromInteractiveUISize, ppDataFromInteractiveUI);
+        } catch (std::exception &err) {
+            g_peer.log_error(*ppEapError = g_peer.make_error(err));
+            dwResult = (*ppEapError)->dwWinError;
+        } catch (...) {
+            dwResult = ERROR_INVALID_DATA;
         }
     }
 

EAPMethods/src/Main_UI.cpp

@@ -103,8 +103,8 @@ DWORD WINAPI EapPeerConfigXml2Blob(
     _In_  DWORD            dwFlags,
     _In_  EAP_METHOD_TYPE  eapMethodType,
     _In_  IXMLDOMDocument2 *pConfigDoc,
-    _Out_ BYTE             **ppConfigOut,
-    _Out_ DWORD            *pdwConfigOutSize,
+    _Out_ BYTE             **pConnectionDataOut,
+    _Out_ DWORD            *pdwConnectionDataOutSize,
     _Out_ EAP_ERROR        **ppEapError)
 {
     DWORD dwResult = ERROR_SUCCESS;
@@ -125,32 +125,28 @@ DWORD WINAPI EapPeerConfigXml2Blob(
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_NOT_SUPPORTED, wstring_printf(_T(__FUNCTION__) _T(" EAP author (%d) does not match the supported author (%d)."), (int)eapMethodType.dwAuthorId, (int)67532).c_str()));
     else if (!pConfigDoc)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pConfigDoc is NULL.")));
-    else if (!ppConfigOut)
-        g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppConfigOut is NULL.")));
-    else if (!pdwConfigOutSize)
-        g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pdwConfigOutSize is NULL.")));
+    else if (!pConnectionDataOut)
+        g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pConnectionDataOut is NULL.")));
+    else if (!pdwConnectionDataOutSize)
+        g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pdwConnectionDataOutSize is NULL.")));
     else {
-        UNREFERENCED_PARAMETER(dwFlags);
-
         // <Config>
         pConfigDoc->setProperty(bstr(L"SelectionNamespaces"), variant(L"xmlns:eaphostconfig=\"http://www.microsoft.com/provisioning/EapHostConfig\""));
         com_obj<IXMLDOMElement> pXmlElConfig;
-        if ((dwResult = eapxml::select_element(pConfigDoc, bstr(L"//eaphostconfig:Config"), &pXmlElConfig)) != ERROR_SUCCESS) {
-            g_peer.log_error(*ppEapError = g_peer.make_error(dwResult, _T(__FUNCTION__) _T(" Error reading <Config> element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document.")));
+        if (FAILED(eapxml::select_element(pConfigDoc, bstr(L"//eaphostconfig:Config"), &pXmlElConfig))) {
+            g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" Error reading <Config> element.")));
             return dwResult;
         }
 
         // Load configuration.
         pConfigDoc->setProperty(bstr(L"SelectionNamespaces"), variant(L"xmlns:eap-metadata=\"urn:ietf:params:xml:ns:yang:ietf-eap-metadata\""));
-        _EAPMETHOD_PEER_UI::config_type cfg(g_peer);
-        if (!cfg.load(pXmlElConfig, ppEapError) ||
-            !g_peer.pack(cfg, ppConfigOut, pdwConfigOutSize, ppEapError))
-        {
-            if (*ppEapError) {
-                g_peer.log_error(*ppEapError);
-                return dwResult = (*ppEapError)->dwWinError;
-            } else
-                return dwResult = ERROR_INVALID_DATA;
+        try {
+            g_peer.config_xml2blob(dwFlags, pXmlElConfig, pConnectionDataOut, pdwConnectionDataOutSize);
+        } catch (std::exception &err) {
+            g_peer.log_error(*ppEapError = g_peer.make_error(err));
+            dwResult = (*ppEapError)->dwWinError;
+        } catch (...) {
+            dwResult = ERROR_INVALID_DATA;
         }
     }
 
@@ -166,12 +162,12 @@ DWORD WINAPI EapPeerConfigXml2Blob(
 /// \sa [EapPeerConfigBlob2Xml function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363601.aspx)
 ///
 DWORD WINAPI EapPeerConfigBlob2Xml(
-    _In_                             DWORD            dwFlags,
-    _In_                             EAP_METHOD_TYPE  eapMethodType,
-    _In_count_(dwConfigInSize) const BYTE             *pConfigIn,
-    _In_                             DWORD            dwConfigInSize,
-    _Out_                            IXMLDOMDocument2 **ppConfigDoc,
-    _Out_                            EAP_ERROR        **ppEapError)
+    _In_                                   DWORD            dwFlags,
+    _In_                                   EAP_METHOD_TYPE  eapMethodType,
+    _In_count_(dwConnectionDataSize) const BYTE             *pConnectionData,
+    _In_                                   DWORD            dwConnectionDataSize,
+    _Out_                                  IXMLDOMDocument2 **ppConfigDoc,
+    _Out_                                  EAP_ERROR        **ppEapError)
 {
     DWORD dwResult = ERROR_SUCCESS;
     event_fn_auto_ret<DWORD> event_auto(g_peer.get_event_fn_auto(__FUNCTION__, dwResult));
@@ -189,24 +185,13 @@ DWORD WINAPI EapPeerConfigBlob2Xml(
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_NOT_SUPPORTED, wstring_printf(_T(__FUNCTION__) _T(" Input EAP type (%d) does not match the supported EAP type (%d)."), (int)eapMethodType.eapType.type, (int)EAPMETHOD_TYPE).c_str()));
     else if (eapMethodType.dwAuthorId != 67532)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_NOT_SUPPORTED, wstring_printf(_T(__FUNCTION__) _T(" EAP author (%d) does not match the supported author (%d)."), (int)eapMethodType.dwAuthorId, (int)67532).c_str()));
-    else if (!pConfigIn && dwConfigInSize)
-        g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pConfigIn is NULL.")));
+    else if (!pConnectionData && dwConnectionDataSize)
+        g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" pConnectionData is NULL.")));
     else if (!ppConfigDoc)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppConfigDoc is NULL.")));
     else {
-        UNREFERENCED_PARAMETER(dwFlags);
         HRESULT hr;
 
-        // Unpack configuration.
-        _EAPMETHOD_PEER_UI::config_type cfg(g_peer);
-        if (!g_peer.unpack(cfg, pConfigIn, dwConfigInSize, ppEapError)) {
-            if (*ppEapError) {
-                g_peer.log_error(*ppEapError);
-                return dwResult = (*ppEapError)->dwWinError;
-            } else
-                return dwResult = ERROR_INVALID_DATA;
-        }
-
         // Create configuration XML document.
         com_obj<IXMLDOMDocument2> pDoc;
         if (FAILED(hr = pDoc.create(CLSID_DOMDocument60, NULL, CLSCTX_INPROC_SERVER))) {
@@ -230,19 +215,20 @@ DWORD WINAPI EapPeerConfigBlob2Xml(
         // Select <Config> node.
         com_obj<IXMLDOMNode> pXmlElConfig;
         pDoc->setProperty(bstr(L"SelectionNamespaces"), variant(L"xmlns:eaphostconfig=\"http://www.microsoft.com/provisioning/EapHostConfig\""));
-        if ((dwResult = eapxml::select_node(pDoc, bstr(L"eaphostconfig:Config"), &pXmlElConfig)) != ERROR_SUCCESS) {
-            g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_NOT_FOUND, _T(__FUNCTION__) _T(" Error selecting <Config> element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document.")));
+        if (FAILED(eapxml::select_node(pDoc, bstr(L"eaphostconfig:Config"), &pXmlElConfig))) {
+            g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_NOT_FOUND, _T(__FUNCTION__) _T(" Error selecting <Config> element.")));
             return dwResult;
         }
 
-        // Save all providers.
+        // Save configuration.
         pDoc->setProperty(bstr(L"SelectionNamespaces"), variant(L"xmlns:eap-metadata=\"urn:ietf:params:xml:ns:yang:ietf-eap-metadata\""));
-        if (!cfg.save(pDoc, pXmlElConfig, ppEapError)) {
-            if (*ppEapError) {
-                g_peer.log_error(*ppEapError);
-                return dwResult = (*ppEapError)->dwWinError;
-            } else
-                return dwResult = ERROR_INVALID_DATA;
+        try {
+            g_peer.config_blob2xml(dwFlags, pConnectionData, dwConnectionDataSize, pDoc, pXmlElConfig);
+        } catch (std::exception &err) {
+            g_peer.log_error(*ppEapError = g_peer.make_error(err));
+            return dwResult = (*ppEapError)->dwWinError;
+        } catch (...) {
+            return dwResult = ERROR_INVALID_DATA;
         }
 
         *ppConfigDoc = pDoc.detach();
@@ -294,16 +280,13 @@ DWORD WINAPI EapPeerInvokeConfigUI(
     else if (!ppConnectionDataOut)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppConnectionDataOut is NULL.")));
     else {
-        _EAPMETHOD_PEER_UI::config_type cfg(g_peer);
-        if (!g_peer.unpack(cfg, pConnectionDataIn, dwConnectionDataInSize, ppEapError) ||
-            !g_peer.invoke_config_ui(hwndParent, cfg, ppEapError) ||
-            !g_peer.pack(cfg, ppConnectionDataOut, pdwConnectionDataOutSize, ppEapError))
-        {
-            if (*ppEapError) {
-                g_peer.log_error(*ppEapError);
-                return dwResult = (*ppEapError)->dwWinError;
-            } else
-                return dwResult = ERROR_INVALID_DATA;
+        try {
+            g_peer.invoke_config_ui(hwndParent, pConnectionDataIn, dwConnectionDataInSize, ppConnectionDataOut, pdwConnectionDataOutSize);
+        } catch (std::exception &err) {
+            g_peer.log_error(*ppEapError = g_peer.make_error(err));
+            dwResult = (*ppEapError)->dwWinError;
+        } catch (...) {
+            dwResult = ERROR_INVALID_DATA;
         }
     }
 
@@ -359,18 +342,13 @@ DWORD WINAPI EapPeerInvokeIdentityUI(
     else if (!ppwszIdentity)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppwszIdentity is NULL.")));
     else {
-        _EAPMETHOD_PEER_UI::config_type cfg(g_peer);
-        _EAPMETHOD_PEER_UI::identity_type usr(g_peer);
-        if (!g_peer.unpack(cfg, pConnectionData, dwConnectionDataSize, ppEapError) ||
-            !g_peer.unpack(usr, pUserData, dwUserDataSize, ppEapError) ||
-            !g_peer.invoke_identity_ui(hwndParent, dwFlags, cfg, usr, ppwszIdentity, ppEapError) ||
-            !g_peer.pack(usr, ppUserDataOut, pdwUserDataOutSize, ppEapError))
-        {
-            if (*ppEapError) {
-                g_peer.log_error(*ppEapError);
-                return dwResult = (*ppEapError)->dwWinError;
-            } else
-                return dwResult = ERROR_INVALID_DATA;
+        try {
+            g_peer.invoke_identity_ui(hwndParent, dwFlags, pConnectionData, dwConnectionDataSize, pUserData, dwUserDataSize, ppUserDataOut, pdwUserDataOutSize, ppwszIdentity);
+        } catch (std::exception &err) {
+            g_peer.log_error(*ppEapError = g_peer.make_error(err));
+            dwResult = (*ppEapError)->dwWinError;
+        } catch (...) {
+            dwResult = ERROR_INVALID_DATA;
         }
     }
 
@@ -418,17 +396,13 @@ DWORD WINAPI EapPeerInvokeInteractiveUI(
     else if (!ppDataFromInteractiveUI)
         g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_INVALID_PARAMETER, _T(__FUNCTION__) _T(" ppDataFromInteractiveUI is NULL.")));
     else {
-        _EAPMETHOD_PEER_UI::interactive_request_type req;
-        _EAPMETHOD_PEER_UI::interactive_response_type res;
-        if (!g_peer.unpack(req, pUIContextData, dwUIContextDataSize, ppEapError) ||
-            !g_peer.invoke_interactive_ui(hwndParent, req, res, ppEapError) ||
-            !g_peer.pack(res, ppDataFromInteractiveUI, pdwDataFromInteractiveUISize, ppEapError))
-        {
-            if (*ppEapError) {
-                g_peer.log_error(*ppEapError);
-                return dwResult = (*ppEapError)->dwWinError;
-            } else
-                return dwResult = ERROR_INVALID_DATA;
+        try {
+            g_peer.invoke_interactive_ui(hwndParent, pUIContextData, dwUIContextDataSize, ppDataFromInteractiveUI, pdwDataFromInteractiveUISize);
+        } catch (std::exception &err) {
+            g_peer.log_error(*ppEapError = g_peer.make_error(err));
+            dwResult = (*ppEapError)->dwWinError;
+        } catch (...) {
+            dwResult = ERROR_INVALID_DATA;
         }
     }
 

EventMonitor/App.cpp

@@ -0,0 +1,86 @@
+/*
+    Copyright 2015-2016 Amebis
+    Copyright 2016 G<>ANT
+
+    This file is part of G<>ANTLink.
+
+    G<>ANTLink is free software: you can redistribute it and/or modify it
+    under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    G<>ANTLink is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with G<>ANTLink. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "StdAfx.h"
+#if defined(__WXMSW__)
+#pragma comment(lib, "msi.lib")
+#endif
+
+
+//////////////////////////////////////////////////////////////////////////
+// wxEventMonitorApp
+//////////////////////////////////////////////////////////////////////////
+
+wxIMPLEMENT_APP(wxEventMonitorApp);
+
+
+wxEventMonitorApp::wxEventMonitorApp() : wxApp()
+{
+}
+
+
+bool wxEventMonitorApp::OnInit()
+{
+#if defined(__WXMSW__)
+    // To compensate migration to non-advertised shortcut, do the Microsoft Installer's feature completeness check manually.
+    // If execution got this far in the first place (EXE and dependent DLLs are present and loadable).
+    // Furthermore, this increments program usage counter.
+    if (::MsiQueryFeatureState(_T(PRODUCT_VERSION_GUID), _T("featEventMonitor")) != INSTALLSTATE_UNKNOWN)
+        ::MsiUseFeature(_T(PRODUCT_VERSION_GUID), _T("featEventMonitor"));
+#endif
+
+    wxConfigBase *cfgPrev = wxConfigBase::Set(new wxConfig(wxT("EventMonitor"), wxT(PRODUCT_NAME_STR)));
+    if (cfgPrev) wxDELETE(cfgPrev);
+
+    if (!wxApp::OnInit())
+        return false;
+
+    // Set desired locale.
+    wxLanguage language = (wxLanguage)wxConfigBase::Get()->Read(wxT("Language"), wxLANGUAGE_DEFAULT);
+    if (wxLocale::IsAvailable(language)) {
+        wxString sPath;
+        if (wxConfigBase::Get()->Read(wxT("LocalizationRepositoryPath"), &sPath))
+            m_locale.AddCatalogLookupPathPrefix(sPath);
+        if (m_locale.Init(language)) {
+            wxVERIFY(m_locale.AddCatalog(wxT("wxExtend") wxT(wxExtendVersion)));
+            wxVERIFY(m_locale.AddCatalog(wxT("EventMonitor")));
+        }
+    }
+
+#ifdef __WXMSW__
+    // Find EventMonitor window if already running.
+    HWND hWnd = ::FindWindow(_T("wxWindowNR"), _("Event Monitor"));
+    if (hWnd) {
+        if (::IsIconic(hWnd))
+            ::SendMessage(hWnd, WM_SYSCOMMAND, SC_RESTORE, 0);
+        ::SetActiveWindow(hWnd);
+        ::SetForegroundWindow(hWnd);
+
+        // Not an error condition actually; Just nothing else to do...
+        return false;
+    }
+#endif
+
+    m_mainWnd = new wxEventMonitorFrame();
+    wxPersistentRegisterAndRestore<wxEventMonitorFrame>(m_mainWnd);
+    m_mainWnd->Show();
+
+    return true;
+}

EventMonitor/App.h

@@ -0,0 +1,61 @@
+/*
+    Copyright 2015-2016 Amebis
+    Copyright 2016 G<>ANT
+
+    This file is part of G<>ANTLink.
+
+    G<>ANTLink is free software: you can redistribute it and/or modify it
+    under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    G<>ANTLink is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with G<>ANTLink. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+///
+/// EventMonitor application
+///
+class wxEventMonitorApp;
+
+#pragma once
+
+#include "Frame.h"
+
+#include <wx/app.h>
+#include <wx/config.h>
+#include <wx/intl.h>
+
+
+class wxEventMonitorApp : public wxApp
+{
+public:
+    wxEventMonitorApp();
+
+    ///
+    /// Called when application initializes.
+    ///
+    /// \returns
+    /// - \c true if initialization succeeded
+    /// - \c false otherwise
+    ///
+    virtual bool OnInit();
+
+    ///
+    /// Called when application uninitializes.
+    ///
+    /// \returns Result code to return to OS
+    ///
+    //virtual int OnExit();
+
+public:
+    wxEventMonitorFrame *m_mainWnd; ///< Main window
+    wxLocale             m_locale;  ///< Current locale
+};
+
+wxDECLARE_APP(wxEventMonitorApp);

EventMonitor/ETWLog.cpp

@@ -26,24 +26,443 @@
 using namespace std;
 using namespace winstd;
 
-static vector<TRACEHANDLE> g_traces;
+
+//////////////////////////////////////////////////////////////////////////
+// Local helper functions declarations
+//////////////////////////////////////////////////////////////////////////
+
+static tstring MapToString(_In_ const EVENT_MAP_INFO *pMapInfo, _In_ LPCBYTE pData);
+static tstring DataToString(_In_ USHORT InType, _In_ USHORT OutType, _In_count_(nDataSize) LPCBYTE pData, _In_ SIZE_T nDataSize, _In_ const EVENT_MAP_INFO *pMapInfo, _In_ BYTE nPtrSize);
+static ULONG GetArraySize(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, ULONG i, ULONG *pulArraySize);
+static tstring PropertyToString(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, ULONG ulPropIndex, LPWSTR pStructureName, ULONG ulStructIndex, BYTE nPtrSize);
 
 
-static BOOL WINAPI ConsoleHandler(_In_ DWORD dwCtrlType)
+//////////////////////////////////////////////////////////////////////////
+// wxETWEvent
+//////////////////////////////////////////////////////////////////////////
+
+const EVENT_RECORD wxETWEvent::s_record_null = {};
+
+
+wxETWEvent::wxETWEvent(wxEventType type, const EVENT_RECORD &record) :
+    m_record(record),
+    wxEvent(0, type)
 {
-    switch(dwCtrlType) {
-    case CTRL_C_EVENT: 
-    case CTRL_BREAK_EVENT:
-    case CTRL_CLOSE_EVENT:
-    case CTRL_LOGOFF_EVENT:
-    case CTRL_SHUTDOWN_EVENT:
-        for (vector<TRACEHANDLE>::const_iterator trace = g_traces.cbegin(), trace_end = g_traces.cend(); trace != trace_end; ++trace)
-            CloseTrace(*trace);
-    }
-    return TRUE;
+    DoSetExtendedData(record.ExtendedDataCount, record.ExtendedData);
+    DoSetUserData(record.UserDataLength, record.UserData);
 }
 
 
+wxETWEvent::wxETWEvent(const wxETWEvent& event) :
+    m_record(event.m_record),
+    wxEvent(event)
+{
+    DoSetExtendedData(event.m_record.ExtendedDataCount, event.m_record.ExtendedData);
+    DoSetUserData(event.m_record.UserDataLength, event.m_record.UserData);
+}
+
+
+wxETWEvent::~wxETWEvent()
+{
+    if (m_record.ExtendedData)
+        delete (unsigned char*)m_record.ExtendedData;
+
+    if (m_record.UserData)
+        delete (unsigned char*)m_record.UserData;
+}
+
+
+bool wxETWEvent::SetExtendedData(size_t extended_data_count, const EVENT_HEADER_EXTENDED_DATA_ITEM *extended_data)
+{
+    if (m_record.ExtendedData)
+        delete (unsigned char*)m_record.ExtendedData;
+
+    return DoSetExtendedData(extended_data_count, extended_data);
+}
+
+
+bool wxETWEvent::SetUserData(size_t user_data_length, const void *user_data)
+{
+    if (m_record.UserData)
+        delete (unsigned char*)m_record.UserData;
+
+    return DoSetUserData(user_data_length, user_data);
+}
+
+
+bool wxETWEvent::DoSetExtendedData(size_t extended_data_count, const EVENT_HEADER_EXTENDED_DATA_ITEM *extended_data)
+{
+    if (extended_data_count) {
+        wxASSERT_MSG(extended_data, wxT("extended data is NULL"));
+
+        // Count the total required memory.
+        size_t data_size = 0;
+        for (size_t i = 0; i < extended_data_count; i++)
+            data_size += extended_data[i].DataSize;
+
+        // Allocate memory for extended data.
+        m_record.ExtendedData = (EVENT_HEADER_EXTENDED_DATA_ITEM*)(new unsigned char[sizeof(EVENT_HEADER_EXTENDED_DATA_ITEM)*extended_data_count + data_size]);
+        wxCHECK_MSG(m_record.ExtendedData, false, wxT("extended data memory allocation failed"));
+
+        // Bulk-copy extended data descriptors.
+        memcpy(m_record.ExtendedData, extended_data, sizeof(EVENT_HEADER_EXTENDED_DATA_ITEM) * extended_data_count);
+
+        // Copy the data.
+        unsigned char *ptr = (unsigned char*)(m_record.ExtendedData + extended_data_count);
+        for (size_t i = 0; i < extended_data_count; i++) {
+            if (extended_data[i].DataSize) {
+                memcpy(ptr, (void*)(extended_data[i].DataPtr), extended_data[i].DataSize);
+                m_record.ExtendedData[i].DataPtr = (ULONGLONG)ptr;
+                ptr += extended_data[i].DataSize;
+            } else
+                m_record.ExtendedData[i].DataPtr = NULL;
+        }
+    } else
+        m_record.ExtendedData = NULL;
+
+    m_record.ExtendedDataCount = extended_data_count;
+
+    return true;
+}
+
+
+bool wxETWEvent::DoSetUserData(size_t user_data_length, const void *user_data)
+{
+    if (user_data_length) {
+        wxASSERT_MSG(user_data, wxT("user data is NULL"));
+
+        // Allocate memory for user data.
+        m_record.UserData = new unsigned char[user_data_length];
+        wxCHECK_MSG(m_record.UserData, false, wxT("user data memory allocation failed"));
+
+        // Copy user data.
+        memcpy(m_record.UserData, user_data, user_data_length);
+    } else
+        m_record.UserData = NULL;
+
+    m_record.UserDataLength = user_data_length;
+
+    return true;
+}
+
+
+IMPLEMENT_DYNAMIC_CLASS(wxETWEvent, wxEvent)
+wxDEFINE_EVENT(wxEVT_ETW_EVENT, wxETWEvent);
+
+
+//////////////////////////////////////////////////////////////////////////
+// wxEventTraceProcessorThread
+//////////////////////////////////////////////////////////////////////////
+
+wxEventTraceProcessorThread::wxEventTraceProcessorThread(wxEvtHandler *parent, const wxArrayString &sessions) :
+    m_parent(parent),
+    wxThread(wxTHREAD_JOINABLE)
+{
+    EVENT_TRACE_LOGFILE tlf = {};
+    tlf.ProcessTraceMode    = PROCESS_TRACE_MODE_REAL_TIME | PROCESS_TRACE_MODE_EVENT_RECORD;
+    tlf.EventRecordCallback = EventRecordCallback;
+    tlf.Context             = this;
+
+    for (size_t i = 0, i_end = sessions.GetCount(); i < i_end; i++) {
+        // Open trace.
+        tlf.LoggerName = (LPTSTR)(LPCTSTR)(sessions[i]);
+        event_trace trace;
+        if (!trace.create(&tlf)) {
+            wxLogError(_("Error opening event trace (error %u)."), GetLastError());
+            continue;
+        }
+
+        // Save trace to the table.
+        m_traces.push_back(trace.detach());
+    }
+}
+
+
+wxEventTraceProcessorThread::~wxEventTraceProcessorThread()
+{
+    for (vector<TRACEHANDLE>::iterator trace = m_traces.begin(), trace_end = m_traces.end(); trace != trace_end; ++trace) {
+        TRACEHANDLE &h = *trace;
+        if (h) {
+            // Close trace.
+            CloseTrace(h);
+        }
+    }
+}
+
+
+void wxEventTraceProcessorThread::Abort()
+{
+    for (vector<TRACEHANDLE>::iterator trace = m_traces.begin(), trace_end = m_traces.end(); trace != trace_end; ++trace) {
+        TRACEHANDLE &h = *trace;
+        if (h) {
+            // Close trace.
+            CloseTrace(h);
+            h = NULL;
+        }
+    }
+}
+
+
+wxThread::ExitCode wxEventTraceProcessorThread::Entry()
+{
+    // Process events.
+    ProcessTrace(m_traces.data(), (ULONG)m_traces.size(), NULL, NULL);
+
+    return 0;
+}
+
+
+VOID WINAPI wxEventTraceProcessorThread::EventRecordCallback(_In_ PEVENT_RECORD pEvent)
+{
+    wxASSERT_MSG(pEvent, wxT("event is NULL"));
+    wxASSERT_MSG(pEvent->UserContext, wxT("thread is NULL"));
+
+    wxEventTraceProcessorThread *_this = ((wxEventTraceProcessorThread*)pEvent->UserContext);
+
+    if (_this->TestDestroy()) {
+        // Event processing is pending destruction.
+        return;
+    }
+
+    _this->m_parent->QueueEvent(new wxETWEvent(wxEVT_ETW_EVENT, *pEvent));
+}
+
+
+//////////////////////////////////////////////////////////////////////////
+// wxETWListCtrl
+//////////////////////////////////////////////////////////////////////////
+
+BEGIN_EVENT_TABLE(wxETWListCtrl, wxListCtrl)
+    EVT_ETW_EVENT(wxETWListCtrl::OnETWEvent)
+END_EVENT_TABLE()
+
+
+// {6EB8DB94-FE96-443F-A366-5FE0CEE7FB1C}
+const GUID wxETWListCtrl::s_provider_eaphost = { 0X6EB8DB94, 0XFE96, 0X443F, { 0XA3, 0X66, 0X5F, 0XE0, 0XCE, 0XE7, 0XFB, 0X1C } };
+
+
+wxETWListCtrl::wxETWListCtrl(wxWindow *parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style, const wxValidator& validator, const wxString& name) :
+    m_proc(NULL),
+    m_item_id(0),
+    wxListCtrl(parent, id, pos, size, style, validator, name)
+{
+    this->AppendColumn(_("Time"  ), wxLIST_FORMAT_LEFT, 100);
+    this->AppendColumn(_("PID"   ), wxLIST_FORMAT_LEFT, 50 );
+    this->AppendColumn(_("TID"   ), wxLIST_FORMAT_LEFT, 50 );
+    this->AppendColumn(_("Source"), wxLIST_FORMAT_LEFT, 100);
+    this->AppendColumn(_("Event" ), wxLIST_FORMAT_LEFT, wxLIST_AUTOSIZE_USEHEADER);
+
+    // Start a new session.
+    ULONG ulResult;
+    for (unsigned int i = 0; ; i++) {
+        //tstring log_file(tstring_printf(i ? _T("test.etl") : _T("test %u.etl"), i));
+        tstring name(tstring_printf(i ? _T(PRODUCT_NAME_STR) _T(" Event Monitor Session %u") : _T(PRODUCT_NAME_STR) _T(" Event Monitor Session"), i));
+
+        // Allocate session properties.
+        ULONG
+            ulSizeName    = (ULONG)((name    .length() + 1)*sizeof(TCHAR)),
+            //ulSizeLogFile = (ULONG)((log_file.length() + 1)*sizeof(TCHAR)),
+            ulSize        = sizeof(EVENT_TRACE_PROPERTIES) + ulSizeName /*+ ulSizeLogFile*/;
+        unique_ptr<EVENT_TRACE_PROPERTIES> properties((EVENT_TRACE_PROPERTIES*)new char[ulSize]);
+        wxASSERT_MSG(properties, wxT("error allocating session properties memory"));
+
+        // Initialize properties.
+        memset(properties.get(), 0, sizeof(EVENT_TRACE_PROPERTIES));
+        properties->Wnode.BufferSize    = ulSize;
+        properties->Wnode.Flags         = WNODE_FLAG_TRACED_GUID;
+        properties->Wnode.ClientContext = 1; //QPC clock resolution
+        CoCreateGuid(&(properties->Wnode.Guid));
+        properties->LogFileMode         = /*EVENT_TRACE_FILE_MODE_SEQUENTIAL |*/ EVENT_TRACE_REAL_TIME_MODE;
+        properties->MaximumFileSize     = 1;  // 1 MB
+        properties->LoggerNameOffset    = sizeof(EVENT_TRACE_PROPERTIES);
+        //properties->LogFileNameOffset   = sizeof(EVENT_TRACE_PROPERTIES) + ulSizeName;
+        //memcpy((LPTSTR)((char*)properties.get() + properties->LogFileNameOffset), log_file.c_str(), ulSizeLogFile);
+
+        if ((ulResult = m_session.create(name.c_str(), properties.get())) == ERROR_SUCCESS) {
+            break;
+        } else if (ulResult == ERROR_ACCESS_DENIED) {
+            wxLogError(_("Access denied creating event session: you need administrative privileges (Run As Administrator) or be a member of Performance Log Users group to start event tracing session."));
+            return;
+        } else if (ulResult == ERROR_ALREADY_EXISTS) {
+            wxLogDebug(_("The %s event session already exists."), name.c_str());
+            // Do not despair... Retry with a new session name and ID.
+            continue;
+        } else {
+            wxLogError(_("Error creating event session (error %u)."), ulResult);
+            return;
+        }
+    }
+
+    // Enable event providers we are interested in to log events to our session.
+    if ((ulResult = EnableTraceEx(
+        &EAPMETHOD_TRACE_EVENT_PROVIDER,
+        &((const EVENT_TRACE_PROPERTIES*)m_session)->Wnode.Guid,
+        m_session,
+        EVENT_CONTROL_CODE_ENABLE_PROVIDER,
+        TRACE_LEVEL_VERBOSE,
+        0, 0,
+        0,
+        NULL)) != ERROR_SUCCESS)
+    {
+        wxLogError(_("Error enabling event provider (error %u)."), ulResult);
+        return;
+    }
+    if ((ulResult = EnableTraceEx(
+        &s_provider_eaphost,
+        &((const EVENT_TRACE_PROPERTIES*)m_session)->Wnode.Guid,
+        m_session,
+        EVENT_CONTROL_CODE_ENABLE_PROVIDER,
+        TRACE_LEVEL_VERBOSE,
+        0, 0,
+        0,
+        NULL)) != ERROR_SUCCESS)
+    {
+        // If the EAPHost trace provider failed to enable, do not despair.
+        wxLogDebug(_("Error enabling EAPHost event provider (error %u)."), ulResult);
+    }
+
+    // Process events in separate thread, not to block wxWidgets' message pump.
+    wxArrayString sessions;
+    sessions.Add(m_session.name());
+    m_proc = new wxEventTraceProcessorThread(this->GetEventHandler(), sessions);
+    wxASSERT_MSG(m_proc, wxT("error allocating thread memory"));
+    if (m_proc->Run() != wxTHREAD_NO_ERROR) {
+        wxFAIL_MSG("Can't create the thread!");
+        delete m_proc;
+        m_proc = NULL;
+    }
+}
+
+
+wxETWListCtrl::~wxETWListCtrl()
+{
+    if (m_session) {
+        if (m_proc) {
+            m_proc->Abort();
+            m_proc->Delete();
+            delete m_proc;
+        }
+
+        // Disable event providers.
+        EnableTraceEx(
+                &s_provider_eaphost,
+                &((const EVENT_TRACE_PROPERTIES*)m_session)->Wnode.Guid,
+                m_session,
+                EVENT_CONTROL_CODE_DISABLE_PROVIDER,
+                TRACE_LEVEL_VERBOSE,
+                0, 0,
+                0,
+                NULL);
+
+        EnableTraceEx(
+                &EAPMETHOD_TRACE_EVENT_PROVIDER,
+                &((const EVENT_TRACE_PROPERTIES*)m_session)->Wnode.Guid,
+                m_session,
+                EVENT_CONTROL_CODE_DISABLE_PROVIDER,
+                TRACE_LEVEL_VERBOSE,
+                0, 0,
+                0,
+                NULL);
+    }
+}
+
+
+void wxETWListCtrl::OnETWEvent(wxETWEvent& event)
+{
+    EVENT_RECORD &rec = event.GetRecord();
+    bool is_ours = IsEqualGUID(rec.EventHeader.ProviderId, EAPMETHOD_TRACE_EVENT_PROVIDER) ? true : false;
+    int column = 0;
+
+    // Prepare item to insert into the list.
+    wxListItem item;
+    item.SetId(m_item_id++);
+    item.SetTextColour(
+        rec.EventHeader.EventDescriptor.Level >= TRACE_LEVEL_VERBOSE     ? (is_ours ? 0x666666 : 0xcccccc) :
+        rec.EventHeader.EventDescriptor.Level >= TRACE_LEVEL_INFORMATION ? (is_ours ? 0x000000 : 0xaaaaaa) :
+        rec.EventHeader.EventDescriptor.Level >= TRACE_LEVEL_WARNING     ? (is_ours ? 0x00aacc : 0xaaeeee) :
+                                                                           (is_ours ? 0x0000ff : 0xaaaaff));
+    item.SetBackgroundColour(0xffffff);
+
+    {
+        // Output event time-stamp.
+        FILETIME ft;
+        ft.dwHighDateTime = rec.EventHeader.TimeStamp.HighPart;
+        ft.dwLowDateTime = rec.EventHeader.TimeStamp.LowPart;
+
+        SYSTEMTIME st, st_local;
+        FileTimeToSystemTime(&ft, &st);
+        SystemTimeToTzSpecificLocalTime(NULL, &st, &st_local);
+
+        ULONGLONG
+            ts = rec.EventHeader.TimeStamp.QuadPart,
+            nanosec = (ts % 10000000) * 100;
+
+        item.SetColumn(column++);
+        item.SetText(tstring_printf(_T("%04d-%02d-%02d %02d:%02d:%02d.%09I64u"),
+            st_local.wYear, st_local.wMonth, st_local.wDay, st_local.wHour, st_local.wMinute, st_local.wSecond, nanosec));
+        this->InsertItem(item);
+    }
+
+    // Output process ID.
+    item.SetColumn(column++);
+    item.SetText(wxString::Format(wxT("%u"), rec.EventHeader.ProcessId));
+    this->SetItem(item);
+
+    // Output thread ID.
+    item.SetColumn(column++);
+    item.SetText(wxString::Format(wxT("%u"), rec.EventHeader.ThreadId));
+    this->SetItem(item);
+
+    // Output event source.
+    item.SetColumn(column++);
+    item.SetText(is_ours ? wxT(PRODUCT_NAME_STR) : wxT("EAPHost"));
+    this->SetItem(item);
+
+    item.SetColumn(column++);
+    {
+        // Get event meta-info.
+        unique_ptr<TRACE_EVENT_INFO> info;
+        ULONG ulResult;
+        if ((ulResult = TdhGetEventInformation(&rec, 0, NULL, info)) == ERROR_SUCCESS) {
+            if (info->DecodingSource != DecodingSourceWPP) {
+                if (rec.EventHeader.Flags & EVENT_HEADER_FLAG_STRING_ONLY) {
+                    // This is a string-only event. Print it.
+                    item.SetText((LPCWSTR)rec.UserData);
+                } else {
+                    // This is not a string-only event. Prepare parameters.
+
+                    BYTE nPtrSize = (rec.EventHeader.Flags & EVENT_HEADER_FLAG_32_BIT_HEADER) ? 4 : 8;
+                    vector<tstring> props;
+                    vector<DWORD_PTR> props_msg;
+                    props.reserve(info->TopLevelPropertyCount);
+                    props_msg.reserve(info->TopLevelPropertyCount);
+                    for (ULONG i = 0; i < info->TopLevelPropertyCount; i++) {
+                        props.push_back(std::move(PropertyToString(&rec, info.get(), i, NULL, 0, nPtrSize)));
+                        props_msg.push_back((DWORD_PTR)props[i].c_str());
+                    }
+
+                    if (info->EventMessageOffset) {
+                        // Format the message.
+                        item.SetText(wstring_msg(0, (LPCTSTR)((LPCBYTE)info.get() + info->EventMessageOffset), props_msg.data()).c_str());
+                    }
+                }
+            } else if (info->EventMessageOffset) {
+                // This is a WPP event.
+                item.SetText((LPCWSTR)((LPCBYTE)info.get() + info->EventMessageOffset));
+            }
+        }
+    }
+    this->SetItem(item);
+
+    // Bring the record into view.
+    this->EnsureVisible(item.GetId());
+}
+
+
+//////////////////////////////////////////////////////////////////////////
+// Local helper functions
+//////////////////////////////////////////////////////////////////////////
+
 static tstring MapToString(_In_ const EVENT_MAP_INFO *pMapInfo, _In_ LPCBYTE pData)
 {
     if ( (pMapInfo->Flag &  EVENTMAP_INFO_FLAG_MANIFEST_VALUEMAP) ||
@@ -268,7 +687,7 @@ static tstring DataToString(_In_ USHORT InType, _In_ USHORT OutType, _In_count_(
             // on an 8-byte boundary, so its size is 8 bytes on a
             // 32-bit computer and 16 bytes on a 64-bit computer.
             // Doubling the pointer size handles both cases.
-            assert(nDataSize >= nPtrSize * 2);
+            assert(nDataSize >= (SIZE_T)nPtrSize * 2);
             return (PULONG)pData > 0 ? DataToString(TDH_INTYPE_SID, OutType, pData + nPtrSize * 2, nDataSize - nPtrSize * 2, pMapInfo, nPtrSize) : _T("<WBEM SID>");
 
         case TDH_INTYPE_SID: {
@@ -330,14 +749,15 @@ static tstring PropertyToString(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, U
         return tstring_printf(_T("<Error getting array size (error %u)>"), ulResult);;
 
     tstring out;
+    bool out_nonfirst = false;
 
-    if (ulArraySize > 1)
+    if (pInfo->EventPropertyInfoArray[ulPropIndex].Flags & PropertyParamCount)
         out += tstring_printf(_T("[%u]("), ulArraySize);
 
     for (ULONG k = 0; k < ulArraySize; k++) {
         if (pInfo->EventPropertyInfoArray[ulPropIndex].Flags & PropertyStruct) {
             // The property is a structure: print the members of the structure.
-            tstring out;
+            if (out_nonfirst) out += _T(", "); else out_nonfirst = true;
             out += _T('(');
             for (USHORT j = pInfo->EventPropertyInfoArray[ulPropIndex].structType.StructStartIndex, usLastMember = pInfo->EventPropertyInfoArray[ulPropIndex].structType.StructStartIndex + pInfo->EventPropertyInfoArray[ulPropIndex].structType.NumOfStructMembers; j < usLastMember; j++) {
                 out += tstring_printf(_T("%ls: "), (LPBYTE)pInfo + pInfo->EventPropertyInfoArray[j].NameOffset);
@@ -391,7 +811,7 @@ static tstring PropertyToString(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, U
                     }
                 }
 
-                if (!out.empty()) out += _T(", ");
+                if (out_nonfirst) out += _T(", "); else out_nonfirst = true;
                 out += !data.empty() ? DataToString(
                     pInfo->EventPropertyInfoArray[ulPropIndex].nonStructType.InType,
                     pInfo->EventPropertyInfoArray[ulPropIndex].nonStructType.OutType,
@@ -403,160 +823,8 @@ static tstring PropertyToString(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, U
         }
     }
 
-    if (ulArraySize > 1)
+    if (pInfo->EventPropertyInfoArray[ulPropIndex].Flags & PropertyParamCount)
         out += _T(')');
 
     return out;
 }
-
-
-static VOID WINAPI EventRecordCallback(_In_ PEVENT_RECORD pEvent)
-{
-    {
-        // Calculate and print event time-stamp.
-        FILETIME ft;
-        ft.dwHighDateTime = pEvent->EventHeader.TimeStamp.HighPart;
-        ft.dwLowDateTime = pEvent->EventHeader.TimeStamp.LowPart;
-
-        SYSTEMTIME st, st_local;
-        FileTimeToSystemTime(&ft, &st);
-        SystemTimeToTzSpecificLocalTime(NULL, &st, &st_local);
-
-        ULONGLONG
-            ts = pEvent->EventHeader.TimeStamp.QuadPart,
-            nanosec = (ts % 10000000) * 100;
-
-        _ftprintf(stdout, _T("%04d-%02d-%02d %02d:%02d:%02d.%09I64u"),
-            st_local.wYear, st_local.wMonth, st_local.wDay, st_local.wHour, st_local.wMinute, st_local.wSecond, nanosec);
-    }
-
-    {
-        // Get event meta-info.
-        unique_ptr<TRACE_EVENT_INFO> info;
-        ULONG ulResult;
-        if ((ulResult = TdhGetEventInformation(pEvent, 0, NULL, info)) == ERROR_SUCCESS) {
-            if (info->DecodingSource != DecodingSourceWPP) {
-                if (pEvent->EventHeader.Flags & EVENT_HEADER_FLAG_STRING_ONLY) {
-                    // This is a string-only event. Print it.
-                    _ftprintf(stdout, _T(" %ls"), pEvent->UserData);
-                } else {
-                    // This is not a string-only event. Prepare parameters.
-
-                    BYTE nPtrSize = (pEvent->EventHeader.Flags & EVENT_HEADER_FLAG_32_BIT_HEADER) ? 4 : 8;
-                    vector<tstring> props;
-                    vector<DWORD_PTR> props_msg;
-                    props.reserve(info->TopLevelPropertyCount);
-                    props_msg.reserve(info->TopLevelPropertyCount);
-                    for (ULONG i = 0; i < info->TopLevelPropertyCount; i++) {
-                        props.push_back(std::move(PropertyToString(pEvent, info.get(), i, NULL, 0, nPtrSize)));
-                        props_msg.push_back((DWORD_PTR)props[i].c_str());
-                    }
-
-                    if (info->EventMessageOffset) {
-                        // Format the message.
-                        _ftprintf(stdout, _T(" %ls"), wstring_msg(0, (LPCTSTR)((LPCBYTE)info.get() + info->EventMessageOffset), props_msg.data()).c_str());
-                    }
-                }
-            } else if (info->EventMessageOffset) {
-                // This is a WPP event.
-                _ftprintf(stdout, _T(" %ls"), (LPCBYTE)info.get() + info->EventMessageOffset);
-            }
-        }
-    }
-
-    _ftprintf(stdout, _T("\n"));
-}
-
-
-#ifdef _UNICODE
-int wmain(int argc, const wchar_t *argv[])
-#else
-int  main(int argc, const char    *argv[])
-#endif
-{
-    UNREFERENCED_PARAMETER(argc);
-    UNREFERENCED_PARAMETER(argv);
-
-    setlocale(LC_ALL, ".OCP");
-
-    // Initialize COM.
-    com_initializer com_init(NULL);
-
-    // Start a new session.
-    ULONG ulResult;
-    event_session session;
-    for (unsigned int i = 0; ; i++) {
-        //tstring log_file(tstring_printf(i ? _T("test.etl") : _T("test %u.etl"), i));
-        tstring name(tstring_printf(i ? _T(PRODUCT_NAME_STR) _T(" Event Monitor Session %u") : _T(PRODUCT_NAME_STR) _T(" Event Monitor Session"), i));
-
-        // Allocate session properties.
-        ULONG
-            ulSizeName    = (ULONG)((name    .length() + 1)*sizeof(TCHAR)),
-            //ulSizeLogFile = (ULONG)((log_file.length() + 1)*sizeof(TCHAR)),
-            ulSize        = sizeof(EVENT_TRACE_PROPERTIES) + ulSizeName /*+ ulSizeLogFile*/;
-        unique_ptr<EVENT_TRACE_PROPERTIES> properties((EVENT_TRACE_PROPERTIES*)new char[ulSize]);
-        if (!properties) {
-            _ftprintf(stderr, _T("Error allocating session properties memory.\n"));
-            return 1;
-        }
-
-        // Initialize properties.
-        memset(properties.get(), 0, sizeof(EVENT_TRACE_PROPERTIES));
-        properties->Wnode.BufferSize    = ulSize;
-        properties->Wnode.Flags         = WNODE_FLAG_TRACED_GUID;
-        properties->Wnode.ClientContext = 1; //QPC clock resolution
-        CoCreateGuid(&(properties->Wnode.Guid));
-        properties->LogFileMode         = /*EVENT_TRACE_FILE_MODE_SEQUENTIAL |*/ EVENT_TRACE_REAL_TIME_MODE;
-        properties->MaximumFileSize     = 1;  // 1 MB
-        properties->LoggerNameOffset    = sizeof(EVENT_TRACE_PROPERTIES);
-        //properties->LogFileNameOffset   = sizeof(EVENT_TRACE_PROPERTIES) + ulSizeName;
-        //memcpy((LPTSTR)((char*)properties.get() + properties->LogFileNameOffset), log_file.c_str(), ulSizeLogFile);
-
-        if ((ulResult = session.create(name.c_str(), properties.get())) == ERROR_SUCCESS) {
-            break;
-        } else if (ulResult == ERROR_ACCESS_DENIED) {
-            _ftprintf(stderr, _T("Access denied creating event session: you need administrative privileges (Run As Administrator) or be a member of Performance Log Users group to start event tracing session.\n"), ulResult);
-            return 1;
-        } else if (ulResult == ERROR_ALREADY_EXISTS) {
-            _ftprintf(stderr, _T("The %s event session already exists.\n"), name.c_str());
-            // Do not despair... Retry with a new session name and ID.
-            continue;
-        } else {
-            _ftprintf(stderr, _T("Error creating event session (error %u).\n"), ulResult);
-            return 1;
-        }
-    }
-
-    // Enable event provider we are interested in to log events to our session.
-    event_trace_enabler trace_enabler_event(session, &EAPMETHOD_TRACE_EVENT_PROVIDER, TRACE_LEVEL_VERBOSE);
-    if ((ulResult = trace_enabler_event.status()) != ERROR_SUCCESS) {
-        _ftprintf(stderr, _T("Error enabling event provider (error %u).\n"), ulResult);
-        return 1;
-    }
-
-    // {6EB8DB94-FE96-443F-A366-5FE0CEE7FB1C}
-    static const GUID s_provider_eaphost = { 0X6EB8DB94, 0XFE96, 0X443F, { 0XA3, 0X66, 0X5F, 0XE0, 0XCE, 0XE7, 0XFB, 0X1C } };
-    event_trace_enabler trace_enabler_eaphost(session, &s_provider_eaphost, TRACE_LEVEL_INFORMATION);
-    if ((ulResult = trace_enabler_eaphost.status()) != ERROR_SUCCESS) {
-        // If the EAPHost trace provider failed to enable, do not despair.
-        _ftprintf(stderr, _T("Error enabling EAPHost event provider (error %u).\n"), ulResult);
-    }
-
-    // Open trace.
-    EVENT_TRACE_LOGFILE tlf = {};
-    tlf.LoggerName = (LPTSTR)session.name();
-    tlf.ProcessTraceMode    = PROCESS_TRACE_MODE_REAL_TIME | PROCESS_TRACE_MODE_EVENT_RECORD;
-    tlf.EventRecordCallback = EventRecordCallback;
-    event_trace trace;
-    if (!trace.create(&tlf)) {
-        _ftprintf(stderr, _T("Error opening event trace (error %u).\n"), GetLastError());
-        return 1;
-    }
-
-    // Process events.
-    g_traces.push_back(trace.detach());
-    SetConsoleCtrlHandler(ConsoleHandler, TRUE);
-    ProcessTrace(g_traces.data(), (ULONG)g_traces.size(), NULL, NULL);
-
-    return 0;
-}

EventMonitor/ETWLog.h

@@ -0,0 +1,136 @@
+/*
+    Copyright 2015-2016 Amebis
+    Copyright 2016 G<>ANT
+
+    This file is part of G<>ANTLink.
+
+    G<>ANTLink is free software: you can redistribute it and/or modify it
+    under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    G<>ANTLink is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with G<>ANTLink. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <wx/event.h>
+
+///
+/// ETW event
+///
+class wxETWEvent;
+wxDECLARE_EVENT(wxEVT_ETW_EVENT, wxETWEvent);
+#define wxETWEventHandler(func) wxEVENT_HANDLER_CAST(wxETWEventFunction, func)
+#define EVT_ETW_EVENT(func) wx__DECLARE_EVT0(wxEVT_ETW_EVENT, wxETWEventHandler(func))
+
+///
+/// Event list control
+///
+class wxETWListCtrl;
+
+///
+/// Event trace processor
+///
+class wxEventTraceProcessorThread;
+
+#pragma once
+
+#include <wx/listctrl.h>
+#include <wx/thread.h>
+
+#include <WinStd/ETW.h>
+
+#include <vector>
+
+
+class wxETWEvent : public wxEvent
+{
+public:
+    wxETWEvent(wxEventType type = wxEVT_NULL, const EVENT_RECORD &record = s_record_null);
+    wxETWEvent(const wxETWEvent& event);
+    virtual ~wxETWEvent();
+    virtual wxEvent *Clone() const { return new wxETWEvent(*this); }
+
+    inline const EVENT_RECORD& GetRecord() const { return m_record; }
+    inline       EVENT_RECORD& GetRecord()       { return m_record; }
+
+    inline const EVENT_HEADER& GetHeader() const { return m_record.EventHeader; }
+
+    inline const ETW_BUFFER_CONTEXT& GetBufferContext() const { return m_record.BufferContext; }
+
+    bool SetExtendedData(size_t extended_data_count, const EVENT_HEADER_EXTENDED_DATA_ITEM *extended_data);
+    inline size_t GetExtendedDataCount() const { return m_record.ExtendedDataCount; }
+    inline const EVENT_HEADER_EXTENDED_DATA_ITEM& GetExtendedData(size_t index) const { wxASSERT(index < m_record.ExtendedDataCount); return m_record.ExtendedData[index]; }
+
+    bool SetUserData(size_t user_data_length, const void *user_data);
+    inline size_t GetUserDataLength() const { return m_record.UserDataLength; }
+    inline void *GetUserData() const { return m_record.UserData; }
+
+protected:
+    bool DoSetExtendedData(size_t extended_data_count, const EVENT_HEADER_EXTENDED_DATA_ITEM *extended_data);
+    bool DoSetUserData(size_t user_data_length, const void *user_data);
+
+private:
+    DECLARE_DYNAMIC_CLASS_NO_ASSIGN(wxETWEvent)
+
+public:
+    static const EVENT_RECORD s_record_null;
+
+protected:
+    EVENT_RECORD m_record;  ///< ETW event record
+};
+
+
+typedef void (wxEvtHandler::*wxETWEventFunction)(wxETWEvent&);
+
+
+class wxEventTraceProcessorThread : public wxThread
+{
+public:
+    wxEventTraceProcessorThread(wxEvtHandler *parent, const wxArrayString &sessions);
+    virtual ~wxEventTraceProcessorThread();
+
+    void Abort();
+
+protected:
+    virtual ExitCode Entry();
+
+private:
+    static VOID WINAPI EventRecordCallback(PEVENT_RECORD pEvent);
+
+protected:
+    std::vector<TRACEHANDLE> m_traces;  ///< An array of tracing sessions this thread is monitoring
+    wxEvtHandler *m_parent;             ///< Pointer to the event handler this thread is sending record notifications
+};
+
+
+class wxETWListCtrl : public wxListCtrl
+{
+public:
+    wxETWListCtrl(
+              wxWindow    *parent,
+              wxWindowID  id         = wxID_ANY,
+        const wxPoint     &pos       = wxDefaultPosition,
+        const wxSize      &size      = wxDefaultSize,
+              long        style      = wxLC_NO_SORT_HEADER|wxLC_REPORT|wxLC_SINGLE_SEL|wxNO_BORDER,
+        const wxValidator &validator = wxDefaultValidator,
+        const wxString    &name      = wxListCtrlNameStr);
+    virtual ~wxETWListCtrl();
+
+protected:
+    void OnETWEvent(wxETWEvent& event);
+    DECLARE_EVENT_TABLE()
+
+public:
+    static const GUID s_provider_eaphost;   ///< EAPHost event provider ID
+
+protected:
+    winstd::event_session m_session;        ///< Event session
+    wxEventTraceProcessorThread *m_proc;    ///< Processor thread
+    long m_item_id;                         ///< Next free list item ID
+};

EventMonitor/EventMonitor.props

@@ -7,11 +7,9 @@
   </PropertyGroup>
   <ItemDefinitionGroup>
     <ClCompile>
-      <AdditionalIncludeDirectories>..\lib\Events\build\temp\Events.$(Platform).$(Configuration).$(PlatformToolset);..\lib\WinStd\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>..\lib\Events\build\temp\Events.$(Platform).$(Configuration).$(PlatformToolset);..\lib\WinStd\include;..\lib\wxExtend\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
     </ClCompile>
     <Link>
-      <SubSystem>Console</SubSystem>
       <UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
     </Link>
   </ItemDefinitionGroup>

EventMonitor/EventMonitor.vcxproj

@@ -86,19 +86,25 @@
     <ResourceCompile Include="EventMonitor.rc" />
   </ItemGroup>
   <ItemGroup>
+    <ClInclude Include="App.h" />
+    <ClInclude Include="ETWLog.h" />
+    <ClInclude Include="Frame.h" />
+    <ClInclude Include="LogPanel.h" />
     <ClInclude Include="StdAfx.h" />
+    <ClInclude Include="wxEventMonitor_UI.h" />
   </ItemGroup>
   <ItemGroup>
-    <None Include="README.md" />
-  </ItemGroup>
-  <ItemGroup>
-    <ClCompile Include="Main.cpp" />
+    <ClCompile Include="App.cpp" />
+    <ClCompile Include="ETWLog.cpp" />
+    <ClCompile Include="Frame.cpp" />
+    <ClCompile Include="LogPanel.cpp" />
     <ClCompile Include="StdAfx.cpp">
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
     </ClCompile>
+    <ClCompile Include="wxEventMonitor_UI.cpp" />
   </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\lib\Events\build\Events.vcxproj">
@@ -107,6 +113,14 @@
     <ProjectReference Include="..\lib\WinStd\build\WinStd.vcxproj">
       <Project>{47399d91-7eb9-41de-b521-514ba5db0c43}</Project>
     </ProjectReference>
+    <ProjectReference Include="..\lib\wxExtend\build\wxExtendLib.vcxproj">
+      <Project>{d3e29951-d9f5-486d-a167-20ae8e90b1fa}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="locale\EventMonitor.pot" />
+    <None Include="res\EventMonitor.ico" />
+    <None Include="wxEventMonitor_UI.fbp" />
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">

EventMonitor/EventMonitor.vcxproj.filters

@@ -13,6 +13,10 @@
       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
     </Filter>
+    <Filter Include="Resource Files\Localization">
+      <UniqueIdentifier>{e43059ae-37ac-4b28-84fb-18d1b3972b30}</UniqueIdentifier>
+      <Extensions>po;pot</Extensions>
+    </Filter>
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="EventMonitor.rc">
@@ -23,16 +27,51 @@
     <ClInclude Include="StdAfx.h">
       <Filter>Header Files</Filter>
     </ClInclude>
-  </ItemGroup>
-  <ItemGroup>
-    <None Include="README.md" />
+    <ClInclude Include="App.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="wxEventMonitor_UI.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="Frame.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="LogPanel.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="ETWLog.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="StdAfx.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
-    <ClCompile Include="Main.cpp">
+    <ClCompile Include="App.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="wxEventMonitor_UI.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="Frame.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="LogPanel.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="ETWLog.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
   </ItemGroup>
+  <ItemGroup>
+    <None Include="wxEventMonitor_UI.fbp">
+      <Filter>Resource Files</Filter>
+    </None>
+    <None Include="locale\EventMonitor.pot">
+      <Filter>Resource Files\Localization</Filter>
+    </None>
+    <None Include="res\EventMonitor.ico">
+      <Filter>Resource Files</Filter>
+    </None>
+  </ItemGroup>
 </Project>

EventMonitor/Frame.cpp

@@ -0,0 +1,86 @@
+/*
+    Copyright 2015-2016 Amebis
+    Copyright 2016 G<>ANT
+
+    This file is part of G<>ANTLink.
+
+    G<>ANTLink is free software: you can redistribute it and/or modify it
+    under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    G<>ANTLink is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with G<>ANTLink. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "StdAfx.h"
+
+
+//////////////////////////////////////////////////////////////////////////
+// wxEventMonitorFrame
+//////////////////////////////////////////////////////////////////////////
+
+wxBEGIN_EVENT_TABLE(wxEventMonitorFrame, wxEventMonitorFrameBase)
+    EVT_MENU(wxID_EXIT, wxEventMonitorFrame::OnExit)
+wxEND_EVENT_TABLE()
+
+
+wxEventMonitorFrame::wxEventMonitorFrame() : wxEventMonitorFrameBase(NULL)
+{
+    // Load main window icons.
+#ifdef __WINDOWS__
+    wxIcon icon_small(wxT("00_EventMonitor.ico"), wxBITMAP_TYPE_ICO_RESOURCE, ::GetSystemMetrics(SM_CXSMICON), ::GetSystemMetrics(SM_CYSMICON));
+    wxIconBundle icons;
+    icons.AddIcon(icon_small);
+    icons.AddIcon(wxIcon(wxT("00_EventMonitor.ico"), wxBITMAP_TYPE_ICO_RESOURCE, ::GetSystemMetrics(SM_CXICON), ::GetSystemMetrics(SM_CYICON)));
+    SetIcons(icons);
+#else
+    wxIcon icon_small(wxICON(00_EventMonitor.ico));
+    SetIcon(icon_small);
+#endif
+
+    // Restore persistent state of wxAuiManager manually, since m_mgr is not on the heap.
+    wxPersistentAuiManager(&m_mgr).Restore();
+}
+
+
+void wxEventMonitorFrame::OnExit(wxCommandEvent& /*event*/)
+{
+    Close();
+}
+
+
+//////////////////////////////////////////////////////////////////////////
+// wxPersistentEventMonitorFrame
+//////////////////////////////////////////////////////////////////////////
+
+wxPersistentEventMonitorFrame::wxPersistentEventMonitorFrame(wxEventMonitorFrame *wnd) : wxPersistentTLW(wnd)
+{
+}
+
+
+void wxPersistentEventMonitorFrame::Save() const
+{
+    const wxEventMonitorFrame * const wnd = static_cast<const wxEventMonitorFrame*>(GetWindow());
+
+    wxPersistentEventMonitorLogPanel(wnd->m_panel).Save();
+
+    wxPersistentTLW::Save();
+}
+
+
+bool wxPersistentEventMonitorFrame::Restore()
+{
+    const bool r = wxPersistentTLW::Restore();
+
+    wxEventMonitorFrame * const wnd = static_cast<wxEventMonitorFrame*>(GetWindow());
+
+    wxPersistentEventMonitorLogPanel(wnd->m_panel).Restore();
+
+    return r;
+}

EventMonitor/Frame.h

@@ -0,0 +1,63 @@
+/*
+    Copyright 2015-2016 Amebis
+    Copyright 2016 G<>ANT
+
+    This file is part of G<>ANTLink.
+
+    G<>ANTLink is free software: you can redistribute it and/or modify it
+    under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    G<>ANTLink is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with G<>ANTLink. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+///
+/// EventMonitor main frame
+///
+class wxEventMonitorFrame;
+
+///
+/// Supports saving/restoring wxEventMonitorFrame GUI state
+///
+class wxPersistentEventMonitorFrame;
+
+#pragma once;
+
+#include "wxEventMonitor_UI.h"
+#include <wx/persist/toplevel.h>
+
+
+class wxEventMonitorFrame : public wxEventMonitorFrameBase
+{
+public:
+    wxEventMonitorFrame();
+
+    friend class wxPersistentEventMonitorFrame;
+
+protected:
+    void OnExit(wxCommandEvent& event);
+    wxDECLARE_EVENT_TABLE();
+};
+
+
+class wxPersistentEventMonitorFrame : public wxPersistentTLW
+{
+public:
+    wxPersistentEventMonitorFrame(wxEventMonitorFrame *wnd);
+
+    virtual void Save() const;
+    virtual bool Restore();
+};
+
+
+inline wxPersistentObject *wxCreatePersistentObject(wxEventMonitorFrame *wnd)
+{
+    return new wxPersistentEventMonitorFrame(wnd);
+}

EventMonitor/LogPanel.cpp

@@ -0,0 +1,80 @@
+/*
+    Copyright 2015-2016 Amebis
+    Copyright 2016 G<>ANT
+
+    This file is part of G<>ANTLink.
+
+    G<>ANTLink is free software: you can redistribute it and/or modify it
+    under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    G<>ANTLink is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with G<>ANTLink. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "StdAfx.h"
+
+
+//////////////////////////////////////////////////////////////////////////
+// wxEventMonitorLogPanel
+//////////////////////////////////////////////////////////////////////////
+
+wxEventMonitorLogPanel::wxEventMonitorLogPanel(wxWindow* parent) : wxEventMonitorLogPanelBase(parent)
+{
+    // Set focus.
+    m_log->SetFocus();
+}
+
+
+//////////////////////////////////////////////////////////////////////////
+// wxPersistentEventMonitorLogPanel
+//////////////////////////////////////////////////////////////////////////
+
+wxPersistentEventMonitorLogPanel::wxPersistentEventMonitorLogPanel(wxEventMonitorLogPanel *wnd) : wxPersistentWindow<wxEventMonitorLogPanel>(wnd)
+{
+}
+
+
+wxString wxPersistentEventMonitorLogPanel::GetKind() const
+{
+    return wxT(wxPERSIST_TLW_KIND);
+}
+
+
+void wxPersistentEventMonitorLogPanel::Save() const
+{
+    const wxEventMonitorLogPanel * const wnd = static_cast<const wxEventMonitorLogPanel*>(GetWindow());
+
+    // Save log's column widths.
+    wxListItem col;
+    col.SetMask(wxLIST_MASK_TEXT | wxLIST_MASK_WIDTH);
+    for (int i = 0, n = wnd->m_log->GetColumnCount(); i < n; i++) {
+        wnd->m_log->GetColumn(i, col);
+        SaveValue(wxString::Format(wxT("Column%sWidth"), col.GetText().c_str()), col.GetWidth());
+    }
+}
+
+
+bool wxPersistentEventMonitorLogPanel::Restore()
+{
+    wxEventMonitorLogPanel * const wnd = static_cast<wxEventMonitorLogPanel*>(GetWindow());
+
+    // Restore log's column widths.
+    wxListItem col;
+    col.SetMask(wxLIST_MASK_TEXT);
+    for (int i = 0, n = wnd->m_log->GetColumnCount(); i < n; i++) {
+        wnd->m_log->GetColumn(i, col);
+
+        int width;
+        if (RestoreValue(wxString::Format(wxT("Column%sWidth"), col.GetText().c_str()), &width))
+            wnd->m_log->SetColumnWidth(i, width);
+    }
+
+    return true;
+}

EventMonitor/LogPanel.h

@@ -0,0 +1,60 @@
+/*
+    Copyright 2015-2016 Amebis
+    Copyright 2016 G<>ANT
+
+    This file is part of G<>ANTLink.
+
+    G<>ANTLink is free software: you can redistribute it and/or modify it
+    under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    G<>ANTLink is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with G<>ANTLink. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+///
+/// EventMonitor trace log panel
+///
+class wxEventMonitorLogPanel;
+
+///
+/// Supports saving/restoring wxEventMonitorLogPanel state
+///
+class wxPersistentEventMonitorLogPanel;
+
+#pragma once
+
+#include "wxEventMonitor_UI.h"
+#include <wx/persist/window.h>
+
+
+class wxEventMonitorLogPanel : public wxEventMonitorLogPanelBase
+{
+public:
+    wxEventMonitorLogPanel(wxWindow* parent);
+
+    friend class wxPersistentEventMonitorLogPanel;   // Allow saving/restoring window state.
+};
+
+
+class wxPersistentEventMonitorLogPanel : public wxPersistentWindow<wxEventMonitorLogPanel>
+{
+public:
+    wxPersistentEventMonitorLogPanel(wxEventMonitorLogPanel *wnd);
+
+    virtual wxString GetKind() const;
+    virtual void Save() const;
+    virtual bool Restore();
+};
+
+
+inline wxPersistentObject *wxCreatePersistentObject(wxEventMonitorLogPanel *wnd)
+{
+    return new wxPersistentEventMonitorLogPanel(wnd);
+}

EventMonitor/README.md

@@ -1,9 +0,0 @@
-#EventMonitor
-Output real-time G<>ANTLink events to console
-
-##Usage
-```
-EventMonitor
-```
-
-Press Ctrl+C to stop the program.

EventMonitor/StdAfx.h

@@ -20,13 +20,24 @@
 
 #pragma once
 
+#include "App.h"
+#include "ETWLog.h"
+#include "Frame.h"
+#include "LogPanel.h"
+
 #include "../include/Version.h"
 
+#include <wxex/common.h>
+#include <wxex/persist/auimanager.h>
+
 #include <WinStd/COM.h>
 #include <WinStd/ETW.h>
 #include <WinStd/Win.h>
 
 #include <Windows.h>
+#include <Msi.h>
+#include <tchar.h>
+
 #include <in6addr.h>
 #include <MSTcpIP.h>
 #include <Sddl.h>

EventMonitor/locale/EventMonitor.pot

@@ -0,0 +1,47 @@
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: EventMonitor\n"
+"POT-Creation-Date: 2016-07-15 13:05+0200\n"
+"PO-Revision-Date: 2016-06-02 12:27+0200\n"
+"Last-Translator: Simon Rozman <simon.rozman@amebis.si>\n"
+"Language-Team: Amebis, d. o. o., Kamnik <info@amebis.si>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.8\n"
+"X-Poedit-Basepath: ..\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"Language: en_US\n"
+"X-Poedit-SourceCharset: UTF-8\n"
+"X-Poedit-KeywordsList: _\n"
+"X-Poedit-SearchPath-0: .\n"
+
+#: App.cpp:69 wxEventMonitor_UI.h:54
+msgid "Event Monitor"
+msgstr ""
+
+#: LogPanel.cpp:30
+msgid "Time"
+msgstr ""
+
+#: LogPanel.cpp:31
+msgid "Source"
+msgstr ""
+
+#: wxEventMonitor_UI.cpp:23
+msgid "E&xit"
+msgstr ""
+
+#: wxEventMonitor_UI.cpp:23
+msgid "Quit this program"
+msgstr ""
+
+#: wxEventMonitor_UI.cpp:26
+#, fuzzy
+msgid "&Program"
+msgstr "You don't have %s subscription yet."
+
+#: wxEventMonitor_UI.cpp:32
+msgid "Log Trace"
+msgstr ""

EventMonitor/wxEventMonitor_UI.cpp

@@ -0,0 +1,74 @@
+///////////////////////////////////////////////////////////////////////////
+// C++ code generated with wxFormBuilder (version Jun 17 2015)
+// http://www.wxformbuilder.org/
+//
+// PLEASE DO "NOT" EDIT THIS FILE!
+///////////////////////////////////////////////////////////////////////////
+
+#include "StdAfx.h"
+
+#include "ETWLog.h"
+
+#include "wxEventMonitor_UI.h"
+
+///////////////////////////////////////////////////////////////////////////
+
+wxEventMonitorFrameBase::wxEventMonitorFrameBase( wxWindow* parent, wxWindowID id, const wxString& title, const wxPoint& pos, const wxSize& size, long style, const wxString& name ) : wxFrame( parent, id, title, pos, size, style, name )
+{
+	this->SetSizeHints( wxSize( 150,150 ), wxDefaultSize );
+	m_mgr.SetManagedWindow(this);
+	m_mgr.SetFlags(wxAUI_MGR_DEFAULT);
+	
+	m_menubar = new wxMenuBar( 0 );
+	m_menuProgram = new wxMenu();
+	wxMenuItem* m_menuItemExit;
+	m_menuItemExit = new wxMenuItem( m_menuProgram, wxID_EXIT, wxString( _("E&xit") ) + wxT('\t') + wxT("Alt+F4"), _("Quit this program"), wxITEM_NORMAL );
+	m_menuProgram->Append( m_menuItemExit );
+	
+	m_menubar->Append( m_menuProgram, _("&Program") ); 
+	
+	this->SetMenuBar( m_menubar );
+	
+	m_panel = new wxEventMonitorLogPanel( this );
+	
+	m_mgr.AddPane( m_panel, wxAuiPaneInfo() .Name( wxT("LogPanel") ).Center() .Caption( _("Log Trace") ).CaptionVisible( false ).CloseButton( false ).PaneBorder( false ).Dock().Resizable().FloatingSize( wxDefaultSize ).Floatable( false ) );
+	
+	m_statusBar = this->CreateStatusBar( 1, wxST_SIZEGRIP, wxID_ANY );
+	
+	m_mgr.Update();
+	this->Centre( wxBOTH );
+	
+	// Connect Events
+	this->Connect( wxEVT_CLOSE_WINDOW, wxCloseEventHandler( wxEventMonitorFrameBase::OnClose ) );
+	this->Connect( wxEVT_ICONIZE, wxIconizeEventHandler( wxEventMonitorFrameBase::OnIconize ) );
+	this->Connect( wxEVT_IDLE, wxIdleEventHandler( wxEventMonitorFrameBase::OnIdle ) );
+}
+
+wxEventMonitorFrameBase::~wxEventMonitorFrameBase()
+{
+	// Disconnect Events
+	this->Disconnect( wxEVT_CLOSE_WINDOW, wxCloseEventHandler( wxEventMonitorFrameBase::OnClose ) );
+	this->Disconnect( wxEVT_ICONIZE, wxIconizeEventHandler( wxEventMonitorFrameBase::OnIconize ) );
+	this->Disconnect( wxEVT_IDLE, wxIdleEventHandler( wxEventMonitorFrameBase::OnIdle ) );
+	
+	m_mgr.UnInit();
+	
+}
+
+wxEventMonitorLogPanelBase::wxEventMonitorLogPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style, const wxString& name ) : wxPanel( parent, id, pos, size, style, name )
+{
+	wxBoxSizer* bSizerMain;
+	bSizerMain = new wxBoxSizer( wxVERTICAL );
+	
+	m_log = new wxETWListCtrl( this, wxID_ANY, wxDefaultPosition, wxDefaultSize, wxLC_NO_SORT_HEADER|wxLC_REPORT|wxLC_SINGLE_SEL|wxNO_BORDER );
+	bSizerMain->Add( m_log, 1, wxEXPAND, 5 );
+	
+	
+	this->SetSizer( bSizerMain );
+	this->Layout();
+	bSizerMain->Fit( this );
+}
+
+wxEventMonitorLogPanelBase::~wxEventMonitorLogPanelBase()
+{
+}

EventMonitor/wxEventMonitor_UI.fbp

@@ -0,0 +1,449 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
+<wxFormBuilder_Project>
+    <FileVersion major="1" minor="13" />
+    <object class="Project" expanded="1">
+        <property name="class_decoration"></property>
+        <property name="code_generation">C++</property>
+        <property name="disconnect_events">1</property>
+        <property name="disconnect_mode">source_name</property>
+        <property name="disconnect_php_events">0</property>
+        <property name="disconnect_python_events">0</property>
+        <property name="embedded_files_path">.</property>
+        <property name="encoding">UTF-8</property>
+        <property name="event_generation">connect</property>
+        <property name="file">wxEventMonitor_UI</property>
+        <property name="first_id">1000</property>
+        <property name="help_provider">none</property>
+        <property name="internationalize">1</property>
+        <property name="name">wxEventMonitor_UI</property>
+        <property name="namespace"></property>
+        <property name="path">.</property>
+        <property name="precompiled_header">#include &quot;StdAfx.h&quot;</property>
+        <property name="relative_path">1</property>
+        <property name="skip_lua_events">1</property>
+        <property name="skip_php_events">1</property>
+        <property name="skip_python_events">1</property>
+        <property name="ui_table">UI</property>
+        <property name="use_enum">1</property>
+        <property name="use_microsoft_bom">1</property>
+        <object class="Frame" expanded="1">
+            <property name="aui_managed">1</property>
+            <property name="aui_manager_style">wxAUI_MGR_DEFAULT</property>
+            <property name="bg"></property>
+            <property name="center">wxBOTH</property>
+            <property name="context_help"></property>
+            <property name="context_menu">1</property>
+            <property name="enabled">1</property>
+            <property name="event_handler">impl_virtual</property>
+            <property name="extra_style"></property>
+            <property name="fg"></property>
+            <property name="font"></property>
+            <property name="hidden">0</property>
+            <property name="id">wxID_ANY</property>
+            <property name="maximum_size"></property>
+            <property name="minimum_size">150,150</property>
+            <property name="name">wxEventMonitorFrameBase</property>
+            <property name="pos"></property>
+            <property name="size">600,400</property>
+            <property name="style">wxDEFAULT_FRAME_STYLE</property>
+            <property name="subclass"></property>
+            <property name="title">Event Monitor</property>
+            <property name="tooltip"></property>
+            <property name="window_extra_style"></property>
+            <property name="window_name">EventMonitor</property>
+            <property name="window_style">wxTAB_TRAVERSAL</property>
+            <property name="xrc_skip_sizer">1</property>
+            <event name="OnActivate"></event>
+            <event name="OnActivateApp"></event>
+            <event name="OnAuiFindManager"></event>
+            <event name="OnAuiPaneButton"></event>
+            <event name="OnAuiPaneClose"></event>
+            <event name="OnAuiPaneMaximize"></event>
+            <event name="OnAuiPaneRestore"></event>
+            <event name="OnAuiRender"></event>
+            <event name="OnChar"></event>
+            <event name="OnClose">OnClose</event>
+            <event name="OnEnterWindow"></event>
+            <event name="OnEraseBackground"></event>
+            <event name="OnHibernate"></event>
+            <event name="OnIconize">OnIconize</event>
+            <event name="OnIdle">OnIdle</event>
+            <event name="OnKeyDown"></event>
+            <event name="OnKeyUp"></event>
+            <event name="OnKillFocus"></event>
+            <event name="OnLeaveWindow"></event>
+            <event name="OnLeftDClick"></event>
+            <event name="OnLeftDown"></event>
+            <event name="OnLeftUp"></event>
+            <event name="OnMiddleDClick"></event>
+            <event name="OnMiddleDown"></event>
+            <event name="OnMiddleUp"></event>
+            <event name="OnMotion"></event>
+            <event name="OnMouseEvents"></event>
+            <event name="OnMouseWheel"></event>
+            <event name="OnPaint"></event>
+            <event name="OnRightDClick"></event>
+            <event name="OnRightDown"></event>
+            <event name="OnRightUp"></event>
+            <event name="OnSetFocus"></event>
+            <event name="OnSize"></event>
+            <event name="OnUpdateUI"></event>
+            <object class="wxMenuBar" expanded="1">
+                <property name="bg"></property>
+                <property name="context_help"></property>
+                <property name="context_menu">1</property>
+                <property name="enabled">1</property>
+                <property name="fg"></property>
+                <property name="font"></property>
+                <property name="hidden">0</property>
+                <property name="id">wxID_ANY</property>
+                <property name="label">Menu</property>
+                <property name="maximum_size"></property>
+                <property name="minimum_size"></property>
+                <property name="name">m_menubar</property>
+                <property name="permission">protected</property>
+                <property name="pos"></property>
+                <property name="size"></property>
+                <property name="style"></property>
+                <property name="subclass"></property>
+                <property name="tooltip"></property>
+                <property name="window_extra_style"></property>
+                <property name="window_name"></property>
+                <property name="window_style"></property>
+                <event name="OnChar"></event>
+                <event name="OnEnterWindow"></event>
+                <event name="OnEraseBackground"></event>
+                <event name="OnKeyDown"></event>
+                <event name="OnKeyUp"></event>
+                <event name="OnKillFocus"></event>
+                <event name="OnLeaveWindow"></event>
+                <event name="OnLeftDClick"></event>
+                <event name="OnLeftDown"></event>
+                <event name="OnLeftUp"></event>
+                <event name="OnMiddleDClick"></event>
+                <event name="OnMiddleDown"></event>
+                <event name="OnMiddleUp"></event>
+                <event name="OnMotion"></event>
+                <event name="OnMouseEvents"></event>
+                <event name="OnMouseWheel"></event>
+                <event name="OnPaint"></event>
+                <event name="OnRightDClick"></event>
+                <event name="OnRightDown"></event>
+                <event name="OnRightUp"></event>
+                <event name="OnSetFocus"></event>
+                <event name="OnSize"></event>
+                <event name="OnUpdateUI"></event>
+                <object class="wxMenu" expanded="1">
+                    <property name="label">&amp;Program</property>
+                    <property name="name">m_menuProgram</property>
+                    <property name="permission">protected</property>
+                    <object class="wxMenuItem" expanded="0">
+                        <property name="bitmap"></property>
+                        <property name="checked">0</property>
+                        <property name="enabled">1</property>
+                        <property name="help">Quit this program</property>
+                        <property name="id">wxID_EXIT</property>
+                        <property name="kind">wxITEM_NORMAL</property>
+                        <property name="label">E&amp;xit</property>
+                        <property name="name">m_menuItemExit</property>
+                        <property name="permission">none</property>
+                        <property name="shortcut">Alt+F4</property>
+                        <property name="unchecked_bitmap"></property>
+                        <event name="OnMenuSelection"></event>
+                        <event name="OnUpdateUI"></event>
+                    </object>
+                </object>
+            </object>
+            <object class="CustomControl" expanded="0">
+                <property name="BottomDockable">1</property>
+                <property name="LeftDockable">1</property>
+                <property name="RightDockable">1</property>
+                <property name="TopDockable">1</property>
+                <property name="aui_layer"></property>
+                <property name="aui_name">LogPanel</property>
+                <property name="aui_position"></property>
+                <property name="aui_row"></property>
+                <property name="best_size"></property>
+                <property name="bg"></property>
+                <property name="caption">Log Trace</property>
+                <property name="caption_visible">0</property>
+                <property name="center_pane">0</property>
+                <property name="class">wxEventMonitorLogPanel</property>
+                <property name="close_button">0</property>
+                <property name="construction">m_panel = new wxEventMonitorLogPanel( this );&#x0A;</property>
+                <property name="context_help"></property>
+                <property name="context_menu">1</property>
+                <property name="declaration">wxEventMonitorLogPanel* m_panel;</property>
+                <property name="default_pane">0</property>
+                <property name="dock">Dock</property>
+                <property name="dock_fixed">0</property>
+                <property name="docking">Center</property>
+                <property name="enabled">1</property>
+                <property name="fg"></property>
+                <property name="floatable">0</property>
+                <property name="font"></property>
+                <property name="gripper">0</property>
+                <property name="hidden">0</property>
+                <property name="id">wxID_ANY</property>
+                <property name="include">class wxEventMonitorLogPanel;</property>
+                <property name="max_size"></property>
+                <property name="maximize_button">0</property>
+                <property name="maximum_size"></property>
+                <property name="min_size"></property>
+                <property name="minimize_button">0</property>
+                <property name="minimum_size"></property>
+                <property name="moveable">1</property>
+                <property name="name">m_panel</property>
+                <property name="pane_border">0</property>
+                <property name="pane_position"></property>
+                <property name="pane_size"></property>
+                <property name="permission">public</property>
+                <property name="pin_button">0</property>
+                <property name="pos"></property>
+                <property name="resize">Resizable</property>
+                <property name="settings"></property>
+                <property name="show">1</property>
+                <property name="size"></property>
+                <property name="subclass"></property>
+                <property name="toolbar_pane">0</property>
+                <property name="tooltip"></property>
+                <property name="window_extra_style"></property>
+                <property name="window_name"></property>
+                <property name="window_style"></property>
+                <event name="OnChar"></event>
+                <event name="OnEnterWindow"></event>
+                <event name="OnEraseBackground"></event>
+                <event name="OnKeyDown"></event>
+                <event name="OnKeyUp"></event>
+                <event name="OnKillFocus"></event>
+                <event name="OnLeaveWindow"></event>
+                <event name="OnLeftDClick"></event>
+                <event name="OnLeftDown"></event>
+                <event name="OnLeftUp"></event>
+                <event name="OnMiddleDClick"></event>
+                <event name="OnMiddleDown"></event>
+                <event name="OnMiddleUp"></event>
+                <event name="OnMotion"></event>
+                <event name="OnMouseEvents"></event>
+                <event name="OnMouseWheel"></event>
+                <event name="OnPaint"></event>
+                <event name="OnRightDClick"></event>
+                <event name="OnRightDown"></event>
+                <event name="OnRightUp"></event>
+                <event name="OnSetFocus"></event>
+                <event name="OnSize"></event>
+                <event name="OnUpdateUI"></event>
+            </object>
+            <object class="wxStatusBar" expanded="0">
+                <property name="bg"></property>
+                <property name="context_help"></property>
+                <property name="context_menu">1</property>
+                <property name="enabled">1</property>
+                <property name="fg"></property>
+                <property name="fields">1</property>
+                <property name="font"></property>
+                <property name="hidden">0</property>
+                <property name="id">wxID_ANY</property>
+                <property name="maximum_size"></property>
+                <property name="minimum_size"></property>
+                <property name="name">m_statusBar</property>
+                <property name="permission">protected</property>
+                <property name="pos"></property>
+                <property name="size"></property>
+                <property name="style">wxST_SIZEGRIP</property>
+                <property name="subclass"></property>
+                <property name="tooltip"></property>
+                <property name="window_extra_style"></property>
+                <property name="window_name"></property>
+                <property name="window_style"></property>
+                <event name="OnChar"></event>
+                <event name="OnEnterWindow"></event>
+                <event name="OnEraseBackground"></event>
+                <event name="OnKeyDown"></event>
+                <event name="OnKeyUp"></event>
+                <event name="OnKillFocus"></event>
+                <event name="OnLeaveWindow"></event>
+                <event name="OnLeftDClick"></event>
+                <event name="OnLeftDown"></event>
+                <event name="OnLeftUp"></event>
+                <event name="OnMiddleDClick"></event>
+                <event name="OnMiddleDown"></event>
+                <event name="OnMiddleUp"></event>
+                <event name="OnMotion"></event>
+                <event name="OnMouseEvents"></event>
+                <event name="OnMouseWheel"></event>
+                <event name="OnPaint"></event>
+                <event name="OnRightDClick"></event>
+                <event name="OnRightDown"></event>
+                <event name="OnRightUp"></event>
+                <event name="OnSetFocus"></event>
+                <event name="OnSize"></event>
+                <event name="OnUpdateUI"></event>
+            </object>
+        </object>
+        <object class="Panel" expanded="1">
+            <property name="aui_managed">0</property>
+            <property name="aui_manager_style">wxAUI_MGR_DEFAULT</property>
+            <property name="bg"></property>
+            <property name="context_help"></property>
+            <property name="context_menu">1</property>
+            <property name="enabled">1</property>
+            <property name="event_handler">impl_virtual</property>
+            <property name="fg"></property>
+            <property name="font"></property>
+            <property name="hidden">0</property>
+            <property name="id">wxID_ANY</property>
+            <property name="maximum_size"></property>
+            <property name="minimum_size"></property>
+            <property name="name">wxEventMonitorLogPanelBase</property>
+            <property name="pos"></property>
+            <property name="size">-1,-1</property>
+            <property name="subclass"></property>
+            <property name="tooltip"></property>
+            <property name="window_extra_style"></property>
+            <property name="window_name">EventMonitorLogPanel</property>
+            <property name="window_style">wxTAB_TRAVERSAL</property>
+            <event name="OnAuiFindManager"></event>
+            <event name="OnAuiPaneButton"></event>
+            <event name="OnAuiPaneClose"></event>
+            <event name="OnAuiPaneMaximize"></event>
+            <event name="OnAuiPaneRestore"></event>
+            <event name="OnAuiRender"></event>
+            <event name="OnChar"></event>
+            <event name="OnEnterWindow"></event>
+            <event name="OnEraseBackground"></event>
+            <event name="OnInitDialog"></event>
+            <event name="OnKeyDown"></event>
+            <event name="OnKeyUp"></event>
+            <event name="OnKillFocus"></event>
+            <event name="OnLeaveWindow"></event>
+            <event name="OnLeftDClick"></event>
+            <event name="OnLeftDown"></event>
+            <event name="OnLeftUp"></event>
+            <event name="OnMiddleDClick"></event>
+            <event name="OnMiddleDown"></event>
+            <event name="OnMiddleUp"></event>
+            <event name="OnMotion"></event>
+            <event name="OnMouseEvents"></event>
+            <event name="OnMouseWheel"></event>
+            <event name="OnPaint"></event>
+            <event name="OnRightDClick"></event>
+            <event name="OnRightDown"></event>
+            <event name="OnRightUp"></event>
+            <event name="OnSetFocus"></event>
+            <event name="OnSize"></event>
+            <event name="OnUpdateUI"></event>
+            <object class="wxBoxSizer" expanded="1">
+                <property name="minimum_size"></property>
+                <property name="name">bSizerMain</property>
+                <property name="orient">wxVERTICAL</property>
+                <property name="permission">none</property>
+                <object class="sizeritem" expanded="1">
+                    <property name="border">5</property>
+                    <property name="flag">wxEXPAND</property>
+                    <property name="proportion">1</property>
+                    <object class="wxListCtrl" expanded="1">
+                        <property name="BottomDockable">1</property>
+                        <property name="LeftDockable">1</property>
+                        <property name="RightDockable">1</property>
+                        <property name="TopDockable">1</property>
+                        <property name="aui_layer"></property>
+                        <property name="aui_name"></property>
+                        <property name="aui_position"></property>
+                        <property name="aui_row"></property>
+                        <property name="best_size"></property>
+                        <property name="bg"></property>
+                        <property name="caption"></property>
+                        <property name="caption_visible">1</property>
+                        <property name="center_pane">0</property>
+                        <property name="close_button">1</property>
+                        <property name="context_help"></property>
+                        <property name="context_menu">1</property>
+                        <property name="default_pane">0</property>
+                        <property name="dock">Dock</property>
+                        <property name="dock_fixed">0</property>
+                        <property name="docking">Left</property>
+                        <property name="enabled">1</property>
+                        <property name="fg"></property>
+                        <property name="floatable">1</property>
+                        <property name="font"></property>
+                        <property name="gripper">0</property>
+                        <property name="hidden">0</property>
+                        <property name="id">wxID_ANY</property>
+                        <property name="max_size"></property>
+                        <property name="maximize_button">0</property>
+                        <property name="maximum_size"></property>
+                        <property name="min_size"></property>
+                        <property name="minimize_button">0</property>
+                        <property name="minimum_size"></property>
+                        <property name="moveable">1</property>
+                        <property name="name">m_log</property>
+                        <property name="pane_border">1</property>
+                        <property name="pane_position"></property>
+                        <property name="pane_size"></property>
+                        <property name="permission">protected</property>
+                        <property name="pin_button">1</property>
+                        <property name="pos"></property>
+                        <property name="resize">Resizable</property>
+                        <property name="show">1</property>
+                        <property name="size"></property>
+                        <property name="style">wxLC_NO_SORT_HEADER|wxLC_REPORT|wxLC_SINGLE_SEL</property>
+                        <property name="subclass">wxETWListCtrl; ETWLog.h</property>
+                        <property name="toolbar_pane">0</property>
+                        <property name="tooltip"></property>
+                        <property name="validator_data_type"></property>
+                        <property name="validator_style">wxFILTER_NONE</property>
+                        <property name="validator_type">wxDefaultValidator</property>
+                        <property name="validator_variable"></property>
+                        <property name="window_extra_style"></property>
+                        <property name="window_name"></property>
+                        <property name="window_style">wxNO_BORDER</property>
+                        <event name="OnChar"></event>
+                        <event name="OnEnterWindow"></event>
+                        <event name="OnEraseBackground"></event>
+                        <event name="OnKeyDown"></event>
+                        <event name="OnKeyUp"></event>
+                        <event name="OnKillFocus"></event>
+                        <event name="OnLeaveWindow"></event>
+                        <event name="OnLeftDClick"></event>
+                        <event name="OnLeftDown"></event>
+                        <event name="OnLeftUp"></event>
+                        <event name="OnListBeginDrag"></event>
+                        <event name="OnListBeginLabelEdit"></event>
+                        <event name="OnListBeginRDrag"></event>
+                        <event name="OnListCacheHint"></event>
+                        <event name="OnListColBeginDrag"></event>
+                        <event name="OnListColClick"></event>
+                        <event name="OnListColDragging"></event>
+                        <event name="OnListColEndDrag"></event>
+                        <event name="OnListColRightClick"></event>
+                        <event name="OnListDeleteAllItems"></event>
+                        <event name="OnListDeleteItem"></event>
+                        <event name="OnListEndLabelEdit"></event>
+                        <event name="OnListInsertItem"></event>
+                        <event name="OnListItemActivated"></event>
+                        <event name="OnListItemDeselected"></event>
+                        <event name="OnListItemFocused"></event>
+                        <event name="OnListItemMiddleClick"></event>
+                        <event name="OnListItemRightClick"></event>
+                        <event name="OnListItemSelected"></event>
+                        <event name="OnListKeyDown"></event>
+                        <event name="OnMiddleDClick"></event>
+                        <event name="OnMiddleDown"></event>
+                        <event name="OnMiddleUp"></event>
+                        <event name="OnMotion"></event>
+                        <event name="OnMouseEvents"></event>
+                        <event name="OnMouseWheel"></event>
+                        <event name="OnPaint"></event>
+                        <event name="OnRightDClick"></event>
+                        <event name="OnRightDown"></event>
+                        <event name="OnRightUp"></event>
+                        <event name="OnSetFocus"></event>
+                        <event name="OnSize"></event>
+                        <event name="OnUpdateUI"></event>
+                    </object>
+                </object>
+            </object>
+        </object>
+    </object>
+</wxFormBuilder_Project>

EventMonitor/wxEventMonitor_UI.h

@@ -0,0 +1,80 @@
+///////////////////////////////////////////////////////////////////////////
+// C++ code generated with wxFormBuilder (version Jun 17 2015)
+// http://www.wxformbuilder.org/
+//
+// PLEASE DO "NOT" EDIT THIS FILE!
+///////////////////////////////////////////////////////////////////////////
+
+#ifndef __WXEVENTMONITOR_UI_H__
+#define __WXEVENTMONITOR_UI_H__
+
+#include <wx/artprov.h>
+#include <wx/xrc/xmlres.h>
+#include <wx/intl.h>
+class wxETWListCtrl;
+
+#include <wx/string.h>
+#include <wx/bitmap.h>
+#include <wx/image.h>
+#include <wx/icon.h>
+#include <wx/menu.h>
+#include <wx/gdicmn.h>
+#include <wx/font.h>
+#include <wx/colour.h>
+#include <wx/settings.h>
+class wxEventMonitorLogPanel;
+#include <wx/statusbr.h>
+#include <wx/frame.h>
+#include <wx/aui/aui.h>
+#include <wx/listctrl.h>
+#include <wx/sizer.h>
+#include <wx/panel.h>
+
+///////////////////////////////////////////////////////////////////////////
+
+///////////////////////////////////////////////////////////////////////////////
+/// Class wxEventMonitorFrameBase
+///////////////////////////////////////////////////////////////////////////////
+class wxEventMonitorFrameBase : public wxFrame 
+{
+	private:
+	
+	protected:
+		wxMenuBar* m_menubar;
+		wxMenu* m_menuProgram;
+		wxStatusBar* m_statusBar;
+		
+		// Virtual event handlers, overide them in your derived class
+		virtual void OnClose( wxCloseEvent& event ) { event.Skip(); }
+		virtual void OnIconize( wxIconizeEvent& event ) { event.Skip(); }
+		virtual void OnIdle( wxIdleEvent& event ) { event.Skip(); }
+		
+	
+	public:
+		wxEventMonitorLogPanel* m_panel;
+		
+		wxEventMonitorFrameBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxString& title = _("Event Monitor"), const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 600,400 ), long style = wxDEFAULT_FRAME_STYLE|wxTAB_TRAVERSAL, const wxString& name = wxT("EventMonitor") );
+		wxAuiManager m_mgr;
+		
+		~wxEventMonitorFrameBase();
+	
+};
+
+///////////////////////////////////////////////////////////////////////////////
+/// Class wxEventMonitorLogPanelBase
+///////////////////////////////////////////////////////////////////////////////
+class wxEventMonitorLogPanelBase : public wxPanel 
+{
+	private:
+	
+	protected:
+		wxETWListCtrl* m_log;
+	
+	public:
+		
+		wxEventMonitorLogPanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( -1,-1 ), long style = wxTAB_TRAVERSAL, const wxString& name = wxT("EventMonitorLogPanel") ); 
+		~wxEventMonitorLogPanelBase();
+	
+};
+
+#endif //__WXEVENTMONITOR_UI_H__

MSI/Base/locale/GEANTLink.pot

@@ -0,0 +1,41 @@
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: GÉANTLink MSI\n"
+"POT-Creation-Date: 2016-07-15 10:51+0200\n"
+"PO-Revision-Date: 2016-06-02 12:27+0200\n"
+"Last-Translator: Simon Rozman <simon.rozman@amebis.si>\n"
+"Language-Team: Amebis, d. o. o., Kamnik <info@amebis.si>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.8\n"
+"X-Poedit-Basepath: ../Main\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"Language: en_US\n"
+"X-Poedit-SourceCharset: UTF-8\n"
+"X-Poedit-KeywordsList: _\n"
+"X-Poedit-SearchPath-0: .\n"
+
+#: En.Win32.Release.Property-2.idtx:6 En.x64.Release.Property-2.idtx:6
+msgid "+386 1 8311 035"
+msgstr ""
+
+#: En.Win32.Release.Property-2.idtx:3 En.x64.Release.Property-2.idtx:3
+#, fuzzy
+msgid "1252"
+msgstr "1250"
+
+#: En.Win32.Release.Property-2.idtx:5 En.x64.Release.Property-2.idtx:5
+msgid "Amebis, p. p. 69, SI-1241 Kamnik, Slovenia, E.U."
+msgstr ""
+
+#: En.Win32.Release.Property-2.idtx:4 En.x64.Release.Property-2.idtx:4
+msgid "Amebis, Slovenia, E.U."
+msgstr ""
+
+#: En.Win32.Release.Property-2.idtx:7 En.Win32.Release.Property-2.idtx:8
+#: En.Win32.Release.Property-2.idtx:9 En.x64.Release.Property-2.idtx:7
+#: En.x64.Release.Property-2.idtx:8 En.x64.Release.Property-2.idtx:9
+msgid "http://www.amebis.si/"
+msgstr ""

VS10Solution.sln

@@ -42,6 +42,8 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MsiUseFeature", "MsiUseFeat
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "EventMonitor", "EventMonitor\EventMonitor.vcxproj", "{E0D0725B-B2FC-4225-9481-CA9B1B6306F2}"
 EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wxExtendLib", "lib\wxExtend\build\wxExtendLib.vcxproj", "{D3E29951-D9F5-486D-A167-20AE8E90B1FA}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Win32 = Debug|Win32
@@ -170,6 +172,14 @@ Global
 		{E0D0725B-B2FC-4225-9481-CA9B1B6306F2}.Release|Win32.Build.0 = Release|Win32
 		{E0D0725B-B2FC-4225-9481-CA9B1B6306F2}.Release|x64.ActiveCfg = Release|x64
 		{E0D0725B-B2FC-4225-9481-CA9B1B6306F2}.Release|x64.Build.0 = Release|x64
+		{D3E29951-D9F5-486D-A167-20AE8E90B1FA}.Debug|Win32.ActiveCfg = Debug|Win32
+		{D3E29951-D9F5-486D-A167-20AE8E90B1FA}.Debug|Win32.Build.0 = Debug|Win32
+		{D3E29951-D9F5-486D-A167-20AE8E90B1FA}.Debug|x64.ActiveCfg = Debug|x64
+		{D3E29951-D9F5-486D-A167-20AE8E90B1FA}.Debug|x64.Build.0 = Debug|x64
+		{D3E29951-D9F5-486D-A167-20AE8E90B1FA}.Release|Win32.ActiveCfg = Release|Win32
+		{D3E29951-D9F5-486D-A167-20AE8E90B1FA}.Release|Win32.Build.0 = Release|Win32
+		{D3E29951-D9F5-486D-A167-20AE8E90B1FA}.Release|x64.ActiveCfg = Release|x64
+		{D3E29951-D9F5-486D-A167-20AE8E90B1FA}.Release|x64.Build.0 = Release|x64
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -187,6 +197,7 @@ Global
 		{3D309C2E-64AB-4BC4-A16D-468571A2BC1A} = {E66A3FE1-4EE4-401F-8EAD-BE518B230393}
 		{9A25C261-8ADE-4938-8393-E857EF0E37E9} = {E66A3FE1-4EE4-401F-8EAD-BE518B230393}
 		{42F0F0F4-C928-4860-A4E4-94991C2C3D90} = {E66A3FE1-4EE4-401F-8EAD-BE518B230393}
+		{D3E29951-D9F5-486D-A167-20AE8E90B1FA} = {E66A3FE1-4EE4-401F-8EAD-BE518B230393}
 		{2D3CE079-7EB1-4F47-B79E-F0310671ECCB} = {7B5EC9B7-208C-426A-941D-DAF9271BD4A4}
 		{679D03C5-CD70-4FFA-93F8-A4AB3637509B} = {7B5EC9B7-208C-426A-941D-DAF9271BD4A4}
 		{E0D0725B-B2FC-4225-9481-CA9B1B6306F2} = {7B5EC9B7-208C-426A-941D-DAF9271BD4A4}

include/Common.props

@@ -24,15 +24,15 @@
   </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
-    <IntDir>temp\$(ProjectName).$(Platform).$(Configuration).$(PlatformToolset)\</IntDir>
-    <OutDir>temp\$(ProjectName).$(Platform).$(Configuration).$(PlatformToolset)\</OutDir>
+    <IntDir>temp\$(MSBuildProjectName).$(Platform).$(Configuration).$(PlatformToolset)\</IntDir>
+    <OutDir>temp\$(MSBuildProjectName).$(Platform).$(Configuration).$(PlatformToolset)\</OutDir>
     <IncludePath>$(WXWIN)\include\msvc;$(WXWIN)\include;$(IncludePath)</IncludePath>
     <SourcePath>$(WXWIN)\src\aui;$(WXWIN)\src\cocoa;$(WXWIN)\src\common;$(WXWIN)\src\dfb;$(WXWIN)\src\expat;$(WXWIN)\src\generic;$(WXWIN)\src\gtk;$(WXWIN)\src\gtk1;$(WXWIN)\src\html;$(WXWIN)\src\jpeg;$(WXWIN)\src\motif;$(WXWIN)\src\msdos;$(WXWIN)\src\msw;$(WXWIN)\src\os2;$(WXWIN)\src\osx;$(WXWIN)\src\png;$(WXWIN)\src\propgrid;$(WXWIN)\src\regex;$(WXWIN)\src\ribbon;$(WXWIN)\src\richtext;$(WXWIN)\src\stc;$(WXWIN)\src\tiff;$(WXWIN)\src\univ;$(WXWIN)\src\unix;$(WXWIN)\src\x11;$(WXWIN)\src\xml;$(WXWIN)\src\xrc;$(WXWIN)\src\zlib;$(SourcePath)</SourcePath>
   </PropertyGroup>
   <ItemDefinitionGroup>
     <ClCompile>
       <WarningLevel>Level4</WarningLevel>
-      <PreprocessorDefinitions>_WIN32_WINNT=0x0600;ISOLATION_AWARE_ENABLED=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>_WIN32_WINNT=0x0600;ISOLATION_AWARE_ENABLED=1;SECURITY_WIN32;CERT_CHAIN_PARA_HAS_EXTRA_FIELDS;EAP_TLS=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <PrecompiledHeader>Use</PrecompiledHeader>
       <PrecompiledHeaderFile>StdAfx.h</PrecompiledHeaderFile>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>

include/Version.h

@@ -29,7 +29,7 @@
 // Product version as a single DWORD
 // Note: Used for version comparison within C/C++ code.
 //
-#define PRODUCT_VERSION          0x00ff0500
+#define PRODUCT_VERSION          0x00ff0c00
 
 //
 // Product version by components
@@ -39,26 +39,26 @@
 //
 #define PRODUCT_VERSION_MAJ      0
 #define PRODUCT_VERSION_MIN      255
-#define PRODUCT_VERSION_REV      5
+#define PRODUCT_VERSION_REV      12
 #define PRODUCT_VERSION_BUILD    0
 
 //
 // Human readable product version and build year for UI
 //
-#define PRODUCT_VERSION_STR      "1.0-alpha5"
+#define PRODUCT_VERSION_STR      "1.0-alpha12"
 #define PRODUCT_BUILD_YEAR_STR   "2016"
 
 //
 // Numerical version presentation for ProductVersion propery in
 // MSI packages (syntax: N.N[.N[.N]])
 //
-#define PRODUCT_VERSION_INST     "0.255.5"
+#define PRODUCT_VERSION_INST     "0.255.12"
 
 //
 // The product code for ProductCode property in MSI packages
 // Replace with new on every version change, regardless how minor it is.
 //
-#define PRODUCT_VERSION_GUID     "{4A006C27-4001-47C7-B0C2-2A16525A17C3}"
+#define PRODUCT_VERSION_GUID     "{6F5B0B97-B6BB-4D3E-9FEC-41E6CDC3868F}"
 
 //
 // Since the product name is not finally confirmed at the time of

include/xgettext.targets

@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+    Copyright 1991-2016 Amebis
+	Copyright 2016 GÉANT
+
+    This file is part of GÉANTLink.
+
+    GÉANTLink is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    GÉANTLink is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+-->
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <PropertyPageSchema Include="$(MSBuildThisFileDirectory)$(MSBuildThisFileName).xml" />
+    <AvailableItemName Include="POCompile">
+      <Targets>POCompile</Targets>
+    </AvailableItemName>
+  </ItemGroup>
+  <UsingTask TaskName="POCompile" TaskFactory="XamlTaskFactory" AssemblyName="Microsoft.Build.Tasks.v4.0">
+    <Task>$(MSBuildThisFileDirectory)$(MSBuildThisFileName).xml</Task>
+  </UsingTask>
+  <Target
+    Name="POCompile"
+    BeforeTargets="$(POCompileBeforeTargets)"
+    AfterTargets="$(POCompileAfterTargets)"
+    DependsOnTargets="$(POCompilationDependsOn)"
+    Inputs="@(POCompile);$(MSBuildProjectFile)"
+    Outputs="%(POCompile.OutputFile)"
+  >
+    <ItemGroup Condition="'@(SelectedFiles)' != ''">
+      <POCompile Remove="@(POCompile)" Condition="'%(Identity)' != '@(SelectedFiles)'" />
+    </ItemGroup>
+    <Message Text="Compiling localization catalogues..." />
+    <POCompile
+      Condition="'@(POCompile)' != '' and '%(POCompile.ExcludedFromBuild)' != 'true'"
+      Inputs="@(POCompile)"
+      OperationMode="%(POCompile.OperationMode)"
+      Strict="%(POCompile.Strict)"
+      CheckFormat="%(POCompile.CheckFormat)"
+      CheckHeader="%(POCompile.CheckHeader)"
+      CheckDomain="%(POCompile.CheckDomain)"
+      CheckCompat="%(POCompile.CheckCompat)"
+      CheckAccel="%(POCompile.CheckAccel)"
+      OutputFile="%(POCompile.OutputFile)"
+      UseFuzzy="%(POCompile.UseFuzzy)"
+      Alignment="%(POCompile.Alignment)"
+      Endianess="%(POCompile.Endianess)"
+      AdditionalOptions="%(POCompile.AdditionalOptions)"
+      CommandLineTemplate="%(POCompile.CommandLineTemplate)" />
+  </Target>
+  <Target Name="POCompilationClean">
+    <Delete Files="%(POCompile.OutputFile)" ContinueOnError="true" />
+  </Target>
+  <PropertyGroup>
+    <CleanDependsOn>POCompilationClean;$(CleanDependsOn);</CleanDependsOn>
+  </PropertyGroup>
+</Project>

include/xgettext.xml

@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+    Copyright 1991-2016 Amebis
+	Copyright 2016 GÉANT
+
+    This file is part of GÉANTLink.
+
+    GÉANTLink is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    GÉANTLink is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+-->
+<ProjectSchemaDefinitions xmlns="clr-namespace:Microsoft.Build.Framework.XamlTypes;assembly=Microsoft.Build.Framework" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns:sys="clr-namespace:System;assembly=mscorlib" xmlns:transformCallback="Microsoft.Cpp.Dev10.ConvertPropertyCallback">
+  <Rule Name="POCompile" PageTemplate="tool" DisplayName="PO Compiler" SwitchPrefix="--" Order="200">
+    <Rule.DataSource>
+      <DataSource Persistence="ProjectFile" ItemType="POCompile" />
+    </Rule.DataSource>
+    <Rule.Categories>
+      <Category Name="General"      DisplayName="General" />
+      <Category Name="Input"        DisplayName="Input" />
+      <Category Name="Output"       DisplayName="Output" />
+      <Category Name="Command Line" DisplayName="Command Line" Subtype="CommandLine" />
+    </Rule.Categories>
+    <EnumProperty   Category="General" Name="OperationMode" DisplayName="Operation Mode" Description="Specifies the operation mode.">
+      <EnumValue Name="MO"                                  DisplayName="Default"       Description="Generate MO file (default)." />
+      <EnumValue Name="Java"      Switch="java"             DisplayName="Java"          Description="Generate a Java ResourceBundle class." />
+      <EnumValue Name="Java2"     Switch="java2"            DisplayName="Java2"         Description="Like Java, and assume Java2 (JDK 1.2 or higher)." />
+      <EnumValue Name="Csharp"    Switch="csharp"           DisplayName="C#"            Description="Generate a .NET .dll file." />
+      <EnumValue Name="CsharpRes" Switch="csharp-resources" DisplayName="C# Resource"   Description="Generate a .NET .resources file." />
+      <EnumValue Name="Tcl"       Switch="tcl"              DisplayName="Tcl"           Description="Generate a tcl/msgcat .msg file." />
+      <EnumValue Name="Qt"        Switch="qt"               DisplayName="Qt"            Description="Generate a Qt .qm file." />
+      <EnumValue Name="Desktop"   Switch="desktop"          DisplayName="Desktop Entry" Description="Generate a .desktop file." />
+    </EnumProperty>
+    <BoolProperty   Category="General" Name="Strict"      Switch="strict"              DisplayName="Enable strict mode"  Description="Enable strict Uniforum mode." />
+    <BoolProperty   Category="Input"   Name="CheckFormat" Switch="check-format"        DisplayName="Check Format"        Description="Check language dependent format strings." />
+    <BoolProperty   Category="Input"   Name="CheckHeader" Switch="check-header"        DisplayName="Check Header"        Description="Verify presence and contents of the header entry." />
+    <BoolProperty   Category="Input"   Name="CheckDomain" Switch="check-domain"        DisplayName="Check Domain"        Description="Check for conflicts between domain directives and the --output-file option." />
+    <BoolProperty   Category="Input"   Name="CheckCompat" Switch="check-compatibility" DisplayName="Check Compatibility" Description="Check that GNU msgfmt behaves like X/Open msgfmt." />
+    <EnumProperty   Category="Input"   Name="CheckAccel"                               DisplayName="Check Accelerators"  Description="Check presence of keyboard accelerators for menu items.">
+      <EnumValue Name="None"                                                       DisplayName="None"       Description="No check" />
+      <EnumValue Name="Amperstand"   Switch="check-accelerators=&quot;&amp;&quot;" DisplayName="Amperstand" Description="Check keyborad accellerator marked with an amperstand &amp;." />
+    </EnumProperty>
+    <StringProperty Category="Output"  Name="OutputFile"  Switch="output-file="        DisplayName="Output File"         Description="The name and location of the output file that compiler creates." Subtype="file" />
+    <BoolProperty   Category="Output"  Name="UseFuzzy"    Switch="use-fuzzy"           DisplayName="Use Fuzzy Entries"   Description="Use fuzzy entries in output." />
+    <IntProperty    Category="Output"  Name="Alignment"   Switch="alignment="          DisplayName="Align Strings"       Description="Align strings to given bytes (default: 1)." />
+    <EnumProperty   Category="Output"  Name="Endianess"                                DisplayName="Endianess"           Description="Write out 32-bit numbers in the given byte order (default: platform specific).">
+      <EnumValue Name="LSB" Switch="endianness=little" DisplayName="LSB" Description="Least significant byte first" />
+      <EnumValue Name="MSB" Switch="endianness=big"    DisplayName="MSB" Description="Most significant byte first" />
+    </EnumProperty>
+    <StringListProperty Category="Command Line" Name="Inputs" Subtype="file" IsRequired="true" >
+      <StringListProperty.DataSource>
+        <DataSource Persistence="ProjectFile" ItemType="POCompile" SourceType="Item" />
+      </StringListProperty.DataSource>
+    </StringListProperty>
+    <StringProperty Category="Command Line" Name="AdditionalOptions" Subtype="AdditionalOptions" DisplayName="Additional Options" Description="Additional Options" />
+    <DynamicEnumProperty Category="Command Line" Name="POCompileBeforeTargets" EnumProvider="Targets" DisplayName="Execute Before" Description="Specifies the targets for the build customization to run before." IncludeInCommandLine="False">
+      <DynamicEnumProperty.ProviderSettings>
+        <NameValuePair Name="Exclude" Value="^POCompileBeforeTargets|^Compute" />
+      </DynamicEnumProperty.ProviderSettings>
+      <DynamicEnumProperty.DataSource>
+        <DataSource Persistence="ProjectFile" HasConfigurationCondition="true" />
+      </DynamicEnumProperty.DataSource>
+    </DynamicEnumProperty>
+    <DynamicEnumProperty Category="Command Line" Name="POCompileAfterTargets" EnumProvider="Targets"  DisplayName="Execute After" Description="Specifies the targets for the build customization to run after." IncludeInCommandLine="False">
+      <DynamicEnumProperty.ProviderSettings>
+        <NameValuePair Name="Exclude" Value="^POCompileAfterTargets|^Compute" />
+      </DynamicEnumProperty.ProviderSettings>
+      <DynamicEnumProperty.DataSource>
+        <DataSource Persistence="ProjectFile" ItemType="" HasConfigurationCondition="true" />
+      </DynamicEnumProperty.DataSource>
+    </DynamicEnumProperty>
+  </Rule>
+  <ItemType Name="POCompile" DisplayName="PO Compiler" />
+  <FileExtension Name="*.po" ContentType="POCompile" />
+  <ContentType Name="POCompile" DisplayName="PO Compiler" ItemType="POCompile" />
+</ProjectSchemaDefinitions>

lib/EAPBase/build/EAPBase.vcxproj

@@ -82,16 +82,16 @@
     <ClInclude Include="..\include\Config.h" />
     <ClInclude Include="..\include\Credentials.h" />
     <ClInclude Include="..\include\EAP.h" />
-    <ClInclude Include="..\include\EAPSerial.h" />
     <ClInclude Include="..\include\EAPXML.h" />
+    <ClInclude Include="..\include\Method.h" />
     <ClInclude Include="..\include\Module.h" />
-    <ClInclude Include="..\include\Session.h" />
     <ClInclude Include="..\src\StdAfx.h" />
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="..\src\Config.cpp" />
     <ClCompile Include="..\src\Credentials.cpp" />
     <ClCompile Include="..\src\Module.cpp" />
+    <ClCompile Include="..\src\Method.cpp" />
     <ClCompile Include="..\src\StdAfx.cpp">
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>

lib/EAPBase/build/EAPBase.vcxproj.filters

@@ -17,13 +17,10 @@
     <ClInclude Include="..\include\EAP.h">
       <Filter>Header Files</Filter>
     </ClInclude>
-    <ClInclude Include="..\include\EAPSerial.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
     <ClInclude Include="..\include\EAPXML.h">
       <Filter>Header Files</Filter>
     </ClInclude>
-    <ClInclude Include="..\include\Session.h">
+    <ClInclude Include="..\include\Method.h">
       <Filter>Header Files</Filter>
     </ClInclude>
     <ClInclude Include="..\include\Config.h">
@@ -46,6 +43,9 @@
     <ClCompile Include="..\src\Credentials.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="..\src\Method.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
     <ClCompile Include="..\src\Module.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>

lib/EAPBase/include/Credentials.h

@@ -33,64 +33,10 @@ namespace eap
     class credentials_pass;
 }
 
-namespace eapserial
-{
-    ///
-    /// Packs a method credentials
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[in]    val     Credentials to pack
-    ///
-    inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::credentials &val);
-
-    ///
-    /// Returns packed size of a method credentials
-    ///
-    /// \param[in] val  Credentials to pack
-    ///
-    /// \returns Size of data when packed (in bytes)
-    ///
-    inline size_t get_pk_size(const eap::credentials &val);
-
-    ///
-    /// Unpacks a method credentials
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[out]   val     Credentials to unpack to
-    ///
-    inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::credentials &val);
-
-    ///
-    /// Packs a password based method credentials
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[in]    val     Credentials to pack
-    ///
-    inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::credentials_pass &val);
-
-    ///
-    /// Returns packed size of a password based method credentials
-    ///
-    /// \param[in] val  Credentials to pack
-    ///
-    /// \returns Size of data when packed (in bytes)
-    ///
-    inline size_t get_pk_size(const eap::credentials_pass &val);
-
-    ///
-    /// Unpacks a password based method credentials
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[out]   val     Credentials to unpack to
-    ///
-    inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::credentials_pass &val);
-}
-
 #pragma once
 
 #include "Config.h"
 #include "Module.h"
-#include "EAPSerial.h"
 
 #include "../../../include/Version.h"
 
@@ -108,11 +54,23 @@ namespace eap
 {
     class credentials : public config
     {
+    public:
+        ///
+        /// Credential source when combined
+        ///
+        enum  source_t {
+            source_unknown = -1, ///< Unknown source
+            source_cache = 0,    ///< Credentials were obtained from EAPHost cache
+            source_preshared,    ///< Credentials were set by method configuration
+            source_storage       ///< Credentials were loaded from Windows Credential Manager
+        };
+
+
     public:
         ///
         /// Constructs credentials
         ///
-        /// \param[in] mod  Reference of the EAP module to use for global services
+        /// \param[in] mod  EAP module to use for global services
         ///
         credentials(_In_ module &mod);
 
@@ -156,35 +114,55 @@ namespace eap
         ///
         /// Test credentials if blank
         ///
+        /// \returns
+        /// - \c true if blank
+        /// - \c false otherwise
+        ///
         virtual bool empty() const;
 
         /// \name XML configuration management
         /// @{
 
         ///
-        /// Save credentials to XML document
+        /// Save to XML document
         ///
         /// \param[in]  pDoc         XML document
-        /// \param[in]  pConfigRoot  Suggested root element for saving credentials
-        /// \param[out] ppEapError   Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
+        /// \param[in]  pConfigRoot  Suggested root element for saving
         ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const;
+        virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
 
         ///
-        /// Load credentials from XML document
+        /// Load from XML document
         ///
-        /// \param[in]  pConfigRoot  Root element for loading credentials
-        /// \param[out] ppEapError   Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
+        /// \param[in]  pConfigRoot  Root element for loading
         ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
+        virtual void load(_In_ IXMLDOMNode *pConfigRoot);
+
+        /// @}
+
+        /// \name BLOB management
+        /// @{
+
         ///
-        virtual bool load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError);
+        /// Packs a configuration
+        ///
+        /// \param[inout] cursor  Memory cursor
+        ///
+        virtual void operator<<(_Inout_ cursor_out &cursor) const;
+
+        ///
+        /// Returns packed size of a configuration
+        ///
+        /// \returns Size of data when packed (in bytes)
+        ///
+        virtual size_t get_pk_size() const;
+
+        ///
+        /// Unpacks a configuration
+        ///
+        /// \param[inout] cursor  Memory cursor
+        ///
+        virtual void operator>>(_Inout_ cursor_in &cursor);
 
         /// @}
 
@@ -195,30 +173,15 @@ namespace eap
         /// Save credentials to Windows Credential Manager
         ///
         /// \param[in]  pszTargetName  The name in Windows Credential Manager to store credentials as
-        /// \param[out] ppEapError     Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
         ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) const = 0;
+        virtual void store(_In_z_ LPCTSTR pszTargetName) const = 0;
 
         ///
         /// Retrieve credentials from Windows Credential Manager
         ///
         /// \param[in]  pszTargetName  The name in Windows Credential Manager to retrieve credentials from
-        /// \param[out] ppEapError     Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
         ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) = 0;
-
-        ///
-        /// Return target suffix for Windows Credential Manager credential name
-        ///
-        virtual LPCTSTR target_suffix() const = 0;
+        virtual void retrieve(_In_z_ LPCTSTR pszTargetName) = 0;
 
         ///
         /// Returns target name for Windows Credential Manager credential name
@@ -227,7 +190,7 @@ namespace eap
         ///
         /// \returns Final target name to store/retrieve credentials in Windows Credential Manager
         ///
-        inline winstd::tstring target_name(_In_ LPCTSTR pszTargetName) const
+        inline winstd::tstring target_name(_In_z_ LPCTSTR pszTargetName) const
         {
             winstd::tstring target_name(_T(PRODUCT_NAME_STR) _T("/"));
             target_name += pszTargetName;
@@ -237,8 +200,23 @@ namespace eap
             return target_name;
         }
 
+        ///
+        /// Return target suffix for Windows Credential Manager credential name
+        ///
+        virtual LPCTSTR target_suffix() const = 0;
+
         /// @}
 
+        ///
+        /// Returns credential identity.
+        ///
+        virtual std::wstring get_identity() const;
+
+        ///
+        /// Returns credential name (for GUI display).
+        ///
+        virtual winstd::tstring get_name() const;
+
     public:
         std::wstring m_identity;    ///< Identity (username\@domain, certificate name etc.)
     };
@@ -250,7 +228,7 @@ namespace eap
         ///
         /// Constructs credentials
         ///
-        /// \param[in] mod  Reference of the EAP module to use for global services
+        /// \param[in] mod  EAP module to use for global services
         ///
         credentials_pass(_In_ module &mod);
 
@@ -294,35 +272,55 @@ namespace eap
         ///
         /// Test credentials if blank
         ///
+        /// \returns
+        /// - \c true if blank
+        /// - \c false otherwise
+        ///
         virtual bool empty() const;
 
         /// \name XML configuration management
         /// @{
 
         ///
-        /// Save credentials to XML document
+        /// Save to XML document
         ///
         /// \param[in]  pDoc         XML document
-        /// \param[in]  pConfigRoot  Suggested root element for saving credentials
-        /// \param[out] ppEapError   Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
+        /// \param[in]  pConfigRoot  Suggested root element for saving
         ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const;
+        virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
 
         ///
-        /// Load credentials from XML document
+        /// Load from XML document
         ///
-        /// \param[in]  pConfigRoot  Root element for loading credentials
-        /// \param[out] ppEapError   Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
+        /// \param[in]  pConfigRoot  Root element for loading
         ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
+        virtual void load(_In_ IXMLDOMNode *pConfigRoot);
+
+        /// @}
+
+        /// \name BLOB management
+        /// @{
+
         ///
-        virtual bool load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError);
+        /// Packs a configuration
+        ///
+        /// \param[inout] cursor  Memory cursor
+        ///
+        virtual void operator<<(_Inout_ cursor_out &cursor) const;
+
+        ///
+        /// Returns packed size of a configuration
+        ///
+        /// \returns Size of data when packed (in bytes)
+        ///
+        virtual size_t get_pk_size() const;
+
+        ///
+        /// Unpacks a configuration
+        ///
+        /// \param[inout] cursor  Memory cursor
+        ///
+        virtual void operator>>(_Inout_ cursor_in &cursor);
 
         /// @}
 
@@ -333,25 +331,15 @@ namespace eap
         /// Save credentials to Windows Credential Manager
         ///
         /// \param[in]  pszTargetName  The name in Windows Credential Manager to store credentials as
-        /// \param[out] ppEapError     Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
         ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) const;
+        virtual void store(_In_z_ LPCTSTR pszTargetName) const;
 
         ///
         /// Retrieve credentials from Windows Credential Manager
         ///
         /// \param[in]  pszTargetName  The name in Windows Credential Manager to retrieve credentials from
-        /// \param[out] ppEapError     Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
         ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError);
+        virtual void retrieve(_In_z_ LPCTSTR pszTargetName);
 
         /// @}
 
@@ -364,46 +352,3 @@ namespace eap
         /// \endcond
     };
 }
-
-
-namespace eapserial
-{
-    inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::credentials &val)
-    {
-        pack(cursor, val.m_identity);
-    }
-
-
-    inline size_t get_pk_size(const eap::credentials &val)
-    {
-        return get_pk_size(val.m_identity);
-    }
-
-
-    inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::credentials &val)
-    {
-        unpack(cursor, val.m_identity);
-    }
-
-
-    inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::credentials_pass &val)
-    {
-        pack(cursor, (const eap::credentials&)val);
-        pack(cursor, val.m_password              );
-    }
-
-
-    inline size_t get_pk_size(const eap::credentials_pass &val)
-    {
-        return
-            get_pk_size((const eap::credentials&)val) +
-            get_pk_size(val.m_password              );
-    }
-
-
-    inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::credentials_pass &val)
-    {
-        unpack(cursor, (eap::credentials&)val);
-        unpack(cursor, val.m_password        );
-    }
-}

lib/EAPBase/include/EAPSerial.h

@@ -1,395 +0,0 @@
-/*
-    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
-
-    This file is part of GÉANTLink.
-
-    GÉANTLink is free software: you can redistribute it and/or modify it
-    under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    GÉANTLink is distributed in the hope that it will be useful, but
-    WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include <WinStd/Crypt.h>
-
-#include <sal.h>
-
-#include <list>
-#include <string>
-#include <vector>
-
-namespace eapserial
-{
-    ///
-    /// Packs a primitive data
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[in]    val     Variable with data to pack
-    ///
-    template <class T> inline void pack(_Inout_ unsigned char *&cursor, _In_ const T &val);
-
-    ///
-    /// Returns packed size of a primitive data
-    ///
-    /// \param[in] val  Data to pack
-    ///
-    /// \returns Size of data when packed (in bytes)
-    ///
-    template <class T> inline size_t get_pk_size(_In_ const T &val);
-
-    ///
-    /// Unpacks a primitive data
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[out]   val     Variable to receive unpacked value
-    ///
-    template <class T> inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ T &val);
-
-    ///
-    /// Packs a string
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[in]    val     String to pack
-    ///
-    template<class _Elem, class _Traits, class _Ax> inline void pack(_Inout_ unsigned char *&cursor, _In_ const std::basic_string<_Elem, _Traits, _Ax> &val);
-
-    ///
-    /// Returns packed size of a string
-    ///
-    /// \param[in] val  String to pack
-    ///
-    /// \returns Size of data when packed (in bytes)
-    ///
-    template<class _Elem, class _Traits, class _Ax> inline size_t get_pk_size(const std::basic_string<_Elem, _Traits, _Ax> &val);
-
-    ///
-    /// Unpacks a string
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[out]   val     String to unpack to
-    ///
-    template<class _Elem, class _Traits, class _Ax> inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ std::basic_string<_Elem, _Traits, _Ax> &val);
-
-    ///
-    /// Packs a wide string
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[in]    val     String to pack
-    ///
-    template<class _Traits, class _Ax> inline void pack(_Inout_ unsigned char *&cursor, _In_ const std::basic_string<wchar_t, _Traits, _Ax> &val);
-
-    ///
-    /// Returns packed size of a wide string
-    ///
-    /// \param[in] val  String to pack
-    ///
-    /// \returns Size of data when packed (in bytes)
-    ///
-    template<class _Traits, class _Ax> inline size_t get_pk_size(const std::basic_string<wchar_t, _Traits, _Ax> &val);
-
-    ///
-    /// Unpacks a wide string
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[out]   val     String to unpack to
-    ///
-    template<class _Traits, class _Ax> inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ std::basic_string<wchar_t, _Traits, _Ax> &val);
-
-    ///
-    /// Packs a vector
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[in]    val     Vector to pack
-    ///
-    template<class _Ty, class _Ax> inline void pack(_Inout_ unsigned char *&cursor, _In_ const std::vector<_Ty, _Ax> &val);
-
-    ///
-    /// Returns packed size of a vector
-    ///
-    /// \param[in] val  Vector to pack
-    ///
-    /// \returns Size of data when packed (in bytes)
-    ///
-    template<class _Ty, class _Ax> inline size_t get_pk_size(const std::vector<_Ty, _Ax> &val);
-
-    ///
-    /// Unpacks a vector
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[out]   val     Vector to unpack to
-    ///
-    template<class _Ty, class _Ax> inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ std::vector<_Ty, _Ax> &val);
-
-    ///
-    /// Packs a list
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[in]    val     List to pack
-    ///
-    template<class _Ty, class _Ax> inline void pack(_Inout_ unsigned char *&cursor, _In_ const std::list<_Ty, _Ax> &val);
-
-    ///
-    /// Returns packed size of a list
-    ///
-    /// \param[in] val  List to pack
-    ///
-    /// \returns Size of data when packed (in bytes)
-    ///
-    template<class _Ty, class _Ax> inline size_t get_pk_size(const std::list<_Ty, _Ax> &val);
-
-    ///
-    /// Unpacks a list
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[out]   val     List to unpack to
-    ///
-    template<class _Ty, class _Ax> inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ std::list<_Ty, _Ax> &val);
-
-    ///
-    /// Packs a certificate context
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[in]    val     Certificate context to pack
-    ///
-    inline void pack(_Inout_ unsigned char *&cursor, _In_ const winstd::cert_context &val);
-
-    ///
-    /// Returns packed size of a certificate context
-    ///
-    /// \param[in] val  Certificate context to pack
-    ///
-    /// \returns Size of data when packed (in bytes)
-    ///
-    inline size_t get_pk_size(const winstd::cert_context &val);
-
-    ///
-    /// Unpacks a certificate context
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[out]   val     Certificate context to unpack to
-    ///
-    inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ winstd::cert_context &val);
-}
-
-#pragma once
-
-
-namespace eapserial
-{
-    template <class T>
-    inline void pack(_Inout_ unsigned char *&cursor, _In_ const T &val)
-    {
-        memcpy(cursor, &val, sizeof(T));
-        cursor += sizeof(T);
-    }
-
-
-    template <class T>
-    inline size_t get_pk_size(_In_ const T &val)
-    {
-        UNREFERENCED_PARAMETER(val);
-        return sizeof(T);
-    }
-
-
-    template <class T>
-    inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ T &val)
-    {
-        memcpy(&val, cursor, sizeof(T));
-        cursor += sizeof(T);
-    }
-
-
-    template<class _Elem, class _Traits, class _Ax>
-    inline void pack(_Inout_ unsigned char *&cursor, _In_ const std::basic_string<_Elem, _Traits, _Ax> &val)
-    {
-        std::basic_string<_Elem, _Traits, _Ax>::size_type count = val.length();
-        *(std::basic_string<_Elem, _Traits, _Ax>::size_type*&)cursor = count;
-        cursor += sizeof(std::basic_string<_Elem, _Traits, _Ax>::size_type);
-
-        size_t nSize = sizeof(_Elem)*count;
-        memcpy(cursor, (const _Elem*)val.c_str(), nSize);
-        cursor += nSize;
-    }
-
-
-    template<class _Elem, class _Traits, class _Ax>
-    inline size_t get_pk_size(const std::basic_string<_Elem, _Traits, _Ax> &val)
-    {
-        return sizeof(std::basic_string<_Elem, _Traits, _Ax>::size_type) + sizeof(_Elem)*val.length();
-    }
-
-
-    template<class _Elem, class _Traits, class _Ax>
-    inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ std::basic_string<_Elem, _Traits, _Ax> &val)
-    {
-        std::basic_string<_Elem, _Traits, _Ax>::size_type count = *(const std::basic_string<_Elem, _Traits, _Ax>::size_type*&)cursor;
-        cursor += sizeof(std::basic_string<_Elem, _Traits, _Ax>::size_type);
-
-        val.assign((const _Elem*&)cursor, count);
-        cursor += sizeof(_Elem)*count;
-    }
-
-
-    template<class _Traits, class _Ax>
-    inline void pack(_Inout_ unsigned char *&cursor, _In_ const std::basic_string<wchar_t, _Traits, _Ax> &val)
-    {
-        std::string val_utf8;
-        WideCharToMultiByte(CP_UTF8, 0, val.c_str(), (int)val.length(), val_utf8, NULL, NULL);
-        pack(cursor, val_utf8);
-    }
-
-
-    template<class _Traits, class _Ax>
-    inline size_t get_pk_size(const std::basic_string<wchar_t, _Traits, _Ax> &val)
-    {
-        return sizeof(std::string::size_type) + WideCharToMultiByte(CP_UTF8, 0, val.c_str(), (int)val.length(), NULL, 0, NULL, NULL);
-    }
-
-
-    template<class _Traits, class _Ax>
-    inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ std::basic_string<wchar_t, _Traits, _Ax> &val)
-    {
-        std::string val_utf8;
-        unpack(cursor, val_utf8);
-        MultiByteToWideChar(CP_UTF8, 0, val_utf8.c_str(), (int)val_utf8.length(), val);
-    }
-
-
-    template<class _Ty, class _Ax>
-    inline void pack(_Inout_ unsigned char *&cursor, _In_ const std::vector<_Ty, _Ax> &val)
-    {
-        std::vector<_Ty, _Ax>::size_type count = val.size();
-        *(std::vector<_Ty, _Ax>::size_type*&)cursor = count;
-        cursor += sizeof(std::vector<_Ty, _Ax>::size_type);
-
-        // Since we do not know wheter vector elements are primitives or objects, iterate instead of memcpy.
-        // For performance critical vectors of flat opaque data types write specialized template instantiation.
-        for (std::vector<_Ty, _Ax>::size_type i = 0; i < count; i++)
-            pack(cursor, val[i]);
-    }
-
-
-    template<class _Ty, class _Ax>
-    inline size_t get_pk_size(const std::vector<_Ty, _Ax> &val)
-    {
-        // Since we do not know wheter vector elements are primitives or objects, iterate instead of sizeof().
-        // For performance critical vectors of flat opaque data types write specialized template instantiation.
-        size_t size = sizeof(std::vector<_Ty, _Ax>::size_type);
-        for (std::vector<_Ty, _Ax>::size_type i = 0, count = val.size(); i < count; i++)
-            size += get_pk_size(val[i]);
-        return size;
-    }
-
-
-    template<class _Ty, class _Ax>
-    inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ std::vector<_Ty, _Ax> &val)
-    {
-        std::vector<_Ty, _Ax>::size_type count = *(const std::vector<_Ty, _Ax>::size_type*&)cursor;
-        cursor += sizeof(std::vector<_Ty, _Ax>::size_type);
-
-        // Since we do not know wheter vector elements are primitives or objects, iterate instead of assign().
-        // For performance critical vectors of flat opaque data types write specialized template instantiation.
-        val.clear();
-        val.reserve(count);
-        for (std::vector<_Ty, _Ax>::size_type i = 0; i < count; i++) {
-            _Ty el;
-            unpack(cursor, el);
-            val.push_back(el);
-        }
-    }
-
-
-    template<class _Ty, class _Ax>
-    inline void pack(_Inout_ unsigned char *&cursor, _In_ const std::list<_Ty, _Ax> &val)
-    {
-        std::list<_Ty, _Ax>::size_type count = val.size();
-        *(std::list<_Ty, _Ax>::size_type*&)cursor = count;
-        cursor += sizeof(std::list<_Ty, _Ax>::size_type);
-
-        // Since we do not know wheter list elements are primitives or objects, iterate instead of memcpy.
-        // For performance critical vectors of flat opaque data types write specialized template instantiation.
-        for (std::list<_Ty, _Ax>::const_iterator i = val.cbegin(), i_end = val.cend(); i != i_end; ++i)
-            pack(cursor, *i);
-    }
-
-
-    template<class _Ty, class _Ax>
-    inline size_t get_pk_size(const std::list<_Ty, _Ax> &val)
-    {
-        // Since we do not know wheter list elements are primitives or objects, iterate instead of sizeof().
-        // For performance critical vectors of flat opaque data types write specialized template instantiation.
-        size_t size = sizeof(std::list<_Ty, _Ax>::size_type);
-        for (std::list<_Ty, _Ax>::const_iterator i = val.cbegin(), i_end = val.cend(); i != i_end; ++i)
-            size += get_pk_size(*i);
-        return size;
-    }
-
-
-    template<class _Ty, class _Ax>
-    inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ std::list<_Ty, _Ax> &val)
-    {
-        std::list<_Ty, _Ax>::size_type count = *(const std::list<_Ty, _Ax>::size_type*&)cursor;
-        cursor += sizeof(std::list<_Ty, _Ax>::size_type);
-
-        // Since we do not know wheter list elements are primitives or objects, iterate instead of assign().
-        // For performance critical vectors of flat opaque data types write specialized template instantiation.
-        val.clear();
-        for (std::list<_Ty, _Ax>::size_type i = 0; i < count; i++) {
-            _Ty el;
-            unpack(cursor, el);
-            val.push_back(el);
-        }
-    }
-
-
-    inline void pack(_Inout_ unsigned char *&cursor, _In_ const winstd::cert_context &val)
-    {
-        if (val) {
-            *(DWORD*&)cursor = val->dwCertEncodingType;
-            cursor += sizeof(DWORD);
-
-            *(DWORD*&)cursor = val->cbCertEncoded;
-            cursor += sizeof(DWORD);
-
-            memcpy(cursor, val->pbCertEncoded, val->cbCertEncoded);
-            cursor += val->cbCertEncoded;
-        } else {
-            *(DWORD*&)cursor = 0;
-            cursor += sizeof(DWORD);
-
-            *(DWORD*&)cursor = 0;
-            cursor += sizeof(DWORD);
-        }
-    }
-
-
-    inline size_t get_pk_size(const winstd::cert_context &val)
-    {
-        return sizeof(DWORD) + sizeof(DWORD) + (val ? val->cbCertEncoded : 0);
-    }
-
-
-    inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ winstd::cert_context &val)
-    {
-        DWORD dwCertEncodingType = *(DWORD*&)cursor;
-        cursor += sizeof(DWORD);
-
-        DWORD dwCertEncodedSize = *(DWORD*&)cursor;
-        cursor += sizeof(DWORD);
-
-        if (dwCertEncodedSize) {
-            val.create(dwCertEncodingType, (BYTE*)cursor, dwCertEncodedSize);
-            cursor += dwCertEncodedSize;
-        } else
-            val.free();
-    }
-}

lib/EAPBase/include/EAPXML.h

@@ -27,27 +27,28 @@
 
 namespace eapxml
 {
-    inline DWORD get_document(_In_ IXMLDOMNode *pXmlNode, _Out_ IXMLDOMDocument2 **ppXmlDoc);
-    inline DWORD select_node(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrNodeName, _Out_ IXMLDOMNode **ppXmlNode);
-    inline DWORD select_nodes(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrNodeName, _Out_ IXMLDOMNodeList **ppXmlNodes);
-    inline DWORD select_element(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ IXMLDOMElement **ppXmlElement);
-    inline DWORD create_element(_In_ IXMLDOMDocument *pDoc, _In_z_ const BSTR bstrElementName, _In_z_ const BSTR bstrNamespace, _Out_ IXMLDOMElement **ppXmlElement);
-    inline DWORD create_element(_In_ IXMLDOMDocument *pDoc, IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementNameSelect, _In_z_ const BSTR bstrElementNameCreate, _In_z_ const BSTR bstrNamespace, _Out_ IXMLDOMElement **ppXmlElement);
+    inline HRESULT get_document(_In_ IXMLDOMNode *pXmlNode, _Out_ IXMLDOMDocument2 **ppXmlDoc);
+    inline HRESULT select_node(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrNodeName, _Out_ IXMLDOMNode **ppXmlNode);
+    inline HRESULT select_nodes(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrNodeName, _Out_ IXMLDOMNodeList **ppXmlNodes);
+    inline HRESULT select_element(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ IXMLDOMElement **ppXmlElement);
+    inline HRESULT create_element(_In_ IXMLDOMDocument *pDoc, _In_z_ const BSTR bstrElementName, _In_z_ const BSTR bstrNamespace, _Out_ IXMLDOMElement **ppXmlElement);
+    inline HRESULT create_element(_In_ IXMLDOMDocument *pDoc, IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementNameSelect, _In_z_ const BSTR bstrElementNameCreate, _In_z_ const BSTR bstrNamespace, _Out_ IXMLDOMElement **ppXmlElement);
     inline bool has_parent(_In_ IXMLDOMNode *pXmlNode);
-    inline DWORD get_element_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ BSTR *pbstrValue);
-    template<class _Traits, class _Ax> inline DWORD get_element_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ std::basic_string<wchar_t, _Traits, _Ax> &sValue);
-    inline DWORD get_element_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ DWORD *pdwValue);
-    inline DWORD get_element_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ bool *pbValue);
-    template<class _Ty, class _Ax> inline DWORD get_element_base64(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ std::vector<_Ty, _Ax> &aValue);
-    template<class _Ty, class _Ax> inline DWORD get_element_hex(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ std::vector<_Ty, _Ax> &aValue);
-    inline DWORD get_element_localized(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _In_z_ LPCWSTR pszLang, _Out_ BSTR *pbstrValue);
-    template<class _Traits, class _Ax> inline DWORD get_element_localized(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _In_z_ LPCWSTR pszLang, _Out_ std::basic_string<wchar_t, _Traits, _Ax> &sValue);
-    inline DWORD put_element(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _Out_ IXMLDOMElement **ppXmlElement);
-    inline DWORD put_element_value(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_z_ const BSTR bstrValue);
-    inline DWORD put_element_value(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_ DWORD dwValue);
-    inline DWORD put_element_value(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_ bool bValue);
-    inline DWORD put_element_base64(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_count_(nValueLen) LPCVOID pValue, _In_ SIZE_T nValueLen);
-    inline DWORD put_element_hex(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_count_(nValueLen) LPCVOID pValue, _In_ SIZE_T nValueLen);
+    inline HRESULT get_element_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ BSTR *pbstrValue);
+    template<class _Traits, class _Ax> inline HRESULT get_element_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ std::basic_string<wchar_t, _Traits, _Ax> &sValue);
+    inline HRESULT get_element_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ DWORD *pdwValue);
+    inline HRESULT get_element_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ bool *pbValue);
+    template<class _Ty, class _Ax> inline HRESULT get_element_base64(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ std::vector<_Ty, _Ax> &aValue);
+    template<class _Ty, class _Ax> inline HRESULT get_element_hex(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ std::vector<_Ty, _Ax> &aValue);
+    inline HRESULT get_element_localized(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _In_z_ LPCWSTR pszLang, _Out_ BSTR *pbstrValue);
+    template<class _Traits, class _Ax> inline HRESULT get_element_localized(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _In_z_ LPCWSTR pszLang, _Out_ std::basic_string<wchar_t, _Traits, _Ax> &sValue);
+    inline HRESULT put_element(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _Out_ IXMLDOMElement **ppXmlElement);
+    inline HRESULT put_element_value(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_z_ const BSTR bstrValue);
+    inline HRESULT put_element_value(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_ DWORD dwValue);
+    inline HRESULT put_element_value(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_ bool bValue);
+    inline HRESULT put_element_base64(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_count_(nValueLen) LPCVOID pValue, _In_ SIZE_T nValueLen);
+    inline HRESULT put_element_hex(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_count_(nValueLen) LPCVOID pValue, _In_ SIZE_T nValueLen);
+    inline std::wstring get_xpath(_In_ IXMLDOMNode *pXmlNode);
 }
 
 #pragma once
@@ -61,7 +62,7 @@ namespace eapxml
 
 namespace eapxml
 {
-    inline DWORD get_document(_In_ IXMLDOMNode *pXmlNode, _Out_ IXMLDOMDocument2 **ppXmlDoc)
+    inline HRESULT get_document(_In_ IXMLDOMNode *pXmlNode, _Out_ IXMLDOMDocument2 **ppXmlDoc)
     {
         assert(pXmlNode);
         assert(ppXmlDoc);
@@ -71,11 +72,11 @@ namespace eapxml
 
         return
             SUCCEEDED(hr = pXmlNode->get_ownerDocument(&doc)) &&
-            SUCCEEDED(hr = doc.query_interface(ppXmlDoc)) ? ERROR_SUCCESS : HRESULT_CODE(hr);
+            SUCCEEDED(hr = doc.query_interface(ppXmlDoc)) ? S_OK : hr;
     }
 
 
-    inline DWORD select_node(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrNodeName, _Out_ IXMLDOMNode **ppXmlNode)
+    inline HRESULT select_node(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrNodeName, _Out_ IXMLDOMNode **ppXmlNode)
     {
         assert(pXmlParent);
         assert(ppXmlNode);
@@ -84,11 +85,11 @@ namespace eapxml
 
         return
             SUCCEEDED(hr = pXmlParent->selectSingleNode(bstrNodeName, ppXmlNode)) ?
-            *ppXmlNode ? ERROR_SUCCESS : ERROR_NO_DATA : HRESULT_CODE(hr);
+            *ppXmlNode ? S_OK : E_NOT_SET : hr;
     }
 
 
-    inline DWORD select_nodes(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrNodeName, _Out_ IXMLDOMNodeList **ppXmlNodes)
+    inline HRESULT select_nodes(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrNodeName, _Out_ IXMLDOMNodeList **ppXmlNodes)
     {
         assert(pXmlParent);
         assert(ppXmlNodes);
@@ -97,26 +98,25 @@ namespace eapxml
 
         return
             SUCCEEDED(hr = pXmlParent->selectNodes(bstrNodeName, ppXmlNodes)) ?
-            *ppXmlNodes ? ERROR_SUCCESS : ERROR_NO_DATA : HRESULT_CODE(hr);
+            *ppXmlNodes ? S_OK : E_NOT_SET : hr;
     }
 
 
-    inline DWORD select_element(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ IXMLDOMElement **ppXmlElement)
+    inline HRESULT select_element(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ IXMLDOMElement **ppXmlElement)
     {
         assert(ppXmlElement);
 
-        DWORD dwResult;
         HRESULT hr;
         winstd::com_obj<IXMLDOMNode> pXmlNode;
 
         return
-            (dwResult = select_node(pXmlParent, bstrElementName, &pXmlNode)) == ERROR_SUCCESS ?
+            SUCCEEDED(hr = select_node(pXmlParent, bstrElementName, &pXmlNode)) ?
             SUCCEEDED(hr = pXmlNode.query_interface(ppXmlElement)) ?
-            *ppXmlElement ? ERROR_SUCCESS : ERROR_NO_DATA : HRESULT_CODE(hr) : dwResult;
+            *ppXmlElement ? S_OK : E_NOT_SET : hr : hr;
     }
 
 
-    inline DWORD create_element(_In_ IXMLDOMDocument *pDoc, _In_z_ const BSTR bstrElementName, _In_z_ const BSTR bstrNamespace, _Out_ IXMLDOMElement **ppXmlElement)
+    inline HRESULT create_element(_In_ IXMLDOMDocument *pDoc, _In_z_ const BSTR bstrElementName, _In_z_ const BSTR bstrNamespace, _Out_ IXMLDOMElement **ppXmlElement)
     {
         assert(pDoc);
         assert(ppXmlElement);
@@ -128,23 +128,22 @@ namespace eapxml
         return
             SUCCEEDED(hr = pDoc->createNode(varNodeTypeEl, bstrElementName, bstrNamespace, &pXmlNode)) ?
             SUCCEEDED(hr = pXmlNode.query_interface(ppXmlElement)) ?
-            *ppXmlElement ? ERROR_SUCCESS : ERROR_NO_DATA : HRESULT_CODE(hr) : HRESULT_CODE(hr);
+            *ppXmlElement ? S_OK : E_NOT_SET : hr : hr;
     }
 
 
-    inline DWORD create_element(_In_ IXMLDOMDocument *pDoc, IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementNameSelect, _In_z_ const BSTR bstrElementNameCreate, _In_z_ const BSTR bstrNamespace, _Out_ IXMLDOMElement **ppXmlElement)
+    inline HRESULT create_element(_In_ IXMLDOMDocument *pDoc, IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementNameSelect, _In_z_ const BSTR bstrElementNameCreate, _In_z_ const BSTR bstrNamespace, _Out_ IXMLDOMElement **ppXmlElement)
     {
         assert(pDoc);
         assert(pXmlParent);
         assert(ppXmlElement);
 
-        DWORD dwResult;
         HRESULT hr;
 
         return
-            (dwResult = select_element(pXmlParent, bstrElementNameSelect, ppXmlElement)) == ERROR_SUCCESS ? ERROR_SUCCESS :
-            (dwResult = create_element(pDoc, bstrElementNameCreate, bstrNamespace, ppXmlElement)) == ERROR_SUCCESS ?
-            SUCCEEDED(hr = pXmlParent->appendChild(*ppXmlElement, NULL)) ? ERROR_SUCCESS : HRESULT_CODE(hr) : dwResult;
+            SUCCEEDED(hr = select_element(pXmlParent, bstrElementNameSelect, ppXmlElement)) ? S_OK :
+            SUCCEEDED(hr = create_element(pDoc, bstrElementNameCreate, bstrNamespace, ppXmlElement)) ?
+            SUCCEEDED(hr = pXmlParent->appendChild(*ppXmlElement, NULL)) ? S_OK : hr : hr;
     }
 
 
@@ -158,51 +157,50 @@ namespace eapxml
     }
 
 
-    inline DWORD get_element_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ BSTR *pbstrValue)
+    inline HRESULT get_element_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ BSTR *pbstrValue)
     {
         assert(pbstrValue);
 
-        DWORD dwResult;
         HRESULT hr;
         winstd::com_obj<IXMLDOMElement> pXmlElement;
 
         return
-            (dwResult = select_element(pXmlParent, bstrElementName, &pXmlElement)) == ERROR_SUCCESS ?
+            SUCCEEDED(hr = select_element(pXmlParent, bstrElementName, &pXmlElement)) ?
             SUCCEEDED(hr = pXmlElement->get_text(pbstrValue)) ?
-            *pbstrValue ? ERROR_SUCCESS : ERROR_NO_DATA : HRESULT_CODE(hr) : dwResult;
+            *pbstrValue ? S_OK : E_NOT_SET : hr : hr;
     }
 
 
     template<class _Traits, class _Ax>
-    inline DWORD get_element_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ std::basic_string<wchar_t, _Traits, _Ax> &sValue)
+    inline HRESULT get_element_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ std::basic_string<wchar_t, _Traits, _Ax> &sValue)
     {
         winstd::bstr bstr;
-        DWORD dwResult = get_element_value(pXmlParent, bstrElementName, &bstr);
-        if (dwResult == ERROR_SUCCESS)
+        HRESULT hr = get_element_value(pXmlParent, bstrElementName, &bstr);
+        if (SUCCEEDED(hr))
             sValue.assign(bstr, bstr.length());
-        return dwResult;
+        return hr;
     }
 
 
-    inline DWORD get_element_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ DWORD *pdwValue)
+    inline HRESULT get_element_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ DWORD *pdwValue)
     {
         assert(pdwValue);
 
         winstd::bstr bstr;
-        DWORD dwResult = get_element_value(pXmlParent, bstrElementName, &bstr);
-        if (dwResult == ERROR_SUCCESS)
+        HRESULT hr = get_element_value(pXmlParent, bstrElementName, &bstr);
+        if (SUCCEEDED(hr))
             *pdwValue = wcstoul(bstr, NULL, 10);
-        return dwResult;
+        return hr;
     }
 
 
-    inline DWORD get_element_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ bool *pbValue)
+    inline HRESULT get_element_value(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ bool *pbValue)
     {
         assert(pbValue);
 
         winstd::bstr bstr;
-        DWORD dwResult = get_element_value(pXmlParent, bstrElementName, &bstr);
-        if (dwResult == ERROR_SUCCESS) {
+        HRESULT hr = get_element_value(pXmlParent, bstrElementName, &bstr);
+        if (SUCCEEDED(hr)) {
             if (CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, bstr, bstr.length(), L"true" , -1, NULL, NULL, 0) == CSTR_EQUAL ||
                 CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, bstr, bstr.length(), L"1"    , -1, NULL, NULL, 0) == CSTR_EQUAL)
                 *pbValue = true;
@@ -211,63 +209,62 @@ namespace eapxml
                 CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, bstr, bstr.length(), L"0"    , -1, NULL, NULL, 0) == CSTR_EQUAL)
                 *pbValue = false;
             else
-                dwResult = ERROR_INVALID_DATA;
+                hr = E_NOT_VALID_STATE;
         }
 
-        return dwResult;
+        return hr;
     }
 
 
     template<class _Ty, class _Ax>
-    inline DWORD get_element_base64(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ std::vector<_Ty, _Ax> &aValue)
+    inline HRESULT get_element_base64(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ std::vector<_Ty, _Ax> &aValue)
     {
         winstd::bstr bstr;
-        DWORD dwResult = get_element_value(pXmlParent, bstrElementName, &bstr);
-        if (dwResult == ERROR_SUCCESS) {
+        HRESULT hr = get_element_value(pXmlParent, bstrElementName, &bstr);
+        if (SUCCEEDED(hr)) {
             winstd::base64_dec dec;
             bool is_last;
             dec.decode(aValue, is_last, (BSTR)bstr, bstr.length());
         }
 
-        return dwResult;
+        return hr;
     }
 
 
     template<class _Ty, class _Ax>
-    inline DWORD get_element_hex(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ std::vector<_Ty, _Ax> &aValue)
+    inline HRESULT get_element_hex(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _Out_ std::vector<_Ty, _Ax> &aValue)
     {
         winstd::bstr bstr;
-        DWORD dwResult = get_element_value(pXmlParent, bstrElementName, &bstr);
-        if (dwResult == ERROR_SUCCESS) {
+        HRESULT hr = get_element_value(pXmlParent, bstrElementName, &bstr);
+        if (SUCCEEDED(hr)) {
             winstd::hex_dec dec;
             bool is_last;
             dec.decode(aValue, is_last, (BSTR)bstr, bstr.length());
         }
 
-        return dwResult;
+        return hr;
     }
 
 
-    inline DWORD get_element_localized(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _In_z_ LPCWSTR pszLang, _Out_ BSTR *pbstrValue)
+    inline HRESULT get_element_localized(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _In_z_ LPCWSTR pszLang, _Out_ BSTR *pbstrValue)
     {
         assert(pbstrValue);
 
         HRESULT hr;
         winstd::com_obj<IXMLDOMElement> pXmlElement;
 
-        DWORD dwResult = select_element(pXmlParent, bstrElementName, &pXmlElement);
-        if (dwResult != ERROR_SUCCESS)
-            return dwResult;
+        if (FAILED(hr = select_element(pXmlParent, bstrElementName, &pXmlElement)))
+            return hr;
 
         winstd::com_obj<IXMLDOMNodeList> pXmlListLocalizedText;
         long lCount = 0;
-        if (select_nodes(pXmlElement, winstd::bstr(L"eap-metadata:localized-text"), &pXmlListLocalizedText) != ERROR_SUCCESS ||
+        if (FAILED(select_nodes(pXmlElement, winstd::bstr(L"eap-metadata:localized-text"), &pXmlListLocalizedText)) ||
             FAILED(pXmlListLocalizedText->get_length(&lCount)) ||
             lCount <= 0)
         {
             return
                 SUCCEEDED(hr = pXmlElement->get_text(pbstrValue)) ?
-                *pbstrValue ? ERROR_SUCCESS : ERROR_NO_DATA : HRESULT_CODE(hr);
+                *pbstrValue ? S_OK : E_NOT_SET : hr;
         }
 
         winstd::bstr bstrDefault, bstrEn;
@@ -276,11 +273,11 @@ namespace eapxml
                 if (bstrDefault != NULL) {
                     // Return "C" localization.
                     *pbstrValue = bstrDefault.detach();
-                    return ERROR_SUCCESS;
+                    return S_OK;
                 } else if (bstrEn != NULL) {
                     // Return "en" localization.
                     *pbstrValue = bstrEn.detach();
-                    return ERROR_SUCCESS;
+                    return S_OK;
                 } else
                     return ERROR_NOT_FOUND;
             }
@@ -291,12 +288,12 @@ namespace eapxml
             {
                 // Read <lang>.
                 winstd::bstr bstrLang;
-                if (get_element_value(pXmlElLocalizedText, winstd::bstr(L"eap-metadata:lang"), &bstrLang) != ERROR_SUCCESS ||
+                if (FAILED(get_element_value(pXmlElLocalizedText, winstd::bstr(L"eap-metadata:lang"), &bstrLang)) ||
                     CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, bstrLang, bstrLang.length(), L"C" , -1, NULL, NULL, 0) == CSTR_EQUAL)
                 {
                     // <lang> is missing or "C" language found.
                     winstd::bstr bstr;
-                    if ((dwResult = get_element_value(pXmlElLocalizedText, winstd::bstr(L"eap-metadata:text"), &bstr)) == ERROR_SUCCESS)
+                    if (SUCCEEDED(hr = get_element_value(pXmlElLocalizedText, winstd::bstr(L"eap-metadata:text"), &bstr)))
                         bstrDefault.attach(bstr.detach());
                 } else if (CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, bstrLang, bstrLang.length(), pszLang, -1, NULL, NULL, 0) == CSTR_EQUAL) {
                     // Found an exact match.
@@ -304,7 +301,7 @@ namespace eapxml
                 } else if (CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, bstrLang, bstrLang.length(), L"en", -1, NULL, NULL, 0) == CSTR_EQUAL) {
                     // "en" language found.
                     winstd::bstr bstr;
-                    if ((dwResult = get_element_value(pXmlElLocalizedText, winstd::bstr(L"eap-metadata:text"), &bstr)) == ERROR_SUCCESS)
+                    if (SUCCEEDED(hr = get_element_value(pXmlElLocalizedText, winstd::bstr(L"eap-metadata:text"), &bstr)))
                         bstrEn.attach(bstr.detach());
                 }
             }
@@ -313,17 +310,17 @@ namespace eapxml
 
 
     template<class _Traits, class _Ax>
-    inline DWORD get_element_localized(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _In_z_ LPCWSTR pszLang, _Out_ std::basic_string<wchar_t, _Traits, _Ax> &sValue)
+    inline HRESULT get_element_localized(_In_ IXMLDOMNode *pXmlParent, _In_z_ const BSTR bstrElementName, _In_z_ LPCWSTR pszLang, _Out_ std::basic_string<wchar_t, _Traits, _Ax> &sValue)
     {
         winstd::bstr bstr;
-        DWORD dwResult = get_element_localized(pXmlParent, bstrElementName, pszLang, &bstr);
-        if (dwResult == ERROR_SUCCESS)
+        HRESULT hr = get_element_localized(pXmlParent, bstrElementName, pszLang, &bstr);
+        if (SUCCEEDED(hr))
             sValue.assign(bstr, bstr.length());
-        return dwResult;
+        return hr;
     }
 
 
-    inline DWORD put_element(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _Out_ IXMLDOMElement **ppXmlElement)
+    inline HRESULT put_element(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _Out_ IXMLDOMElement **ppXmlElement)
     {
         assert(pDoc);
         assert(pCurrentDOMNode);
@@ -336,11 +333,11 @@ namespace eapxml
         return 
             SUCCEEDED(hr = pDoc->createNode(varNodeTypeEl, bstrElementName, bstrNamespace, &pXmlEl)) &&
             SUCCEEDED(hr = pCurrentDOMNode->appendChild(pXmlEl, NULL)) &&
-            SUCCEEDED(hr = pXmlEl.query_interface(ppXmlElement)) ? ERROR_SUCCESS : HRESULT_CODE(hr);
+            SUCCEEDED(hr = pXmlEl.query_interface(ppXmlElement)) ? S_OK : hr;
     }
 
 
-    inline DWORD put_element_value(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_z_ const BSTR bstrValue)
+    inline HRESULT put_element_value(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_z_ const BSTR bstrValue)
     {
         assert(pDoc);
 
@@ -353,23 +350,23 @@ namespace eapxml
             SUCCEEDED(hr = pDoc->createNode(varNodeTypeEl, bstrElementName, bstrNamespace, &pXmlEl)) &&
             SUCCEEDED(hr = pDoc->createTextNode(bstrValue, &pXmlElText)) &&
             SUCCEEDED(hr = pXmlEl->appendChild(pXmlElText, NULL)) &&
-            SUCCEEDED(hr = pCurrentDOMNode->appendChild(pXmlEl, NULL)) ? ERROR_SUCCESS : HRESULT_CODE(hr);
+            SUCCEEDED(hr = pCurrentDOMNode->appendChild(pXmlEl, NULL)) ? S_OK : hr;
     }
 
 
-    inline DWORD put_element_value(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_ DWORD dwValue)
+    inline HRESULT put_element_value(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_ DWORD dwValue)
     {
         return put_element_value(pDoc, pCurrentDOMNode, bstrElementName, bstrNamespace, winstd::bstr(winstd::wstring_printf(L"%d", dwValue)));
     }
 
 
-    inline DWORD put_element_value(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_ bool bValue)
+    inline HRESULT put_element_value(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_ bool bValue)
     {
         return put_element_value(pDoc, pCurrentDOMNode, bstrElementName, bstrNamespace, winstd::bstr(bValue ? L"true": L"false"));
     }
 
 
-    inline DWORD put_element_base64(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_count_(nValueLen) LPCVOID pValue, _In_ SIZE_T nValueLen)
+    inline HRESULT put_element_base64(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_count_(nValueLen) LPCVOID pValue, _In_ SIZE_T nValueLen)
     {
         std::wstring sBase64;
         winstd::base64_enc enc;
@@ -378,11 +375,25 @@ namespace eapxml
     }
 
 
-    inline DWORD put_element_hex(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_count_(nValueLen) LPCVOID pValue, _In_ SIZE_T nValueLen)
+    inline HRESULT put_element_hex(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pCurrentDOMNode, _In_z_ const BSTR bstrElementName, _In_opt_z_ const BSTR bstrNamespace, _In_count_(nValueLen) LPCVOID pValue, _In_ SIZE_T nValueLen)
     {
         std::wstring sHex;
         winstd::hex_enc enc;
         enc.encode(sHex, pValue, nValueLen);
         return put_element_value(pDoc, pCurrentDOMNode, bstrElementName, bstrNamespace, winstd::bstr(sHex));
     }
+
+
+    inline std::wstring get_xpath(_In_ IXMLDOMNode *pXmlNode)
+    {
+        if (pXmlNode) {
+            winstd::bstr bstr;
+            winstd::com_obj<IXMLDOMNode> pXmlNodeParent;
+
+            return
+                SUCCEEDED(pXmlNode->get_nodeName(&bstr)) ?
+                SUCCEEDED(pXmlNode->get_parentNode(&pXmlNodeParent)) ? get_xpath(pXmlNodeParent) + L"/" + (LPCWSTR)bstr : (LPCWSTR)bstr : L"?";
+        } else
+            return L"";
+    }
 }

lib/EAPBase/include/Method.h

@@ -0,0 +1,137 @@
+/*
+    Copyright 2015-2016 Amebis
+    Copyright 2016 GÉANT
+
+    This file is part of GÉANTLink.
+
+    GÉANTLink is free software: you can redistribute it and/or modify it
+    under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    GÉANTLink is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+namespace eap
+{
+    ///
+    /// EAP method base class
+    ///
+    class method;
+}
+
+#pragma once
+
+#include "Config.h"
+#include "Credentials.h"
+#include "Module.h"
+
+#include <WinStd/EAP.h>
+
+#include <Windows.h>
+#include <eaptypes.h> // Must include after <Windows.h>
+extern "C" {
+#include <eapmethodpeerapis.h>
+}
+#include <sal.h>
+
+
+namespace eap
+{
+    class method
+    {
+    public:
+        ///
+        /// Constructs an EAP method
+        ///
+        /// \param[in] mod   EAP module to use for global services
+        /// \param[in] cfg   Connection configuration
+        /// \param[in] cred  User credentials
+        ///
+        method(_In_ module &module, _In_ config_connection &cfg, _In_ credentials &cred);
+
+
+        ///
+        /// Moves an EAP method
+        ///
+        /// \param[in] other  EAP method to move from
+        ///
+        method(_Inout_ method &&other);
+
+        ///
+        /// Moves an EAP method
+        ///
+        /// \param[in] other  EAP method to move from
+        ///
+        /// \returns Reference to this object
+        ///
+        method& operator=(_Inout_ method &&other);
+
+        /// \name Packet processing
+        /// @{
+
+        ///
+        /// Starts an EAP authentication session on the peer EAPHost using the EAP method.
+        ///
+        /// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
+        ///
+        virtual void begin_session(
+            _In_        DWORD         dwFlags,
+            _In_  const EapAttributes *pAttributeArray,
+            _In_        HANDLE        hTokenImpersonateUser,
+            _In_        DWORD         dwMaxSendPacketSize);
+
+        ///
+        /// Ends an EAP authentication session for the EAP method.
+        ///
+        /// \sa [EapPeerEndSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363604.aspx)
+        ///
+        virtual void end_session();
+
+        ///
+        /// Processes a packet received by EAPHost from a supplicant.
+        ///
+        /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
+        ///
+        virtual void process_request_packet(
+            _In_bytecount_(dwReceivedPacketSize) const EapPacket           *pReceivedPacket,
+            _In_                                       DWORD               dwReceivedPacketSize,
+            _Inout_                                    EapPeerMethodOutput *pEapOutput) = 0;
+
+        ///
+        /// Obtains a response packet from the EAP method.
+        ///
+        /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
+        ///
+        virtual void get_response_packet(
+            _Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket,
+            _Inout_                            DWORD     *pdwSendPacketSize) = 0;
+
+        ///
+        /// Obtains the result of an authentication session from the EAP method.
+        ///
+        /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
+        ///
+        virtual void get_result(
+            _In_    EapPeerMethodResultReason reason,
+            _Inout_ EapPeerMethodResult       *ppResult) = 0;
+
+        /// @}
+
+    private:
+        // This class is noncopyable.
+        method(_In_ const method &other);
+        method& operator=(_In_ const method &other);
+
+    public:
+        module &m_module;           ///< EAP module
+        config_connection &m_cfg;   ///< Connection configuration
+        credentials &m_cred;        ///< User credentials
+    };
+}

lib/EAPBase/include/Session.h

@@ -1,367 +0,0 @@
-/*
-    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
-
-    This file is part of GÉANTLink.
-
-    GÉANTLink is free software: you can redistribute it and/or modify it
-    under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    GÉANTLink is distributed in the hope that it will be useful, but
-    WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-namespace eap
-{
-    ///
-    /// EAP session
-    ///
-    template <class _Tcfg, class _Tid, class _Tint, class _Tintres> class session;
-}
-
-#pragma once
-
-#include "Module.h"
-
-#include <Windows.h>
-#include <eaptypes.h> // Must include after <Windows.h>
-extern "C" {
-#include <eapmethodpeerapis.h>
-}
-#include <sal.h>
-
-
-namespace eap
-{
-    template <class _Tcfg, class _Tid, class _Tint, class _Tintres>
-    class session
-    {
-    public:
-        ///
-        /// Provider configuration data type
-        ///
-        typedef config_provider<_Tcfg> provider_config_type;
-
-        ///
-        /// Configuration data type
-        ///
-        typedef config_providers<provider_config_type> config_type;
-
-        ///
-        /// Identity data type
-        ///
-        typedef _Tid identity_type;
-
-        ///
-        /// Interactive request data type
-        ///
-        typedef _Tint interactive_request_type;
-
-        ///
-        /// Interactive response data type
-        ///
-        typedef _Tintres interactive_response_type;
-
-    public:
-        ///
-        /// Constructs a session
-        ///
-        /// \param[in] mod  Reference of the EAP module to use for global services
-        ///
-        session(_In_ module &mod) :
-            m_module(mod),
-            m_cfg(mod),
-            m_id(mod)
-        {
-        }
-
-
-        ///
-        /// Copies session
-        ///
-        /// \param[in] other  Session to copy from
-        ///
-        session(_In_ const session &other) :
-            m_module(other.m_module),
-            m_cfg(other.m_cfg),
-            m_id(other.m_id)
-        {
-        }
-
-
-        ///
-        /// Moves session
-        ///
-        /// \param[in] other  Session to move from
-        ///
-        session(_Inout_ session &&other) :
-            m_module(other.m_module),
-            m_cfg(std::move(other.m_cfg)),
-            m_id(std::move(other.m_id))
-        {
-        }
-
-
-        ///
-        /// Copies session
-        ///
-        /// \param[in] other  Session to copy from
-        ///
-        /// \returns Reference to this object
-        ///
-        session& operator=(_In_ const session &other)
-        {
-            if (this != std::addressof(other)) {
-                assert(std::addressof(m_module) ==std::addressof(other.m_module)); // Copy session within same module only!
-                m_cfg = other.m_cfg;
-                m_id  = other.m_id;
-            }
-            return *this;
-        }
-
-
-        ///
-        /// Moves session
-        ///
-        /// \param[in] other  Session to move from
-        ///
-        /// \returns Reference to this object
-        ///
-        session& operator=(_Inout_ session &&other)
-        {
-            if (this != std::addressof(other)) {
-                assert(std::addressof(m_module) ==std::addressof(other.m_module)); // Move session within same module only!
-                m_cfg = std::move(other.m_cfg);
-                m_id  = std::move(other.m_id);
-            }
-            return *this;
-        }
-
-
-        /// \name Session start/end
-        /// @{
-
-        ///
-        /// Starts an EAP authentication session on the peer EAPHost using the EAP method.
-        ///
-        /// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
-        ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool begin(
-            _In_        DWORD         dwFlags,
-            _In_  const EapAttributes *pAttributeArray,
-            _In_        HANDLE        hTokenImpersonateUser,
-            _In_        DWORD         dwMaxSendPacketSize,
-            _Out_       EAP_ERROR     **ppEapError)
-        {
-            UNREFERENCED_PARAMETER(dwFlags);
-            UNREFERENCED_PARAMETER(pAttributeArray);
-            UNREFERENCED_PARAMETER(hTokenImpersonateUser);
-            UNREFERENCED_PARAMETER(dwMaxSendPacketSize);
-            UNREFERENCED_PARAMETER(ppEapError);
-
-            return true;
-        }
-
-
-        ///
-        /// Ends an EAP authentication session for the EAP method.
-        ///
-        /// \sa [EapPeerEndSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363604.aspx)
-        ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool end(_Out_ EAP_ERROR **ppEapError)
-        {
-            UNREFERENCED_PARAMETER(ppEapError);
-
-            return true;
-        }
-
-        /// @}
-
-        /// \name Packet processing
-        /// @{
-
-        ///
-        /// Processes a packet received by EAPHost from a supplicant.
-        ///
-        /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
-        ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool process_request_packet(
-            _In_                                       DWORD               dwReceivedPacketSize,
-            _In_bytecount_(dwReceivedPacketSize) const EapPacket           *pReceivedPacket,
-            _Out_                                      EapPeerMethodOutput *pEapOutput,
-            _Out_                                      EAP_ERROR           **ppEapError)
-        {
-            UNREFERENCED_PARAMETER(dwReceivedPacketSize);
-            UNREFERENCED_PARAMETER(pReceivedPacket);
-            UNREFERENCED_PARAMETER(pEapOutput);
-            assert(ppEapError);
-
-            *ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
-            return false;
-        }
-
-
-        ///
-        /// Obtains a response packet from the EAP method.
-        ///
-        /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
-        ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool get_response_packet(
-            _Inout_                            DWORD              *pdwSendPacketSize,
-            _Inout_bytecap_(*dwSendPacketSize) EapPacket          *pSendPacket,
-            _Out_                              EAP_ERROR          **ppEapError)
-        {
-            UNREFERENCED_PARAMETER(pdwSendPacketSize);
-            UNREFERENCED_PARAMETER(pSendPacket);
-            assert(ppEapError);
-
-            *ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
-            return false;
-        }
-
-
-        ///
-        /// Obtains the result of an authentication session from the EAP method.
-        ///
-        /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
-        ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool get_result(_In_ EapPeerMethodResultReason reason, _Out_ EapPeerMethodResult *ppResult, _Out_ EAP_ERROR **ppEapError)
-        {
-            UNREFERENCED_PARAMETER(reason);
-            UNREFERENCED_PARAMETER(ppResult);
-            assert(ppEapError);
-
-            *ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
-            return false;
-        }
-
-        /// @}
-
-        /// \name UI interaction
-        /// @{
-
-        ///
-        /// Obtains the user interface context from the EAP method.
-        ///
-        /// \note This function is always followed by the `EapPeerInvokeInteractiveUI()` function, which is followed by the `EapPeerSetUIContext()` function.
-        ///
-        /// \sa [EapPeerGetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363612.aspx)
-        ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool get_ui_context(
-            _Out_ interactive_request_type &req,
-            _Out_ EAP_ERROR **ppEapError)
-        {
-            UNREFERENCED_PARAMETER(req);
-            assert(ppEapError);
-
-            *ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
-            return false;
-        }
-
-
-        ///
-        /// Provides a user interface context to the EAP method.
-        ///
-        /// \note This function is called after the UI has been raised through the `EapPeerGetUIContext()` function.
-        ///
-        /// \sa [EapPeerSetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363626.aspx)
-        ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool set_ui_context(
-            _In_ const interactive_response_type &res,
-            _In_ const EapPeerMethodOutput       *pEapOutput,
-            _Out_      EAP_ERROR                 **ppEapError)
-        {
-            UNREFERENCED_PARAMETER(res);
-            UNREFERENCED_PARAMETER(pEapOutput);
-            assert(ppEapError);
-
-            *ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
-            return false;
-        }
-
-        /// @}
-
-        /// \name Response attributes
-        /// @{
-
-        ///
-        /// Obtains an array of EAP response attributes from the EAP method.
-        ///
-        /// \sa [EapPeerGetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363609.aspx)
-        ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool get_response_attributes(_Out_ EapAttributes *pAttribs, _Out_ EAP_ERROR **ppEapError)
-        {
-            UNREFERENCED_PARAMETER(pAttribs);
-            assert(ppEapError);
-
-            *ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
-            return false;
-        }
-
-
-        ///
-        /// Provides an updated array of EAP response attributes to the EAP method.
-        ///
-        /// \sa [EapPeerSetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363625.aspx)
-        ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool set_response_attributes(const _In_ EapAttributes *pAttribs, _Out_ EapPeerMethodOutput *pEapOutput, _Out_ EAP_ERROR **ppEapError)
-        {
-            UNREFERENCED_PARAMETER(pAttribs);
-            UNREFERENCED_PARAMETER(pEapOutput);
-            assert(ppEapError);
-
-            *ppEapError = m_module.make_error(ERROR_NOT_SUPPORTED, _T(__FUNCTION__) _T(" Not supported."));
-            return false;
-        }
-
-        /// @}
-
-    public:
-        module &m_module;   ///< Reference of the EAP module
-        config_type m_cfg;  ///< Session configuration
-        identity_type m_id; ///< User identity
-    };
-}

lib/EAPBase/src/Config.cpp

@@ -48,15 +48,697 @@ eap::config::config(_Inout_ config &&other) :
 
 eap::config& eap::config::operator=(_In_ const config &other)
 {
-    UNREFERENCED_PARAMETER(other);
-    assert(&m_module == &other.m_module); // Copy configuration within same module only!
+    if (this != &other)
+        assert(&m_module == &other.m_module);
+
     return *this;
 }
 
 
 eap::config& eap::config::operator=(_Inout_ config &&other)
 {
-    UNREFERENCED_PARAMETER(other);
-    assert(&m_module == &other.m_module); // Move configuration within same module only!
+    if (this != &other)
+        assert(&m_module == &other.m_module);
+
     return *this;
 }
+
+
+void eap::config::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
+{
+    UNREFERENCED_PARAMETER(pDoc);
+    UNREFERENCED_PARAMETER(pConfigRoot);
+}
+
+
+void eap::config::load(_In_ IXMLDOMNode *pConfigRoot)
+{
+    UNREFERENCED_PARAMETER(pConfigRoot);
+}
+
+
+void eap::config::operator<<(_Inout_ cursor_out &cursor) const
+{
+    UNREFERENCED_PARAMETER(cursor);
+}
+
+
+size_t eap::config::get_pk_size() const
+{
+    return 0;
+}
+
+
+void eap::config::operator>>(_Inout_ cursor_in &cursor)
+{
+    UNREFERENCED_PARAMETER(cursor);
+}
+
+
+//////////////////////////////////////////////////////////////////////
+// eap::config_method
+//////////////////////////////////////////////////////////////////////
+
+eap::config_method::config_method(_In_ module &mod) : config(mod)
+{
+}
+
+
+eap::config_method::config_method(_In_ const config_method &other) : config(other)
+{
+}
+
+
+eap::config_method::config_method(_Inout_ config_method &&other) : config(std::move(other))
+{
+}
+
+
+eap::config_method& eap::config_method::operator=(_In_ const config_method &other)
+{
+    if (this != &other)
+        (config&)*this = other;
+
+    return *this;
+}
+
+
+eap::config_method& eap::config_method::operator=(_Inout_ config_method &&other)
+{
+    if (this != &other)
+        (config&&)*this = std::move(other);
+
+    return *this;
+}
+
+
+//////////////////////////////////////////////////////////////////////
+// eap::config_method_with_cred
+//////////////////////////////////////////////////////////////////////
+
+eap::config_method_with_cred::config_method_with_cred(_In_ module &mod) :
+    m_allow_save(true),
+    m_use_preshared(false),
+    m_auth_failed(false),
+    config_method(mod)
+{
+}
+
+
+eap::config_method_with_cred::config_method_with_cred(_In_ const config_method_with_cred &other) :
+    m_allow_save(other.m_allow_save),
+    m_use_preshared(other.m_use_preshared),
+    m_preshared(other.m_preshared ? (credentials*)other.m_preshared->clone() : nullptr),
+    m_auth_failed(other.m_auth_failed),
+    config_method(other)
+{
+}
+
+
+eap::config_method_with_cred::config_method_with_cred(_Inout_ config_method_with_cred &&other) :
+    m_allow_save(std::move(other.m_allow_save)),
+    m_use_preshared(std::move(other.m_use_preshared)),
+    m_preshared(std::move(other.m_preshared)),
+    m_auth_failed(std::move(other.m_auth_failed)),
+    config_method(std::move(other))
+{
+}
+
+
+eap::config_method_with_cred& eap::config_method_with_cred::operator=(_In_ const config_method_with_cred &other)
+{
+    if (this != &other) {
+        (config_method&)*this = other;
+        m_allow_save          = other.m_allow_save;
+        m_use_preshared       = other.m_use_preshared;
+        m_preshared.reset(other.m_preshared ? (credentials*)other.m_preshared->clone() : nullptr);
+        m_auth_failed         = other.m_auth_failed;
+    }
+
+    return *this;
+}
+
+
+eap::config_method_with_cred& eap::config_method_with_cred::operator=(_Inout_ config_method_with_cred &&other)
+{
+    if (this != &other) {
+        (config_method&)*this = std::move(other                );
+        m_allow_save          = std::move(other.m_allow_save   );
+        m_use_preshared       = std::move(other.m_use_preshared);
+        m_preshared           = std::move(other.m_preshared    );
+        m_auth_failed         = std::move(other.m_auth_failed  );
+    }
+
+    return *this;
+}
+
+
+void eap::config_method_with_cred::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
+{
+    assert(pDoc);
+    assert(pConfigRoot);
+
+    const winstd::bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
+    HRESULT hr;
+
+    // <ClientSideCredential>
+    winstd::com_obj<IXMLDOMElement> pXmlElClientSideCredential;
+    if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, winstd::bstr(L"eap-metadata:ClientSideCredential"), winstd::bstr(L"ClientSideCredential"), bstrNamespace, &pXmlElClientSideCredential)))
+        throw com_runtime_error(hr, __FUNCTION__ " Error creating <ClientSideCredential> element.");
+
+    // <ClientSideCredential>/<allow-save>
+    if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElClientSideCredential, winstd::bstr(L"allow-save"), bstrNamespace, m_allow_save)))
+        throw com_runtime_error(hr, __FUNCTION__ " Error creating <allow-save> element.");
+
+    if (m_use_preshared)
+        m_preshared->save(pDoc, pXmlElClientSideCredential);
+}
+
+
+void eap::config_method_with_cred::load(_In_ IXMLDOMNode *pConfigRoot)
+{
+    assert(pConfigRoot);
+
+    m_allow_save    = true;
+    m_use_preshared = false;
+    m_preshared->clear();
+
+    // <ClientSideCredential>
+    winstd::com_obj<IXMLDOMElement> pXmlElClientSideCredential;
+    if (SUCCEEDED(eapxml::select_element(pConfigRoot, winstd::bstr(L"eap-metadata:ClientSideCredential"), &pXmlElClientSideCredential))) {
+        std::wstring xpath(eapxml::get_xpath(pXmlElClientSideCredential));
+
+        // <allow-save>
+        eapxml::get_element_value(pXmlElClientSideCredential, winstd::bstr(L"eap-metadata:allow-save"), &m_allow_save);
+        m_module.log_config((xpath + L"/allow-save").c_str(), m_allow_save);
+
+        try {
+            m_preshared->load(pXmlElClientSideCredential);
+            m_use_preshared = true;
+        } catch (...) {
+            // This is not really an error - merely an indication pre-shared credentials are unavailable.
+        }
+    }
+}
+
+
+void eap::config_method_with_cred::operator<<(_Inout_ cursor_out &cursor) const
+{
+    config_method::operator<<(cursor);
+    cursor << m_allow_save;
+    cursor << m_use_preshared;
+    cursor << *m_preshared;
+    cursor << m_auth_failed;
+}
+
+
+size_t eap::config_method_with_cred::get_pk_size() const
+{
+    return
+        config_method::get_pk_size() +
+        pksizeof(m_allow_save   ) +
+        pksizeof(m_use_preshared) +
+        pksizeof(*m_preshared   ) +
+        pksizeof(m_auth_failed  );
+}
+
+
+void eap::config_method_with_cred::operator>>(_Inout_ cursor_in &cursor)
+{
+    config_method::operator>>(cursor);
+    cursor >> m_allow_save;
+    cursor >> m_use_preshared;
+    cursor >> *m_preshared;
+    cursor >> m_auth_failed;
+}
+
+
+//////////////////////////////////////////////////////////////////////
+// eap::config_provider
+//////////////////////////////////////////////////////////////////////
+
+eap::config_provider::config_provider(_In_ module &mod) :
+    m_read_only(false),
+    config(mod)
+{
+}
+
+
+eap::config_provider::config_provider(_In_ const config_provider &other) :
+    m_read_only(other.m_read_only),
+    m_id(other.m_id),
+    m_name(other.m_name),
+    m_help_email(other.m_help_email),
+    m_help_web(other.m_help_web),
+    m_help_phone(other.m_help_phone),
+    m_lbl_alt_credential(other.m_lbl_alt_credential),
+    m_lbl_alt_identity(other.m_lbl_alt_identity),
+    m_lbl_alt_password(other.m_lbl_alt_password),
+    config(other)
+{
+    m_methods.reserve(other.m_methods.size());
+    for (vector<unique_ptr<config_method> >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method)
+        m_methods.push_back(std::move(unique_ptr<config_method>(*method ? (config_method*)method->get()->clone() : nullptr)));
+}
+
+
+eap::config_provider::config_provider(_Inout_ config_provider &&other) :
+    m_read_only(std::move(other.m_read_only)),
+    m_id(std::move(other.m_id)),
+    m_name(std::move(other.m_name)),
+    m_help_email(std::move(other.m_help_email)),
+    m_help_web(std::move(other.m_help_web)),
+    m_help_phone(std::move(other.m_help_phone)),
+    m_lbl_alt_credential(std::move(other.m_lbl_alt_credential)),
+    m_lbl_alt_identity(std::move(other.m_lbl_alt_identity)),
+    m_lbl_alt_password(std::move(other.m_lbl_alt_password)),
+    m_methods(std::move(other.m_methods)),
+    config(std::move(other))
+{
+}
+
+
+eap::config_provider& eap::config_provider::operator=(_In_ const config_provider &other)
+{
+    if (this != &other) {
+        (config&)*this       = other;
+        m_read_only          = other.m_read_only;
+        m_id                 = other.m_id;
+        m_name               = other.m_name;
+        m_help_email         = other.m_help_email;
+        m_help_web           = other.m_help_web;
+        m_help_phone         = other.m_help_phone;
+        m_lbl_alt_credential = other.m_lbl_alt_credential;
+        m_lbl_alt_identity   = other.m_lbl_alt_identity;
+        m_lbl_alt_password   = other.m_lbl_alt_password;
+
+        m_methods.clear();
+        m_methods.reserve(other.m_methods.size());
+        for (vector<unique_ptr<config_method> >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method)
+            m_methods.push_back(std::move(unique_ptr<config_method>(*method ? (config_method*)method->get()->clone() : nullptr)));
+    }
+
+    return *this;
+}
+
+
+eap::config_provider& eap::config_provider::operator=(_Inout_ config_provider &&other)
+{
+    if (this != &other) {
+        (config&&)*this      = std::move(other);
+        m_read_only          = std::move(m_read_only);
+        m_id                 = std::move(other.m_id);
+        m_name               = std::move(other.m_name);
+        m_help_email         = std::move(other.m_help_email);
+        m_help_web           = std::move(other.m_help_web);
+        m_help_phone         = std::move(other.m_help_phone);
+        m_lbl_alt_credential = std::move(other.m_lbl_alt_credential);
+        m_lbl_alt_identity   = std::move(other.m_lbl_alt_identity);
+        m_lbl_alt_password   = std::move(other.m_lbl_alt_password);
+        m_methods            = std::move(other.m_methods);
+    }
+
+    return *this;
+}
+
+
+eap::config* eap::config_provider::clone() const
+{
+    return new config_provider(*this);
+}
+
+
+void eap::config_provider::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
+{
+    config::save(pDoc, pConfigRoot);
+
+    const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
+    HRESULT hr;
+
+    // <read-only>
+    if (FAILED(hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"read-only"), bstrNamespace, m_read_only)))
+        throw com_runtime_error(hr, __FUNCTION__ " Error creating <read-only> element.");
+
+    // <ID>
+    if (!m_id.empty())
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"ID"), bstrNamespace, bstr(m_id))))
+            throw com_runtime_error(hr, __FUNCTION__ " Error creating <ID> element.");
+
+    // <ProviderInfo>
+    com_obj<IXMLDOMElement> pXmlElProviderInfo;
+    if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ProviderInfo"), bstr(L"ProviderInfo"), bstrNamespace, &pXmlElProviderInfo)))
+        throw com_runtime_error(hr, __FUNCTION__ " Error creating <ProviderInfo> element.");
+
+    // <ProviderInfo>/<DisplayName>
+    if (!m_name.empty())
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"DisplayName"), bstrNamespace, bstr(m_name))))
+            throw com_runtime_error(hr, __FUNCTION__ " Error creating <DisplayName> element.");
+
+    // <ProviderInfo>/<Helpdesk>
+    com_obj<IXMLDOMElement> pXmlElHelpdesk;
+    if (FAILED(hr = eapxml::create_element(pDoc, pXmlElProviderInfo, bstr(L"eap-metadata:Helpdesk"), bstr(L"Helpdesk"), bstrNamespace, &pXmlElHelpdesk)))
+        throw com_runtime_error(hr, __FUNCTION__ " Error creating <Helpdesk> element.");
+
+    // <ProviderInfo>/<Helpdesk>/<EmailAddress>
+    if (!m_help_email.empty())
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElHelpdesk, bstr(L"EmailAddress"), bstrNamespace, bstr(m_help_email))))
+            throw com_runtime_error(hr, __FUNCTION__ " Error creating <EmailAddress> element.");
+
+    // <ProviderInfo>/<Helpdesk>/<WebAddress>
+    if (!m_help_web.empty())
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElHelpdesk, bstr(L"WebAddress"), bstrNamespace, bstr(m_help_web))))
+            throw com_runtime_error(hr, __FUNCTION__ " Error creating <WebAddress> element.");
+
+    // <ProviderInfo>/<Helpdesk>/<Phone>
+    if (!m_help_phone.empty())
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElHelpdesk, bstr(L"Phone"), bstrNamespace, bstr(m_help_phone))))
+            throw com_runtime_error(hr, __FUNCTION__ " Error creating <Phone> element.");
+
+    // <ProviderInfo>/<CredentialPrompt>
+    if (!m_lbl_alt_credential.empty())
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"CredentialPrompt"), bstrNamespace, bstr(m_lbl_alt_credential))))
+            throw com_runtime_error(hr, __FUNCTION__ " Error creating <CredentialPrompt> element.");
+
+    // <ProviderInfo>/<UserNameLabel>
+    if (!m_lbl_alt_identity.empty())
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"UserNameLabel"), bstrNamespace, bstr(m_lbl_alt_identity))))
+            throw com_runtime_error(hr, __FUNCTION__ " Error creating <UserNameLabel> element.");
+
+    // <ProviderInfo>/<PasswordLabel>
+    if (!m_lbl_alt_password.empty())
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"PasswordLabel"), bstrNamespace, bstr(m_lbl_alt_password))))
+            throw com_runtime_error(hr, __FUNCTION__ " Error creating <PasswordLabel> element.");
+
+    // <AuthenticationMethods>
+    com_obj<IXMLDOMElement> pXmlElAuthenticationMethods;
+    if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:AuthenticationMethods"), bstr(L"AuthenticationMethods"), bstrNamespace, &pXmlElAuthenticationMethods)))
+        throw com_runtime_error(hr, __FUNCTION__ " Error creating <AuthenticationMethods> element.");
+
+    for (vector<unique_ptr<config_method> >::const_iterator method = m_methods.cbegin(), method_end = m_methods.cend(); method != method_end; ++method) {
+        // <AuthenticationMethod>
+        com_obj<IXMLDOMElement> pXmlElAuthenticationMethod;
+        if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"AuthenticationMethod"), bstrNamespace, &pXmlElAuthenticationMethod)))
+            throw com_runtime_error(hr, __FUNCTION__ " Error creating <AuthenticationMethod> element.");
+
+        // <AuthenticationMethod>/...
+        method->get()->save(pDoc, pXmlElAuthenticationMethod);
+
+        if (FAILED(hr = pXmlElAuthenticationMethods->appendChild(pXmlElAuthenticationMethod, NULL)))
+            throw com_runtime_error(hr, __FUNCTION__ " Error appending <AuthenticationMethod> element.");
+    }
+}
+
+
+void eap::config_provider::load(_In_ IXMLDOMNode *pConfigRoot)
+{
+    assert(pConfigRoot);
+    HRESULT hr;
+    wstring xpath(eapxml::get_xpath(pConfigRoot));
+
+    config::load(pConfigRoot);
+
+    // <read-only>
+    if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:read-only"), &m_read_only)))
+        m_read_only = true;
+    m_module.log_config((xpath + L"/read-only").c_str(), m_read_only);
+
+    // <ID>
+    m_id.clear();
+    eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:ID"), m_id);
+    m_module.log_config((xpath + L"/ID").c_str(), m_id.c_str());
+
+    // <ProviderInfo>
+    m_name.clear();
+    m_help_email.clear();
+    m_help_web.clear();
+    m_help_phone.clear();
+    m_lbl_alt_credential.clear();
+    m_lbl_alt_identity.clear();
+    m_lbl_alt_password.clear();
+    com_obj<IXMLDOMElement> pXmlElProviderInfo;
+    if (SUCCEEDED(eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ProviderInfo"), &pXmlElProviderInfo))) {
+        wstring lang;
+        LoadString(m_module.m_instance, 2, lang);
+        wstring xpathProviderInfo(xpath + L"/ProviderInfo");
+
+        // <DisplayName>
+        eapxml::get_element_localized(pXmlElProviderInfo, bstr(L"eap-metadata:DisplayName"), lang.c_str(), m_name);
+        m_module.log_config((xpathProviderInfo + L"/DisplayName").c_str(), m_name.c_str());
+
+        com_obj<IXMLDOMElement> pXmlElHelpdesk;
+        if (SUCCEEDED(eapxml::select_element(pXmlElProviderInfo, bstr(L"eap-metadata:Helpdesk"), &pXmlElHelpdesk))) {
+            wstring xpathHelpdesk(xpathProviderInfo + L"/Helpdesk");
+
+            // <Helpdesk>/<EmailAddress>
+            eapxml::get_element_localized(pXmlElHelpdesk, bstr(L"eap-metadata:EmailAddress"), lang.c_str(), m_help_email);
+            m_module.log_config((xpathHelpdesk + L"/EmailAddress").c_str(), m_help_email.c_str());
+
+            // <Helpdesk>/<WebAddress>
+            eapxml::get_element_localized(pXmlElHelpdesk, bstr(L"eap-metadata:WebAddress"), lang.c_str(), m_help_web);
+            m_module.log_config((xpathHelpdesk + L"/WebAddress").c_str(), m_help_web.c_str());
+
+            // <Helpdesk>/<Phone>
+            eapxml::get_element_localized(pXmlElHelpdesk, bstr(L"eap-metadata:Phone"), lang.c_str(), m_help_phone);
+            m_module.log_config((xpathHelpdesk + L"/Phone").c_str(), m_help_phone.c_str());
+        }
+
+        // <CredentialPrompt>
+        eapxml::get_element_localized(pXmlElProviderInfo, bstr(L"eap-metadata:CredentialPrompt"), lang.c_str(), m_lbl_alt_credential);
+        m_module.log_config((xpathProviderInfo + L"/CredentialPrompt").c_str(), m_lbl_alt_credential.c_str());
+
+        // <UserNameLabel>
+        eapxml::get_element_localized(pXmlElProviderInfo, bstr(L"eap-metadata:UserNameLabel"), lang.c_str(), m_lbl_alt_identity);
+        m_module.log_config((xpathProviderInfo + L"/UserNameLabel").c_str(), m_lbl_alt_identity.c_str());
+
+        // <PasswordLabel>
+        eapxml::get_element_localized(pXmlElProviderInfo, bstr(L"eap-metadata:PasswordLabel"), lang.c_str(), m_lbl_alt_password);
+        m_module.log_config((xpathProviderInfo + L"/PasswordLabel").c_str(), m_lbl_alt_password.c_str());
+    }
+
+    // Iterate authentication methods (<AuthenticationMethods>).
+    m_methods.clear();
+    com_obj<IXMLDOMNodeList> pXmlListMethods;
+    if (FAILED(hr = eapxml::select_nodes(pConfigRoot, bstr(L"eap-metadata:AuthenticationMethods/eap-metadata:AuthenticationMethod"), &pXmlListMethods)))
+        throw com_runtime_error(hr, __FUNCTION__ " Error selecting <AuthenticationMethods>/<AuthenticationMethod> elements.");
+    long lCount = 0;
+    pXmlListMethods->get_length(&lCount);
+    for (long i = 0; i < lCount; i++) {
+        com_obj<IXMLDOMNode> pXmlElMethod;
+        pXmlListMethods->get_item(i, &pXmlElMethod);
+
+        unique_ptr<config_method> cfg(m_module.make_config_method());
+
+        // Check EAP method type (<EAPMethod>).
+        DWORD dwMethodID;
+        if (SUCCEEDED(eapxml::get_element_value(pXmlElMethod, bstr(L"eap-metadata:EAPMethod"), &dwMethodID))) {
+            if ((eap_type_t)dwMethodID != cfg->get_method_id()) {
+                // Wrong type.
+                continue;
+            }
+        }
+
+        // Load configuration.
+        cfg->load(pXmlElMethod);
+
+        // Add configuration to the list.
+        m_methods.push_back(std::move(cfg));
+    }
+}
+
+
+void eap::config_provider::operator<<(_Inout_ cursor_out &cursor) const
+{
+    config::operator<<(cursor);
+    cursor << m_read_only         ;
+    cursor << m_id                ;
+    cursor << m_name              ;
+    cursor << m_help_email        ;
+    cursor << m_help_web          ;
+    cursor << m_help_phone        ;
+    cursor << m_lbl_alt_credential;
+    cursor << m_lbl_alt_identity  ;
+    cursor << m_lbl_alt_password  ;
+    cursor << m_methods           ;
+}
+
+
+size_t eap::config_provider::get_pk_size() const
+{
+    return
+        config::get_pk_size()          +
+        pksizeof(m_read_only         ) +
+        pksizeof(m_id                ) +
+        pksizeof(m_name              ) +
+        pksizeof(m_help_email        ) +
+        pksizeof(m_help_web          ) +
+        pksizeof(m_help_phone        ) +
+        pksizeof(m_lbl_alt_credential) +
+        pksizeof(m_lbl_alt_identity  ) +
+        pksizeof(m_lbl_alt_password  ) +
+        pksizeof(m_methods           );
+}
+
+
+void eap::config_provider::operator>>(_Inout_ cursor_in &cursor)
+{
+    config::operator>>(cursor);
+    cursor >> m_read_only         ;
+    cursor >> m_id                ;
+    cursor >> m_name              ;
+    cursor >> m_help_email        ;
+    cursor >> m_help_web          ;
+    cursor >> m_help_phone        ;
+    cursor >> m_lbl_alt_credential;
+    cursor >> m_lbl_alt_identity  ;
+    cursor >> m_lbl_alt_password  ;
+
+    list<config_method>::size_type count;
+    bool is_nonnull;
+    cursor >> count;
+    m_methods.clear();
+    for (list<config_method>::size_type i = 0; i < count; i++) {
+        cursor >> is_nonnull;
+        if (is_nonnull) {
+            unique_ptr<config_method> el(m_module.make_config_method());
+            cursor >> *el;
+            m_methods.push_back(std::move(el));
+        } else
+            m_methods.push_back(nullptr);
+    }
+}
+
+
+//////////////////////////////////////////////////////////////////////
+// eap::config_connection
+//////////////////////////////////////////////////////////////////////
+
+eap::config_connection::config_connection(_In_ module &mod) : config(mod)
+{
+}
+
+
+eap::config_connection::config_connection(_In_ const config_connection &other) :
+    m_providers(other.m_providers),
+    config(other)
+{
+}
+
+
+eap::config_connection::config_connection(_Inout_ config_connection &&other) :
+    m_providers(std::move(other.m_providers)),
+    config(std::move(other))
+{
+}
+
+
+eap::config_connection& eap::config_connection::operator=(_In_ const config_connection &other)
+{
+    if (this != &other) {
+        (config&)*this = other;
+        m_providers    = other.m_providers;
+    }
+
+    return *this;
+}
+
+
+eap::config_connection& eap::config_connection::operator=(_Inout_ config_connection &&other)
+{
+    if (this != &other) {
+        (config&&)*this = std::move(other);
+        m_providers     = std::move(other.m_providers);
+    }
+
+    return *this;
+}
+
+
+eap::config* eap::config_connection::clone() const
+{
+    return new config_connection(*this);
+}
+
+
+void eap::config_connection::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
+{
+    config::save(pDoc, pConfigRoot);
+
+    const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
+    HRESULT hr;
+
+    // Select <EAPIdentityProviderList> node.
+    com_obj<IXMLDOMNode> pXmlElIdentityProviderList;
+    if (FAILED(hr = eapxml::select_node(pConfigRoot, bstr(L"eap-metadata:EAPIdentityProviderList"), &pXmlElIdentityProviderList)))
+        throw com_runtime_error(hr, __FUNCTION__ " Error selecting <EAPIdentityProviderList> element.");
+
+    for (vector<config_provider>::const_iterator provider = m_providers.cbegin(), provider_end = m_providers.cend(); provider != provider_end; ++provider) {
+        // <EAPIdentityProvider>
+        com_obj<IXMLDOMElement> pXmlElIdentityProvider;
+        if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"EAPIdentityProvider"), bstrNamespace, &pXmlElIdentityProvider)))
+            throw com_runtime_error(hr, __FUNCTION__ " Error creating <EAPIdentityProvider> element.");
+
+        // <EAPIdentityProvider>/...
+        provider->save(pDoc, pXmlElIdentityProvider);
+
+        if (FAILED(hr = pXmlElIdentityProviderList->appendChild(pXmlElIdentityProvider, NULL)))
+            throw com_runtime_error(hr, __FUNCTION__ " Error appending <EAPIdentityProvider> element.");
+    }
+}
+
+
+void eap::config_connection::load(_In_ IXMLDOMNode *pConfigRoot)
+{
+    assert(pConfigRoot);
+    HRESULT hr;
+
+    config::load(pConfigRoot);
+
+    // Iterate authentication providers (<EAPIdentityProvider>).
+    com_obj<IXMLDOMNodeList> pXmlListProviders;
+    if (FAILED(hr = eapxml::select_nodes(pConfigRoot, bstr(L"eap-metadata:EAPIdentityProviderList/eap-metadata:EAPIdentityProvider"), &pXmlListProviders)))
+        throw com_runtime_error(hr, __FUNCTION__ " Error selecting <EAPIdentityProviderList><EAPIdentityProvider> elements.");
+    long lCount = 0;
+    pXmlListProviders->get_length(&lCount);
+    for (long i = 0; i < lCount; i++) {
+        com_obj<IXMLDOMNode> pXmlElProvider;
+        pXmlListProviders->get_item(i, &pXmlElProvider);
+
+        config_provider prov(m_module);
+
+        // Load provider.
+        prov.load(pXmlElProvider);
+
+        // Add provider to the list.
+        m_providers.push_back(std::move(prov));
+    }
+}
+
+
+void eap::config_connection::operator<<(_Inout_ cursor_out &cursor) const
+{
+    config::operator<<(cursor);
+    cursor << m_providers;
+}
+
+
+size_t eap::config_connection::get_pk_size() const
+{
+    return
+        config::get_pk_size() +
+        pksizeof(m_providers);
+}
+
+
+void eap::config_connection::operator>>(_Inout_ cursor_in &cursor)
+{
+    config::operator>>(cursor);
+
+    list<config_provider>::size_type count;
+    cursor >> count;
+    m_providers.clear();
+    for (list<config_provider>::size_type i = 0; i < count; i++) {
+        config_provider el(m_module);
+        cursor >> el;
+        m_providers.push_back(std::move(el));
+    }
+}

lib/EAPBase/src/Credentials.cpp

@@ -83,32 +83,69 @@ bool eap::credentials::empty() const
 }
 
 
-bool eap::credentials::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const
+void eap::credentials::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
 {
+    assert(pDoc);
+    assert(pConfigRoot);
+
+    config::save(pDoc, pConfigRoot);
+
     const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
-    DWORD dwResult;
+    HRESULT hr;
 
     // <UserName>
-    if ((dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))) != ERROR_SUCCESS) {
-        *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <UserName> element."));
-        return false;
-    }
-
-    return true;
+    if (FAILED(hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))))
+        throw com_runtime_error(hr, __FUNCTION__ " Error creating <UserName> element.");
 }
 
 
-bool eap::credentials::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError)
+void eap::credentials::load(_In_ IXMLDOMNode *pConfigRoot)
 {
     assert(pConfigRoot);
-    DWORD dwResult;
+    HRESULT hr;
 
-    if ((dwResult = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)) != ERROR_SUCCESS) {
-        *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error reading <UserName> element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document."));
-        return false;
-    }
+    config::load(pConfigRoot);
 
-    return true;
+    std::wstring xpath(eapxml::get_xpath(pConfigRoot));
+
+    if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:UserName"), m_identity)))
+        throw com_runtime_error(hr, __FUNCTION__ " Error reading <UserName> element.");
+
+    m_module.log_config((xpath + L"/UserName").c_str(), m_identity.c_str());
+}
+
+
+void eap::credentials::operator<<(_Inout_ cursor_out &cursor) const
+{
+    config::operator<<(cursor);
+    cursor << m_identity;
+}
+
+
+size_t eap::credentials::get_pk_size() const
+{
+    return
+        config::get_pk_size() +
+        pksizeof(m_identity);
+}
+
+
+void eap::credentials::operator>>(_Inout_ cursor_in &cursor)
+{
+    config::operator>>(cursor);
+    cursor >> m_identity;
+}
+
+
+wstring eap::credentials::get_identity() const
+{
+    return m_identity;
+}
+
+
+tstring eap::credentials::get_name() const
+{
+    return !empty() ? get_identity() : _T("<blank>");
 }
 
 
@@ -170,51 +207,75 @@ bool eap::credentials_pass::empty() const
 }
 
 
-bool eap::credentials_pass::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const
+void eap::credentials_pass::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
 {
-    const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
-    DWORD dwResult;
+    assert(pDoc);
+    assert(pConfigRoot);
 
-    if (!credentials::save(pDoc, pConfigRoot, ppEapError))
-        return false;
+    credentials::save(pDoc, pConfigRoot);
+
+    const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
+    HRESULT hr;
 
     // <Password>
     bstr pass(m_password);
-    dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"Password"), bstrNamespace, pass);
+    hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"Password"), bstrNamespace, pass);
     SecureZeroMemory((BSTR)pass, sizeof(OLECHAR)*pass.length());
-    if (dwResult != ERROR_SUCCESS) {
-        *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <Password> element."));
-        return false;
-    }
-
-    return true;
+    if (FAILED(hr))
+        throw com_runtime_error(hr, __FUNCTION__ " Error creating <Password> element.");
 }
 
 
-bool eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError)
+void eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot)
 {
     assert(pConfigRoot);
-    DWORD dwResult;
+    HRESULT hr;
 
-    if (!credentials::load(pConfigRoot, ppEapError))
-        return false;
+    credentials::load(pConfigRoot);
+
+    std::wstring xpath(eapxml::get_xpath(pConfigRoot));
 
     bstr pass;
-    if ((dwResult = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:Password"), &pass)) != ERROR_SUCCESS) {
-        *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error reading <Password> element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document."));
-        return false;
-    }
+    if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:Password"), &pass)))
+        throw com_runtime_error(hr, __FUNCTION__ " Error reading <Password> element.");
     m_password = pass;
     SecureZeroMemory((BSTR)pass, sizeof(OLECHAR)*pass.length());
 
-    return true;
+    m_module.log_config((xpath + L"/Password").c_str(),
+#ifdef _DEBUG
+        m_password.c_str()
+#else
+        L"********"
+#endif
+        );
 }
 
 
-bool eap::credentials_pass::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) const
+void eap::credentials_pass::operator<<(_Inout_ cursor_out &cursor) const
+{
+    credentials::operator<<(cursor);
+    cursor << m_password;
+}
+
+
+size_t eap::credentials_pass::get_pk_size() const
+{
+    return
+        credentials::get_pk_size() +
+        pksizeof(m_password);
+}
+
+
+void eap::credentials_pass::operator>>(_Inout_ cursor_in &cursor)
+{
+    credentials::operator>>(cursor);
+    cursor >> m_password;
+}
+
+
+void eap::credentials_pass::store(_In_z_ LPCTSTR pszTargetName) const
 {
     assert(pszTargetName);
-    assert(ppEapError);
 
     // Convert password to UTF-8.
     sanitizing_string cred_utf8;
@@ -224,10 +285,8 @@ bool eap::credentials_pass::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **
     DATA_BLOB cred_blob    = { (DWORD)cred_utf8.size() , (LPBYTE)cred_utf8.data() };
     DATA_BLOB entropy_blob = {        sizeof(s_entropy), (LPBYTE)s_entropy        };
     data_blob cred_enc;
-    if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc)) {
-        *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptProtectData failed."));
-        return false;
-    }
+    if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc))
+        throw win_runtime_error(__FUNCTION__ " CryptProtectData failed.");
 
     tstring target(target_name(pszTargetName));
 
@@ -248,34 +307,26 @@ bool eap::credentials_pass::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **
         NULL,                       // TargetAlias
         (LPTSTR)m_identity.c_str()  // UserName
     };
-    if (!CredWrite(&cred, 0)) {
-        *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CredWrite failed."));
-        return false;
-    }
-
-    return true;
+    if (!CredWrite(&cred, 0))
+        throw win_runtime_error(__FUNCTION__ " CredWrite failed.");
 }
 
 
-bool eap::credentials_pass::retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError)
+void eap::credentials_pass::retrieve(_In_z_ LPCTSTR pszTargetName)
 {
     assert(pszTargetName);
 
     // Read credentials.
     unique_ptr<CREDENTIAL, CredFree_delete<CREDENTIAL> > cred;
-    if (!CredRead(target_name(pszTargetName).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred)) {
-        *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CredRead failed."));
-        return false;
-    }
+    if (!CredRead(target_name(pszTargetName).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred))
+        throw win_runtime_error(__FUNCTION__ " CredRead failed.");
 
     // Decrypt the password using user's key.
     DATA_BLOB cred_enc     = { cred->CredentialBlobSize,         cred->CredentialBlob };
     DATA_BLOB entropy_blob = { sizeof(s_entropy)       , (LPBYTE)s_entropy            };
     data_blob cred_int;
-    if (!CryptUnprotectData(&cred_enc, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_VERIFY_PROTECTION, &cred_int)) {
-        *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptUnprotectData failed."));
-        return false;
-    }
+    if (!CryptUnprotectData(&cred_enc, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_VERIFY_PROTECTION, &cred_int))
+        throw win_runtime_error(__FUNCTION__ " CryptUnprotectData failed.");
 
     // Convert password from UTF-8.
     MultiByteToWideChar(CP_UTF8, 0, (LPCSTR)cred_int.pbData, (int)cred_int.cbData, m_password);
@@ -286,7 +337,15 @@ bool eap::credentials_pass::retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR
     else
         m_identity.clear();
 
-    return true;
+    wstring xpath(pszTargetName);
+    m_module.log_config((xpath + L"/Identity").c_str(), m_identity.c_str());
+    m_module.log_config((xpath + L"/Password").c_str(),
+#ifdef _DEBUG
+        m_password.c_str()
+#else
+        L"********"
+#endif
+        );
 }
 
 

lib/EAPBase/src/Method.cpp

@@ -0,0 +1,74 @@
+/*
+    Copyright 2015-2016 Amebis
+    Copyright 2016 G<>ANT
+
+    This file is part of G<>ANTLink.
+
+    G<>ANTLink is free software: you can redistribute it and/or modify it
+    under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    G<>ANTLink is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with G<>ANTLink. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "StdAfx.h"
+
+using namespace std;
+using namespace winstd;
+
+
+//////////////////////////////////////////////////////////////////////
+// eap::method
+//////////////////////////////////////////////////////////////////////
+
+eap::method::method(_In_ module &module, _In_ config_connection &cfg, _In_ credentials &cred) :
+    m_module(module),
+    m_cfg(cfg),
+    m_cred(cred)
+{
+}
+
+
+eap::method::method(_Inout_ method &&other) :
+    m_module(other.m_module),
+    m_cfg(other.m_cfg),
+    m_cred(other.m_cred)
+{
+}
+
+
+eap::method& eap::method::operator=(_Inout_ method &&other)
+{
+    if (this != std::addressof(other)) {
+        assert(std::addressof(m_module) == std::addressof(other.m_module)); // Move method within same module only!
+        assert(std::addressof(m_cfg   ) == std::addressof(other.m_cfg   )); // Move method with same configuration only!
+        assert(std::addressof(m_cred  ) == std::addressof(other.m_cred  )); // Move method with same credentials only!
+    }
+
+    return *this;
+}
+
+
+void eap::method::begin_session(
+    _In_        DWORD         dwFlags,
+    _In_  const EapAttributes *pAttributeArray,
+    _In_        HANDLE        hTokenImpersonateUser,
+    _In_        DWORD         dwMaxSendPacketSize)
+{
+    UNREFERENCED_PARAMETER(dwFlags);
+    UNREFERENCED_PARAMETER(pAttributeArray);
+    UNREFERENCED_PARAMETER(hTokenImpersonateUser);
+    UNREFERENCED_PARAMETER(dwMaxSendPacketSize);
+}
+
+
+void eap::method::end_session()
+{
+}

lib/EAPBase/src/Module.cpp

@@ -28,12 +28,12 @@ using namespace winstd;
 // eap::module
 //////////////////////////////////////////////////////////////////////
 
-eap::module::module(type_t eap_method) :
+eap::module::module(eap_type_t eap_method) :
     m_eap_method(eap_method),
     m_instance(NULL)
 {
     m_ep.create(&EAPMETHOD_TRACE_EVENT_PROVIDER);
-    m_ep.write(&EAPMETHOD_TRACE_EVT_MODULE_LOAD, event_data((DWORD)m_eap_method), event_data::blank);
+    m_ep.write(&EAPMETHOD_TRACE_EVT_MODULE_LOAD, event_data((unsigned int)m_eap_method), event_data::blank);
 
     m_heap.create(0, 0, 0);
 }
@@ -41,7 +41,7 @@ eap::module::module(type_t eap_method) :
 
 eap::module::~module()
 {
-    m_ep.write(&EAPMETHOD_TRACE_EVT_MODULE_UNLOAD, event_data((DWORD)m_eap_method), event_data::blank);
+    m_ep.write(&EAPMETHOD_TRACE_EVT_MODULE_UNLOAD, event_data((unsigned int)m_eap_method), event_data::blank);
 }
 
 
@@ -85,16 +85,58 @@ EAP_ERROR* eap::module::make_error(_In_ DWORD dwErrorCode, _In_opt_z_ LPCWSTR ps
 }
 
 
+EAP_ERROR* eap::module::make_error(_In_ std::exception &err) const
+{
+    wstring what;
+    MultiByteToWideChar(CP_ACP, 0, err.what(), -1, what);
+
+    {
+        win_runtime_error *e = dynamic_cast<win_runtime_error*>(&err);
+        if (e)
+            return make_error(e->number(), what.c_str());
+    }
+
+    {
+        com_runtime_error *e = dynamic_cast<com_runtime_error*>(&err);
+        if (e)
+            return make_error(HRESULT_CODE(e->number()), what.c_str());
+    }
+
+    {
+        sec_runtime_error *e = dynamic_cast<sec_runtime_error*>(&err);
+        if (e)
+            return make_error(SCODE_CODE(e->number()), what.c_str());
+    }
+
+    {
+        invalid_argument *e = dynamic_cast<invalid_argument*>(&err);
+        if (e)
+            return make_error(ERROR_INVALID_PARAMETER, what.c_str());
+    }
+
+    wstring name;
+    MultiByteToWideChar(CP_ACP, 0, typeid(err).name(), -1, name);
+    name += L": ";
+    name += what;
+    return make_error(ERROR_INVALID_DATA, name.c_str());
+}
+
+
 BYTE* eap::module::alloc_memory(_In_ size_t size)
 {
-    return (BYTE*)HeapAlloc(m_heap, 0, size);
+    BYTE *p = (BYTE*)HeapAlloc(m_heap, 0, size);
+    if (!p)
+        throw win_runtime_error(winstd::string_printf(__FUNCTION__ " Error allocating memory for BLOB (%uB).", size));
+    return p;
 }
 
 
 void eap::module::free_memory(_In_ BYTE *ptr)
 {
+#if !EAP_ENCRYPT_BLOBS
     // Since we do security here and some of the BLOBs contain credentials, sanitize every memory block before freeing.
     SecureZeroMemory(ptr, HeapSize(m_heap, 0, ptr));
+#endif
     HeapFree(m_heap, 0, ptr);
 }
 
@@ -122,20 +164,22 @@ void eap::module::log_error(_In_ const EAP_ERROR *err) const
     evt_desc.push_back(event_data(&(err->helpLinkGuid), sizeof(GUID)));
     evt_desc.push_back(event_data(err->pRootCauseString));
     evt_desc.push_back(event_data(err->pRepairString));
-    m_ep.write(&EAPMETHOD_TRACE_EAP_ERROR, (ULONG)evt_desc.size(), evt_desc.data());
+    m_ep.write(&EAPMETHOD_TRACE_EVT_EAP_ERROR, (ULONG)evt_desc.size(), evt_desc.data());
 }
 
 
-bool eap::module::encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector<unsigned char> &enc, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash) const
+eap::config_method* eap::module::make_config_method()
 {
-    assert(ppEapError);
+    return NULL;
+}
 
+
+std::vector<unsigned char> eap::module::encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_opt_ HCRYPTHASH hHash) const
+{
     // Generate 256-bit AES session key.
     crypt_key key_aes;
-    if (!CryptGenKey(hProv, CALG_AES_256, MAKELONG(CRYPT_EXPORTABLE, 256), &key_aes)) {
-        *ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptGenKey failed."));
-        return false;
-    }
+    if (!CryptGenKey(hProv, CALG_AES_256, MAKELONG(CRYPT_EXPORTABLE, 256), &key_aes))
+        throw win_runtime_error(__FUNCTION__ " CryptGenKey failed.");
 
     // Import the public RSA key.
     HRSRC res = FindResource(m_instance, MAKEINTRESOURCE(IDR_EAP_KEY_PUBLIC), RT_RCDATA);
@@ -145,22 +189,16 @@ bool eap::module::encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void
     crypt_key key_rsa;
     unique_ptr<CERT_PUBLIC_KEY_INFO, LocalFree_delete<CERT_PUBLIC_KEY_INFO> > keyinfo_data;
     DWORD keyinfo_size = 0;
-    if (!CryptDecodeObjectEx(X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO, (const BYTE*)::LockResource(res_handle), ::SizeofResource(m_instance, res), CRYPT_DECODE_ALLOC_FLAG, NULL, &keyinfo_data, &keyinfo_size)) {
-        *ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptDecodeObjectEx failed."));
-        return false;
-    }
-    if (!key_rsa.import_public(hProv, X509_ASN_ENCODING, keyinfo_data.get())) {
-        *ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" Public key import failed."));
-        return false;
-    }
+    if (!CryptDecodeObjectEx(X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO, (const BYTE*)::LockResource(res_handle), ::SizeofResource(m_instance, res), CRYPT_DECODE_ALLOC_FLAG, NULL, &keyinfo_data, &keyinfo_size))
+        throw win_runtime_error(__FUNCTION__ " CryptDecodeObjectEx failed.");
+    if (!key_rsa.import_public(hProv, X509_ASN_ENCODING, keyinfo_data.get()))
+        throw win_runtime_error(__FUNCTION__ " Public key import failed.");
 
     // Export AES session key encrypted with public RSA key.
     vector<unsigned char, sanitizing_allocator<unsigned char> > buf;
-    if (!CryptExportKey(key_aes, key_rsa, SIMPLEBLOB, 0, buf)) {
-        *ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptExportKey failed."));
-        return false;
-    }
-    enc.assign(buf.begin(), buf.end());
+    if (!CryptExportKey(key_aes, key_rsa, SIMPLEBLOB, 0, buf))
+        throw win_runtime_error(__FUNCTION__ " CryptExportKey failed.");
+    std::vector<unsigned char> enc(buf.begin(), buf.end());
 
     // Pre-allocate memory to allow space, as encryption will grow the data.
     buf.assign((const unsigned char*)data, (const unsigned char*)data + size);
@@ -169,38 +207,116 @@ bool eap::module::encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void
     buf.reserve((size + dwBlockLen) / dwBlockLen * dwBlockLen);
 
     // Encrypt the data using AES key.
-    if (!CryptEncrypt(key_aes, hHash, TRUE, 0, buf)) {
-        *ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptEncrypt failed."));
-        return false;
-    }
+    if (!CryptEncrypt(key_aes, hHash, TRUE, 0, buf))
+        throw win_runtime_error(__FUNCTION__ " CryptEncrypt failed.");
 
     // Append encrypted data.
     enc.insert(enc.cend(), buf.begin(), buf.end());
-    return true;
+    return enc;
 }
 
 
-bool eap::module::encrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector<unsigned char> &enc, _Out_ EAP_ERROR **ppEapError) const
+std::vector<unsigned char> eap::module::encrypt_md5(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size) const
 {
     // Create hash.
     crypt_hash hash;
-    if (!hash.create(hProv, CALG_MD5)) {
-        *ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" Creating MD5 hash failed."));
-        return false;
-    }
+    if (!hash.create(hProv, CALG_MD5))
+        throw win_runtime_error(__FUNCTION__ " Creating MD5 hash failed.");
 
     // Encrypt data.
-    if (!encrypt(hProv, data, size, enc, ppEapError, hash))
-        return false;
+    std::vector<unsigned char> enc(std::move(encrypt(hProv, data, size, hash)));
 
     // Calculate MD5 hash.
     vector<unsigned char> hash_bin;
-    if (!CryptGetHashParam(hash, HP_HASHVAL, hash_bin, 0)) {
-        *ppEapError = make_error(GetLastError(), _T(__FUNCTION__) _T(" Calculating MD5 hash failed."));
-        return false;
-    }
+    if (!CryptGetHashParam(hash, HP_HASHVAL, hash_bin, 0))
+        throw invalid_argument(__FUNCTION__ " Calculating MD5 hash failed.");
 
     // Append hash.
     enc.insert(enc.end(), hash_bin.begin(), hash_bin.end());
-    return true;
+    return enc;
+}
+
+
+//////////////////////////////////////////////////////////////////////
+// eap::peer
+//////////////////////////////////////////////////////////////////////
+
+eap::peer::peer(_In_ eap_type_t eap_method) : module(eap_method)
+{
+}
+
+
+void eap::peer::query_credential_input_fields(
+    _In_                                   HANDLE                       hUserImpersonationToken,
+    _In_                                   DWORD                        dwFlags,
+    _In_                                   DWORD                        dwConnectionDataSize,
+    _In_count_(dwConnectionDataSize) const BYTE                         *pConnectionData,
+    _Inout_                                EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldsArray) const
+{
+    UNREFERENCED_PARAMETER(hUserImpersonationToken);
+    UNREFERENCED_PARAMETER(dwFlags);
+    UNREFERENCED_PARAMETER(dwConnectionDataSize);
+    UNREFERENCED_PARAMETER(pConnectionData);
+    UNREFERENCED_PARAMETER(pEapConfigInputFieldsArray);
+
+    throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Not supported.");
+}
+
+
+void eap::peer::query_user_blob_from_credential_input_fields(
+    _In_                                   HANDLE                       hUserImpersonationToken,
+    _In_                                   DWORD                        dwFlags,
+    _In_                                   DWORD                        dwConnectionDataSize,
+    _In_count_(dwConnectionDataSize) const BYTE                         *pConnectionData,
+    _In_                             const EAP_CONFIG_INPUT_FIELD_ARRAY *pEapConfigInputFieldArray,
+    _Inout_                                DWORD                        *pdwUsersBlobSize,
+    _Inout_                                BYTE                         **ppUserBlob) const
+{
+    UNREFERENCED_PARAMETER(hUserImpersonationToken);
+    UNREFERENCED_PARAMETER(dwFlags);
+    UNREFERENCED_PARAMETER(dwConnectionDataSize);
+    UNREFERENCED_PARAMETER(pConnectionData);
+    UNREFERENCED_PARAMETER(pEapConfigInputFieldArray);
+    UNREFERENCED_PARAMETER(pdwUsersBlobSize);
+    UNREFERENCED_PARAMETER(ppUserBlob);
+
+    throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Not supported.");
+}
+
+
+void eap::peer::query_interactive_ui_input_fields(
+    _In_                                  DWORD                   dwVersion,
+    _In_                                  DWORD                   dwFlags,
+    _In_                                  DWORD                   dwUIContextDataSize,
+    _In_count_(dwUIContextDataSize) const BYTE                    *pUIContextData,
+    _Inout_                               EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData) const
+{
+    UNREFERENCED_PARAMETER(dwVersion);
+    UNREFERENCED_PARAMETER(dwFlags);
+    UNREFERENCED_PARAMETER(dwUIContextDataSize);
+    UNREFERENCED_PARAMETER(pUIContextData);
+    UNREFERENCED_PARAMETER(pEapInteractiveUIData);
+
+    throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Not supported.");
+}
+
+
+void eap::peer::query_ui_blob_from_interactive_ui_input_fields(
+    _In_                                  DWORD                   dwVersion,
+    _In_                                  DWORD                   dwFlags,
+    _In_                                  DWORD                   dwUIContextDataSize,
+    _In_count_(dwUIContextDataSize) const BYTE                    *pUIContextData,
+    _In_                            const EAP_INTERACTIVE_UI_DATA *pEapInteractiveUIData,
+    _Inout_                               DWORD                   *pdwDataFromInteractiveUISize,
+    _Inout_                               BYTE                    **ppDataFromInteractiveUI) const
+{
+    UNREFERENCED_PARAMETER(dwVersion);
+    UNREFERENCED_PARAMETER(dwFlags);
+    UNREFERENCED_PARAMETER(dwUIContextDataSize);
+    UNREFERENCED_PARAMETER(pUIContextData);
+    UNREFERENCED_PARAMETER(pEapInteractiveUIData);
+    UNREFERENCED_PARAMETER(pdwDataFromInteractiveUISize);
+    UNREFERENCED_PARAMETER(ppDataFromInteractiveUI);
+
+    throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Not supported.");
 }

lib/EAPBase/src/StdAfx.h

@@ -22,14 +22,14 @@
 
 #include "../include/Config.h"
 #include "../include/Credentials.h"
+#include "../include/Method.h"
 #include "../include/Module.h"
-#include "../include/Session.h"
 
 #include "../include/EAP.h"
-#include "../include/EAPSerial.h"
 #include "../include/EAPXML.h"
 
 #include <WinStd/Cred.h>
 #include <WinStd/ETW.h>
+#include <WinStd/Sec.h>
 
 #include <EventsETW.h>

lib/EAPBase_UI/build/EAPBase_UI.vcxproj

@@ -87,6 +87,7 @@
   <ItemGroup>
     <ClCompile Include="..\res\wxEAP_UI.cpp" />
     <ClCompile Include="..\src\EAP_UI.cpp" />
+    <ClCompile Include="..\src\Module.cpp" />
     <ClCompile Include="..\src\StdAfx.cpp">
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>

lib/EAPBase_UI/build/EAPBase_UI.vcxproj.filters

@@ -38,6 +38,9 @@
     <ClCompile Include="..\res\wxEAP_UI.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="..\src\Module.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <None Include="..\res\wxEAP_UI.fbp">

lib/EAPBase_UI/include/Module.h

@@ -21,11 +21,11 @@
 namespace eap
 {
     ///
-    /// EAP UI peer base abstract class template
+    /// EAP UI peer base abstract class
     ///
     /// A group of methods all EAP UI peers must or should implement.
     ///
-    template <class _Tmeth, class _Tid, class _Tint, class _Tintres> class peer_ui;
+    class peer_ui;
 }
 
 #pragma once
@@ -35,75 +35,79 @@ namespace eap
 
 namespace eap
 {
-    template <class _Tcfg, class _Tid, class _Tint, class _Tintres>
-    class peer_ui : public peer_base<_Tcfg, _Tid, _Tint, _Tintres>
+    class peer_ui : public module
     {
     public:
         ///
         /// Constructs a EAP UI peer module for the given EAP type
         ///
-        peer_ui(_In_ type_t eap_method) : peer_base<_Tcfg, _Tid, _Tint, _Tintres>(eap_method) {}
+        /// \param[in] eap_method  EAP method type ID
+        ///
+        peer_ui(_In_ winstd::eap_type_t eap_method);
+
+        ///
+        /// Converts XML into the configuration BLOB.
+        ///
+        /// \sa [EapPeerConfigXml2Blob function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363602.aspx)
+        ///
+        virtual void config_xml2blob(
+            _In_    DWORD       dwFlags,
+            _In_    IXMLDOMNode *pConfigRoot,
+            _Inout_ BYTE        **pConnectionDataOut,
+            _Inout_ DWORD       *pdwConnectionDataOutSize) = 0;
+
+        ///
+        /// Converts the configuration BLOB to XML.
+        ///
+        /// The configuration BLOB is returned in the `ppConnectionDataOut` parameter of the `EapPeerInvokeConfigUI` function.
+        ///
+        /// \sa [EapPeerConfigBlob2Xml function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363601.aspx)
+        ///
+        virtual void config_blob2xml(
+            _In_                                   DWORD           dwFlags,
+            _In_count_(dwConnectionDataSize) const BYTE            *pConnectionData,
+            _In_                                   DWORD           dwConnectionDataSize,
+            _In_                                   IXMLDOMDocument *pDoc,
+            _In_                                   IXMLDOMNode     *pConfigRoot) = 0;
 
         ///
         /// Raises the EAP method's specific connection configuration user interface dialog on the client.
         ///
         /// \sa [EapPeerInvokeConfigUI function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363614.aspx)
         ///
-        /// \param[in]    hwndParent  Parent window
-        /// \param[inout] cfg         Configuration to edit
-        /// \param[out]   ppEapError  Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
-        ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool invoke_config_ui(
-            _In_    HWND        hwndParent,
-            _Inout_ config_type &cfg,
-            _Out_   EAP_ERROR   **ppEapError) = 0;
+        virtual void invoke_config_ui(
+            _In_                                     HWND  hwndParent,
+            _In_count_(dwConnectionDataInSize) const BYTE  *pConnectionDataIn,
+            _In_                                     DWORD dwConnectionDataInSize,
+            _Inout_                                  BYTE  **ppConnectionDataOut,
+            _Inout_                                  DWORD *pdwConnectionDataOutSize) = 0;
 
         ///
         /// Raises a custom interactive user interface dialog to obtain user identity information for the EAP method on the client.
         ///
         /// \sa [EapPeerInvokeIdentityUI function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363615.aspx)
         ///
-        /// \param[in]    hwndParent     Parent window
-        /// \param[in]    dwFlags        Flags passed to `EapPeerInvokeIdentityUI()` call
-        /// \param[inout] cfg            Configuration
-        /// \param[inout] usr            User data to edit
-        /// \param[out]   ppwszIdentity  Pointer to user identity. Free using `module::free_memory()`.
-        /// \param[out]   ppEapError     Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
-        ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool invoke_identity_ui(
-            _In_    HWND          hwndParent,
-            _In_    DWORD         dwFlags,
-            _Inout_ config_type   &cfg,
-            _Inout_ identity_type &usr,
-            _Out_   LPWSTR        *ppwszIdentity,
-            _Out_   EAP_ERROR     **ppEapError) = 0;
+        virtual void invoke_identity_ui(
+            _In_                                   HWND   hwndParent,
+            _In_                                   DWORD  dwFlags,
+            _In_count_(dwConnectionDataSize) const BYTE   *pConnectionData,
+            _In_                                   DWORD  dwConnectionDataSize,
+            _In_count_(dwUserDataSize)       const BYTE   *pUserData,
+            _In_                                   DWORD  dwUserDataSize,
+            _Inout_                                BYTE   **ppUserDataOut,
+            _Inout_                                DWORD  *pdwUserDataOutSize,
+            _Inout_                                LPWSTR *ppwszIdentity) = 0;
 
         ///
         /// Raises a custom interactive user interface dialog for the EAP method on the client.
         ///
         /// \sa [EapPeerInvokeInteractiveUI function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363616.aspx)
         ///
-        /// \param[in]  hwndParent     Parent window
-        /// \param[in]  req            Interactive request
-        /// \param[out] res            Interactive response
-        /// \param[out] ppEapError     Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
-        ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool invoke_interactive_ui(
-            _In_        HWND                      hwndParent,
-            _In_  const interactive_request_type  &req,
-            _Out_       interactive_response_type &res,
-            _Out_       EAP_ERROR                 **ppEapError) = 0;
+        virtual void invoke_interactive_ui(
+            _In_                                  HWND  hwndParent,
+            _In_count_(dwUIContextDataSize) const BYTE  *pUIContextData,
+            _In_                                  DWORD dwUIContextDataSize,
+            _Inout_                               BYTE  **ppDataFromInteractiveUI,
+            _Inout_                               DWORD *pdwDataFromInteractiveUISize) = 0;
     };
 }

lib/EAPBase_UI/res/wxEAP_UI.cpp

@@ -28,6 +28,20 @@ wxEAPConfigDialogBase::wxEAPConfigDialogBase( wxWindow* parent, wxWindowID id, c
 	
 	sb_content->Add( m_providers, 1, wxEXPAND|wxALL, 10 );
 	
+	wxBoxSizer* sb_bottom_horiz;
+	sb_bottom_horiz = new wxBoxSizer( wxHORIZONTAL );
+	
+	wxBoxSizer* sb_bottom_horiz_inner;
+	sb_bottom_horiz_inner = new wxBoxSizer( wxHORIZONTAL );
+	
+	m_advanced = new wxButton( this, wxID_ANY, _("Advanced..."), wxDefaultPosition, wxDefaultSize, 0 );
+	m_advanced->SetToolTip( _("Opens dialog with provider settings") );
+	
+	sb_bottom_horiz_inner->Add( m_advanced, 0, wxALL, 5 );
+	
+	
+	sb_bottom_horiz->Add( sb_bottom_horiz_inner, 1, wxEXPAND, 5 );
+	
 	m_buttons = new wxStdDialogButtonSizer();
 	m_buttonsOK = new wxButton( this, wxID_OK );
 	m_buttons->AddButton( m_buttonsOK );
@@ -35,7 +49,10 @@ wxEAPConfigDialogBase::wxEAPConfigDialogBase( wxWindow* parent, wxWindowID id, c
 	m_buttons->AddButton( m_buttonsCancel );
 	m_buttons->Realize();
 	
-	sb_content->Add( m_buttons, 0, wxEXPAND|wxALL, 5 );
+	sb_bottom_horiz->Add( m_buttons, 0, wxEXPAND|wxALL, 5 );
+	
+	
+	sb_content->Add( sb_bottom_horiz, 0, wxEXPAND, 5 );
 	
 	
 	this->SetSizer( sb_content );
@@ -44,16 +61,20 @@ wxEAPConfigDialogBase::wxEAPConfigDialogBase( wxWindow* parent, wxWindowID id, c
 	
 	// Connect Events
 	this->Connect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPConfigDialogBase::OnInitDialog ) );
+	this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPConfigDialogBase::OnUpdateUI ) );
+	m_advanced->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPConfigDialogBase::OnAdvanced ), NULL, this );
 }
 
 wxEAPConfigDialogBase::~wxEAPConfigDialogBase()
 {
 	// Disconnect Events
 	this->Disconnect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPConfigDialogBase::OnInitDialog ) );
+	this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPConfigDialogBase::OnUpdateUI ) );
+	m_advanced->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPConfigDialogBase::OnAdvanced ), NULL, this );
 	
 }
 
-wxEAPCredentialsDialogBase::wxEAPCredentialsDialogBase( wxWindow* parent, wxWindowID id, const wxString& title, const wxPoint& pos, const wxSize& size, long style ) : wxDialog( parent, id, title, pos, size, style )
+wxEAPGeneralDialogBase::wxEAPGeneralDialogBase( wxWindow* parent, wxWindowID id, const wxString& title, const wxPoint& pos, const wxSize& size, long style ) : wxDialog( parent, id, title, pos, size, style )
 {
 	this->SetSizeHints( wxDefaultSize, wxDefaultSize );
 	
@@ -84,13 +105,13 @@ wxEAPCredentialsDialogBase::wxEAPCredentialsDialogBase( wxWindow* parent, wxWind
 	sb_content->Fit( this );
 	
 	// Connect Events
-	this->Connect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPCredentialsDialogBase::OnInitDialog ) );
+	this->Connect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPGeneralDialogBase::OnInitDialog ) );
 }
 
-wxEAPCredentialsDialogBase::~wxEAPCredentialsDialogBase()
+wxEAPGeneralDialogBase::~wxEAPGeneralDialogBase()
 {
 	// Disconnect Events
-	this->Disconnect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPCredentialsDialogBase::OnInitDialog ) );
+	this->Disconnect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPGeneralDialogBase::OnInitDialog ) );
 	
 }
 
@@ -99,51 +120,51 @@ wxEAPBannerPanelBase::wxEAPBannerPanelBase( wxWindow* parent, wxWindowID id, con
 	this->SetBackgroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_HIGHLIGHT ) );
 	this->SetMinSize( wxSize( -1,48 ) );
 	
-	wxBoxSizer* sc_content;
-	sc_content = new wxBoxSizer( wxVERTICAL );
+	wxBoxSizer* sb_content;
+	sb_content = new wxBoxSizer( wxVERTICAL );
 	
 	m_title = new wxStaticText( this, wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, wxALIGN_RIGHT );
 	m_title->Wrap( -1 );
 	m_title->SetFont( wxFont( 18, 70, 90, 90, false, wxEmptyString ) );
 	m_title->SetForegroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_HIGHLIGHTTEXT ) );
 	
-	sc_content->Add( m_title, 0, wxALL|wxEXPAND, 5 );
+	sb_content->Add( m_title, 0, wxALL|wxEXPAND, 5 );
 	
 	
-	this->SetSizer( sc_content );
+	this->SetSizer( sb_content );
 	this->Layout();
-	sc_content->Fit( this );
+	sb_content->Fit( this );
 }
 
 wxEAPBannerPanelBase::~wxEAPBannerPanelBase()
 {
 }
 
-wxEAPProviderLockedBase::wxEAPProviderLockedBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
+wxEAPNotePanelBase::wxEAPNotePanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
 {
 	this->SetBackgroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_INFOBK ) );
 	
-	wxBoxSizer* sb_provider_locked_horiz;
-	sb_provider_locked_horiz = new wxBoxSizer( wxHORIZONTAL );
+	wxBoxSizer* sb_note_horiz;
+	sb_note_horiz = new wxBoxSizer( wxHORIZONTAL );
 	
-	m_provider_locked_icon = new wxStaticBitmap( this, wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
-	sb_provider_locked_horiz->Add( m_provider_locked_icon, 0, wxALL, 5 );
+	m_note_icon = new wxStaticBitmap( this, wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
+	sb_note_horiz->Add( m_note_icon, 0, wxALL, 5 );
 	
-	m_provider_locked_vert = new wxBoxSizer( wxVERTICAL );
+	m_note_vert = new wxBoxSizer( wxVERTICAL );
 	
-	m_provider_locked_label = new wxStaticText( this, wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
-	m_provider_locked_label->Wrap( 452 );
-	m_provider_locked_vert->Add( m_provider_locked_label, 0, wxALL|wxEXPAND, 5 );
+	m_note_label = new wxStaticText( this, wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
+	m_note_label->Wrap( 449 );
+	m_note_vert->Add( m_note_label, 0, wxALL|wxEXPAND, 5 );
 	
 	
-	sb_provider_locked_horiz->Add( m_provider_locked_vert, 1, wxEXPAND, 5 );
+	sb_note_horiz->Add( m_note_vert, 1, wxEXPAND, 5 );
 	
 	
-	this->SetSizer( sb_provider_locked_horiz );
+	this->SetSizer( sb_note_horiz );
 	this->Layout();
 }
 
-wxEAPProviderLockedBase::~wxEAPProviderLockedBase()
+wxEAPNotePanelBase::~wxEAPNotePanelBase()
 {
 }
 
@@ -180,7 +201,7 @@ wxEAPCredentialsConfigPanelBase::wxEAPCredentialsConfigPanelBase( wxWindow* pare
 	sz_own_inner->Add( m_own, 2, wxEXPAND, 5 );
 	
 	m_own_identity = new wxTextCtrl( sb_credentials->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, wxTE_READONLY );
-	m_own_identity->SetToolTip( _("Enter your user name here (user@domain.org, DOMAINUser, etc.)") );
+	m_own_identity->SetToolTip( _("Your credentials loaded from Windows Credential Manager") );
 	
 	sz_own_inner->Add( m_own_identity, 3, wxEXPAND|wxALIGN_CENTER_VERTICAL, 5 );
 	
@@ -218,7 +239,7 @@ wxEAPCredentialsConfigPanelBase::wxEAPCredentialsConfigPanelBase( wxWindow* pare
 	sz_preshared_inner->Add( m_preshared, 2, wxEXPAND, 5 );
 	
 	m_preshared_identity = new wxTextCtrl( sb_credentials->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, wxTE_READONLY );
-	m_preshared_identity->SetToolTip( _("Enter your user name here (user@domain.org, DOMAINUser, etc.)") );
+	m_preshared_identity->SetToolTip( _("Common (pre-shared) credentials") );
 	
 	sz_preshared_inner->Add( m_preshared_identity, 3, wxEXPAND|wxALIGN_CENTER_VERTICAL, 5 );
 	
@@ -269,7 +290,7 @@ wxEAPCredentialsConfigPanelBase::~wxEAPCredentialsConfigPanelBase()
 	
 }
 
-wxPasswordCredentialsPanelBase::wxPasswordCredentialsPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
+wxEAPCredentialsPassPanelBase::wxEAPCredentialsPassPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
 {
 	wxStaticBoxSizer* sb_credentials;
 	sb_credentials = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Client Credentials") ), wxVERTICAL );
@@ -330,6 +351,168 @@ wxPasswordCredentialsPanelBase::wxPasswordCredentialsPanelBase( wxWindow* parent
 	this->Layout();
 }
 
-wxPasswordCredentialsPanelBase::~wxPasswordCredentialsPanelBase()
+wxEAPCredentialsPassPanelBase::~wxEAPCredentialsPassPanelBase()
 {
 }
+
+wxEAPProviderIdentityPanelBase::wxEAPProviderIdentityPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
+{
+	wxStaticBoxSizer* sb_provider_id;
+	sb_provider_id = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Your Organization") ), wxVERTICAL );
+	
+	wxBoxSizer* sb_provider_id_horiz;
+	sb_provider_id_horiz = new wxBoxSizer( wxHORIZONTAL );
+	
+	m_provider_id_icon = new wxStaticBitmap( sb_provider_id->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
+	sb_provider_id_horiz->Add( m_provider_id_icon, 0, wxALL, 5 );
+	
+	wxBoxSizer* sb_provider_id_vert;
+	sb_provider_id_vert = new wxBoxSizer( wxVERTICAL );
+	
+	m_provider_id_label = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("Describe your organization to customize user prompts.  When organization is introduced, end-users find program messages easier to understand and act."), wxDefaultPosition, wxDefaultSize, 0 );
+	m_provider_id_label->Wrap( 446 );
+	sb_provider_id_vert->Add( m_provider_id_label, 0, wxALL|wxEXPAND, 5 );
+	
+	wxBoxSizer* sb_provider_name;
+	sb_provider_name = new wxBoxSizer( wxVERTICAL );
+	
+	m_provider_name_label = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("Your organization &name:"), wxDefaultPosition, wxDefaultSize, 0 );
+	m_provider_name_label->Wrap( -1 );
+	sb_provider_name->Add( m_provider_name_label, 0, wxBOTTOM, 5 );
+	
+	m_provider_name = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
+	m_provider_name->SetToolTip( _("Your organization name as it will appear on helpdesk contact notifications") );
+	
+	sb_provider_name->Add( m_provider_name, 0, wxEXPAND|wxBOTTOM, 5 );
+	
+	m_provider_name_note = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("(Keep it short, please)"), wxDefaultPosition, wxDefaultSize, 0 );
+	m_provider_name_note->Wrap( -1 );
+	sb_provider_name->Add( m_provider_name_note, 0, wxALIGN_RIGHT, 5 );
+	
+	
+	sb_provider_id_vert->Add( sb_provider_name, 0, wxEXPAND|wxALL, 5 );
+	
+	wxBoxSizer* sb_provider_helpdesk;
+	sb_provider_helpdesk = new wxBoxSizer( wxVERTICAL );
+	
+	m_provider_helpdesk_label = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("Helpdesk contact &information:"), wxDefaultPosition, wxDefaultSize, 0 );
+	m_provider_helpdesk_label->Wrap( -1 );
+	sb_provider_helpdesk->Add( m_provider_helpdesk_label, 0, wxBOTTOM, 5 );
+	
+	wxFlexGridSizer* sb_provider_helpdesk_inner;
+	sb_provider_helpdesk_inner = new wxFlexGridSizer( 0, 2, 0, 0 );
+	sb_provider_helpdesk_inner->AddGrowableCol( 1 );
+	sb_provider_helpdesk_inner->SetFlexibleDirection( wxBOTH );
+	sb_provider_helpdesk_inner->SetNonFlexibleGrowMode( wxFLEX_GROWMODE_SPECIFIED );
+	
+	m_provider_web_icon = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("¶"), wxDefaultPosition, wxDefaultSize, 0 );
+	m_provider_web_icon->Wrap( -1 );
+	m_provider_web_icon->SetFont( wxFont( wxNORMAL_FONT->GetPointSize(), 70, 90, 90, false, wxT("Wingdings") ) );
+	
+	sb_provider_helpdesk_inner->Add( m_provider_web_icon, 0, wxALIGN_CENTER_VERTICAL|wxBOTTOM|wxRIGHT, 5 );
+	
+	m_provider_web = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
+	m_provider_web->SetToolTip( _("Your helpdesk website address") );
+	
+	sb_provider_helpdesk_inner->Add( m_provider_web, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL|wxBOTTOM, 5 );
+	
+	m_provider_email_icon = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("*"), wxDefaultPosition, wxDefaultSize, 0 );
+	m_provider_email_icon->Wrap( -1 );
+	m_provider_email_icon->SetFont( wxFont( wxNORMAL_FONT->GetPointSize(), 70, 90, 90, false, wxT("Wingdings") ) );
+	
+	sb_provider_helpdesk_inner->Add( m_provider_email_icon, 0, wxALIGN_CENTER_VERTICAL|wxBOTTOM|wxRIGHT, 5 );
+	
+	m_provider_email = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
+	m_provider_email->SetToolTip( _("Your helpdesk e-mail address") );
+	
+	sb_provider_helpdesk_inner->Add( m_provider_email, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL|wxBOTTOM, 5 );
+	
+	m_provider_phone_icon = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _(")"), wxDefaultPosition, wxDefaultSize, 0 );
+	m_provider_phone_icon->Wrap( -1 );
+	m_provider_phone_icon->SetFont( wxFont( wxNORMAL_FONT->GetPointSize(), 70, 90, 90, false, wxT("Wingdings") ) );
+	
+	sb_provider_helpdesk_inner->Add( m_provider_phone_icon, 0, wxALIGN_CENTER_VERTICAL|wxRIGHT, 5 );
+	
+	m_provider_phone = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
+	m_provider_phone->SetToolTip( _("Your helpdesk phone number") );
+	
+	sb_provider_helpdesk_inner->Add( m_provider_phone, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL, 5 );
+	
+	
+	sb_provider_helpdesk->Add( sb_provider_helpdesk_inner, 1, wxEXPAND, 5 );
+	
+	
+	sb_provider_id_vert->Add( sb_provider_helpdesk, 1, wxEXPAND, 5 );
+	
+	
+	sb_provider_id_horiz->Add( sb_provider_id_vert, 1, wxEXPAND, 5 );
+	
+	
+	sb_provider_id->Add( sb_provider_id_horiz, 1, wxEXPAND, 5 );
+	
+	
+	this->SetSizer( sb_provider_id );
+	this->Layout();
+	
+	// Connect Events
+	this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPProviderIdentityPanelBase::OnUpdateUI ) );
+}
+
+wxEAPProviderIdentityPanelBase::~wxEAPProviderIdentityPanelBase()
+{
+	// Disconnect Events
+	this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPProviderIdentityPanelBase::OnUpdateUI ) );
+	
+}
+
+wxEAPProviderLockPanelBase::wxEAPProviderLockPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
+{
+	wxStaticBoxSizer* sb_provider_lock;
+	sb_provider_lock = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Configuration Lock") ), wxVERTICAL );
+	
+	wxBoxSizer* sb_provider_lock_horiz;
+	sb_provider_lock_horiz = new wxBoxSizer( wxHORIZONTAL );
+	
+	m_provider_lock_icon = new wxStaticBitmap( sb_provider_lock->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
+	sb_provider_lock_horiz->Add( m_provider_lock_icon, 0, wxALL, 5 );
+	
+	wxBoxSizer* sb_provider_lock_vert;
+	sb_provider_lock_vert = new wxBoxSizer( wxVERTICAL );
+	
+	m_provider_lock_label = new wxStaticText( sb_provider_lock->GetStaticBox(), wxID_ANY, _("Your configuration can be locked to prevent accidental modification by end-users. Users will only be allowed to enter credentials."), wxDefaultPosition, wxDefaultSize, 0 );
+	m_provider_lock_label->Wrap( 446 );
+	sb_provider_lock_vert->Add( m_provider_lock_label, 0, wxALL|wxEXPAND, 5 );
+	
+	wxBoxSizer* sb_provider_name;
+	sb_provider_name = new wxBoxSizer( wxVERTICAL );
+	
+	m_provider_lock = new wxCheckBox( sb_provider_lock->GetStaticBox(), wxID_ANY, _("&Lock this configuration and prevent any further modification via user interface."), wxDefaultPosition, wxDefaultSize, 0 );
+	sb_provider_name->Add( m_provider_lock, 0, wxEXPAND|wxBOTTOM, 5 );
+	
+	m_provider_lock_note = new wxStaticText( sb_provider_lock->GetStaticBox(), wxID_ANY, _("(Warning: Once locked, you can not revert using this dialog!)"), wxDefaultPosition, wxDefaultSize, 0 );
+	m_provider_lock_note->Wrap( -1 );
+	sb_provider_name->Add( m_provider_lock_note, 0, wxALIGN_RIGHT, 5 );
+	
+	
+	sb_provider_lock_vert->Add( sb_provider_name, 0, wxEXPAND|wxALL, 5 );
+	
+	
+	sb_provider_lock_horiz->Add( sb_provider_lock_vert, 1, wxEXPAND, 5 );
+	
+	
+	sb_provider_lock->Add( sb_provider_lock_horiz, 1, wxEXPAND, 5 );
+	
+	
+	this->SetSizer( sb_provider_lock );
+	this->Layout();
+	
+	// Connect Events
+	this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPProviderLockPanelBase::OnUpdateUI ) );
+}
+
+wxEAPProviderLockPanelBase::~wxEAPProviderLockPanelBase()
+{
+	// Disconnect Events
+	this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPProviderLockPanelBase::OnUpdateUI ) );
+	
+}

lib/EAPBase_UI/res/wxEAP_UI.h

@@ -18,8 +18,8 @@ class wxEAPBannerPanel;
 #include <wx/settings.h>
 #include <wx/string.h>
 #include <wx/notebook.h>
-#include <wx/sizer.h>
 #include <wx/button.h>
+#include <wx/sizer.h>
 #include <wx/dialog.h>
 #include <wx/stattext.h>
 #include <wx/panel.h>
@@ -44,12 +44,15 @@ class wxEAPConfigDialogBase : public wxDialog
 	protected:
 		wxEAPBannerPanel *m_banner;
 		wxNotebook* m_providers;
+		wxButton* m_advanced;
 		wxStdDialogButtonSizer* m_buttons;
 		wxButton* m_buttonsOK;
 		wxButton* m_buttonsCancel;
 		
 		// Virtual event handlers, overide them in your derived class
 		virtual void OnInitDialog( wxInitDialogEvent& event ) { event.Skip(); }
+		virtual void OnUpdateUI( wxUpdateUIEvent& event ) { event.Skip(); }
+		virtual void OnAdvanced( wxCommandEvent& event ) { event.Skip(); }
 		
 	
 	public:
@@ -60,9 +63,9 @@ class wxEAPConfigDialogBase : public wxDialog
 };
 
 ///////////////////////////////////////////////////////////////////////////////
-/// Class wxEAPCredentialsDialogBase
+/// Class wxEAPGeneralDialogBase
 ///////////////////////////////////////////////////////////////////////////////
-class wxEAPCredentialsDialogBase : public wxDialog 
+class wxEAPGeneralDialogBase : public wxDialog 
 {
 	private:
 	
@@ -79,8 +82,8 @@ class wxEAPCredentialsDialogBase : public wxDialog
 	
 	public:
 		
-		wxEAPCredentialsDialogBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxString& title = _("EAP Credentials"), const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE ); 
-		~wxEAPCredentialsDialogBase();
+		wxEAPGeneralDialogBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxString& title = wxEmptyString, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE ); 
+		~wxEAPGeneralDialogBase();
 	
 };
 
@@ -102,21 +105,21 @@ class wxEAPBannerPanelBase : public wxPanel
 };
 
 ///////////////////////////////////////////////////////////////////////////////
-/// Class wxEAPProviderLockedBase
+/// Class wxEAPNotePanelBase
 ///////////////////////////////////////////////////////////////////////////////
-class wxEAPProviderLockedBase : public wxPanel 
+class wxEAPNotePanelBase : public wxPanel 
 {
 	private:
 	
 	protected:
-		wxStaticBitmap* m_provider_locked_icon;
-		wxBoxSizer* m_provider_locked_vert;
-		wxStaticText* m_provider_locked_label;
+		wxStaticBitmap* m_note_icon;
+		wxBoxSizer* m_note_vert;
+		wxStaticText* m_note_label;
 	
 	public:
 		
-		wxEAPProviderLockedBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxSIMPLE_BORDER|wxTAB_TRAVERSAL ); 
-		~wxEAPProviderLockedBase();
+		wxEAPNotePanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxSIMPLE_BORDER|wxTAB_TRAVERSAL ); 
+		~wxEAPNotePanelBase();
 	
 };
 
@@ -153,9 +156,9 @@ class wxEAPCredentialsConfigPanelBase : public wxPanel
 };
 
 ///////////////////////////////////////////////////////////////////////////////
-/// Class wxPasswordCredentialsPanelBase
+/// Class wxEAPCredentialsPassPanelBase
 ///////////////////////////////////////////////////////////////////////////////
-class wxPasswordCredentialsPanelBase : public wxPanel 
+class wxEAPCredentialsPassPanelBase : public wxPanel 
 {
 	private:
 	
@@ -170,8 +173,64 @@ class wxPasswordCredentialsPanelBase : public wxPanel
 	
 	public:
 		
-		wxPasswordCredentialsPanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL ); 
-		~wxPasswordCredentialsPanelBase();
+		wxEAPCredentialsPassPanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL ); 
+		~wxEAPCredentialsPassPanelBase();
+	
+};
+
+///////////////////////////////////////////////////////////////////////////////
+/// Class wxEAPProviderIdentityPanelBase
+///////////////////////////////////////////////////////////////////////////////
+class wxEAPProviderIdentityPanelBase : public wxPanel 
+{
+	private:
+	
+	protected:
+		wxStaticBitmap* m_provider_id_icon;
+		wxStaticText* m_provider_id_label;
+		wxStaticText* m_provider_name_label;
+		wxTextCtrl* m_provider_name;
+		wxStaticText* m_provider_name_note;
+		wxStaticText* m_provider_helpdesk_label;
+		wxStaticText* m_provider_web_icon;
+		wxTextCtrl* m_provider_web;
+		wxStaticText* m_provider_email_icon;
+		wxTextCtrl* m_provider_email;
+		wxStaticText* m_provider_phone_icon;
+		wxTextCtrl* m_provider_phone;
+		
+		// Virtual event handlers, overide them in your derived class
+		virtual void OnUpdateUI( wxUpdateUIEvent& event ) { event.Skip(); }
+		
+	
+	public:
+		
+		wxEAPProviderIdentityPanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL ); 
+		~wxEAPProviderIdentityPanelBase();
+	
+};
+
+///////////////////////////////////////////////////////////////////////////////
+/// Class wxEAPProviderLockPanelBase
+///////////////////////////////////////////////////////////////////////////////
+class wxEAPProviderLockPanelBase : public wxPanel 
+{
+	private:
+	
+	protected:
+		wxStaticBitmap* m_provider_lock_icon;
+		wxStaticText* m_provider_lock_label;
+		wxCheckBox* m_provider_lock;
+		wxStaticText* m_provider_lock_note;
+		
+		// Virtual event handlers, overide them in your derived class
+		virtual void OnUpdateUI( wxUpdateUIEvent& event ) { event.Skip(); }
+		
+	
+	public:
+		
+		wxEAPProviderLockPanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL ); 
+		~wxEAPProviderLockPanelBase();
 	
 };
 

lib/EAPBase_UI/src/EAP_UI.cpp

@@ -29,3 +29,512 @@ wxEAPBannerPanel::wxEAPBannerPanel(wxWindow* parent) : wxEAPBannerPanelBase(pare
 {
     m_title->SetLabelText(wxT(PRODUCT_NAME_STR));
 }
+
+
+bool wxEAPBannerPanel::AcceptsFocusFromKeyboard() const
+{
+    return false;
+}
+
+
+//////////////////////////////////////////////////////////////////////
+// wxEAPGeneralDialog
+//////////////////////////////////////////////////////////////////////
+
+wxEAPGeneralDialog::wxEAPGeneralDialog(wxWindow *parent, wxWindowID id, const wxString &title, const wxPoint &pos, const wxSize &size, long style) :
+    wxEAPGeneralDialogBase(parent, id, title, pos, size, style)
+{
+    // Set extra style here, as wxFormBuilder overrides all default flags.
+    this->SetExtraStyle(this->GetExtraStyle() | wxWS_EX_VALIDATE_RECURSIVELY);
+
+    m_buttonsOK->SetDefault();
+}
+
+
+void wxEAPGeneralDialog::AddContent(wxPanel **contents, size_t content_count)
+{
+    if (content_count) {
+        for (size_t i = 0; i < content_count; i++)
+            m_panels->Add(contents[i], 0, wxALL|wxEXPAND, 5);
+
+        this->Layout();
+        this->GetSizer()->Fit(this);
+        contents[0]->SetFocusFromKbd();
+    }
+}
+
+
+void wxEAPGeneralDialog::AddContent(wxPanel *content)
+{
+    AddContent(&content, 1);
+}
+
+
+void wxEAPGeneralDialog::OnInitDialog(wxInitDialogEvent& event)
+{
+    for (wxSizerItemList::compatibility_iterator panel = m_panels->GetChildren().GetFirst(); panel; panel = panel->GetNext())
+        panel->GetData()->GetWindow()->GetEventHandler()->ProcessEvent(event);
+}
+
+
+//////////////////////////////////////////////////////////////////////
+// wxEAPCredentialsDialog
+//////////////////////////////////////////////////////////////////////
+
+wxEAPCredentialsDialog::wxEAPCredentialsDialog(const eap::config_provider &prov, wxWindow *parent, wxWindowID id, const wxString &title, const wxPoint &pos, const wxSize &size, long style) :
+    wxEAPGeneralDialog(parent, id, title, pos, size, style)
+{
+    // Set banner title.
+    m_banner->m_title->SetLabel(wxString::Format(_("%s Credentials"), wxEAPGetProviderName(prov.m_id).c_str()));
+}
+
+
+//////////////////////////////////////////////////////////////////////
+// wxEAPNotePanel
+//////////////////////////////////////////////////////////////////////
+
+wxEAPNotePanel::wxEAPNotePanel(wxWindow* parent) :
+    m_provider_notice(NULL),
+    m_help_web_label(NULL),
+    m_help_web_value(NULL),
+    m_help_email_label(NULL),
+    m_help_email_value(NULL),
+    m_help_phone_label(NULL),
+    m_help_phone_value(NULL),
+    wxEAPNotePanelBase(parent)
+{
+}
+
+
+bool wxEAPNotePanel::AcceptsFocusFromKeyboard() const
+{
+    return m_help_web_value || m_help_email_value || m_help_phone_label;
+}
+
+
+void wxEAPNotePanel::CreateContactFields(const eap::config_provider &prov)
+{
+    if (!prov.m_help_email.empty() || !prov.m_help_web.empty() || !prov.m_help_phone.empty()) {
+        m_provider_notice = new wxStaticText(this, wxID_ANY, wxString::Format(_("For additional help and instructions, please contact %s at:"),
+            !prov.m_name.empty() ? prov.m_name.c_str() :
+            !prov.m_id  .empty() ? winstd::tstring_printf(_("your %ls provider"), prov.m_id.c_str()).c_str() : _("your provider")), wxDefaultPosition, wxDefaultSize, 0);
+        m_provider_notice->Wrap(449);
+        m_note_vert->Add(m_provider_notice, 0, wxUP|wxLEFT|wxRIGHT|wxEXPAND, 5);
+
+        wxFlexGridSizer* sb_contact_tbl;
+        sb_contact_tbl = new wxFlexGridSizer(0, 2, 5, 5);
+        sb_contact_tbl->AddGrowableCol(1);
+        sb_contact_tbl->SetFlexibleDirection(wxBOTH);
+        sb_contact_tbl->SetNonFlexibleGrowMode(wxFLEX_GROWMODE_SPECIFIED);
+
+        wxFont font_wingdings(-1, wxFONTFAMILY_DEFAULT, wxFONTSTYLE_NORMAL, wxFONTWEIGHT_NORMAL, false, wxT("Wingdings"));
+
+        if (!prov.m_help_web.empty()) {
+            m_help_web_label = new wxStaticText(this, wxID_ANY, wxT("\xb6"), wxDefaultPosition, wxDefaultSize, 0);
+            m_help_web_label->Wrap(-1);
+            m_help_web_label->SetFont(font_wingdings);
+            sb_contact_tbl->Add(m_help_web_label, 0, wxEXPAND|wxALIGN_TOP, 5);
+
+            m_help_web_value = new wxHyperlinkCtrl(this, wxID_ANY, prov.m_help_web, prov.m_help_web, wxDefaultPosition, wxDefaultSize, wxHL_DEFAULT_STYLE);
+            m_help_web_value->SetToolTip(_("Open the default web browser"));
+            sb_contact_tbl->Add(m_help_web_value, 0, wxEXPAND|wxALIGN_TOP, 5);
+        }
+
+        if (!prov.m_help_email.empty()) {
+            m_help_email_label = new wxStaticText(this, wxID_ANY, wxT("\x2a"), wxDefaultPosition, wxDefaultSize, 0);
+            m_help_email_label->Wrap(-1);
+            m_help_email_label->SetFont(font_wingdings);
+            sb_contact_tbl->Add(m_help_email_label, 0, wxEXPAND|wxALIGN_TOP, 5);
+
+            m_help_email_value = new wxHyperlinkCtrl(this, wxID_ANY, prov.m_help_email, wxString(wxT("mailto:")) + prov.m_help_email, wxDefaultPosition, wxDefaultSize, wxHL_DEFAULT_STYLE);
+            m_help_email_value->SetToolTip(_("Open your e-mail program"));
+            sb_contact_tbl->Add(m_help_email_value, 0, wxEXPAND|wxALIGN_TOP, 5);
+        }
+
+        if (!prov.m_help_phone.empty()) {
+            m_help_phone_label = new wxStaticText(this, wxID_ANY, wxT("\x29"), wxDefaultPosition, wxDefaultSize, 0);
+            m_help_phone_label->Wrap(-1);
+            m_help_phone_label->SetFont(font_wingdings);
+            sb_contact_tbl->Add(m_help_phone_label, 0, wxEXPAND|wxALIGN_TOP, 5);
+
+            m_help_phone_value = new wxHyperlinkCtrl(this, wxID_ANY, prov.m_help_phone, wxString(wxT("tel:")) + GetPhoneNumber(prov.m_help_phone.c_str()), wxDefaultPosition, wxDefaultSize, wxHL_DEFAULT_STYLE);
+            m_help_phone_value->SetToolTip(_("Dial the phone number"));
+            sb_contact_tbl->Add(m_help_phone_value, 0, wxEXPAND|wxALIGN_TOP, 5);
+        }
+
+        m_note_vert->Add(sb_contact_tbl, 0, wxLEFT|wxRIGHT|wxDOWN|wxEXPAND, 5);
+    }
+}
+
+
+//////////////////////////////////////////////////////////////////////
+// wxEAPProviderLockedPanel
+//////////////////////////////////////////////////////////////////////
+
+wxEAPProviderLockedPanel::wxEAPProviderLockedPanel(const eap::config_provider &prov, wxWindow* parent) : wxEAPNotePanel(parent)
+{
+    // Load and set icon.
+    if (m_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
+        wxSetIconFromResource(m_note_icon, m_icon, m_shell32, MAKEINTRESOURCE(48));
+
+    m_note_label->SetLabel(wxString::Format(_("%s has pre-set parts of this configuration. Those parts are locked to prevent accidental modification."),
+        !prov.m_name.empty() ? prov.m_name.c_str() :
+        !prov.m_id  .empty() ? winstd::tstring_printf(_("Your %ls provider"), prov.m_id.c_str()).c_str() : _("Your provider")));
+    m_note_label->Wrap(449);
+
+    CreateContactFields(prov);
+
+    this->Layout();
+}
+
+
+//////////////////////////////////////////////////////////////////////
+// wxEAPCredentialWarningPanel
+//////////////////////////////////////////////////////////////////////
+
+wxEAPCredentialWarningPanel::wxEAPCredentialWarningPanel(const eap::config_provider &prov, wxWindow* parent) : wxEAPNotePanel(parent)
+{
+    // Load and set icon.
+    if (m_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
+        wxSetIconFromResource(m_note_icon, m_icon, m_shell32, MAKEINTRESOURCE(161));
+
+    m_note_label->SetLabel(_("Previous attempt to connect failed. Please, make sure your credentials are correct, or try again later."));
+    m_note_label->Wrap(449);
+
+    CreateContactFields(prov);
+
+    this->Layout();
+}
+
+
+//////////////////////////////////////////////////////////////////////
+// wxEAPConfigWindow
+//////////////////////////////////////////////////////////////////////
+
+wxEAPConfigWindow::wxEAPConfigWindow(const eap::config_provider &prov, eap::config_method &cfg, wxWindow* parent) :
+    m_prov(prov),
+    m_cfg(cfg),
+    wxScrolledWindow(parent, wxID_ANY, wxDefaultPosition, wxDefaultSize, wxVSCROLL)
+{
+    this->SetScrollRate(5, 5);
+
+    // Connect Events
+    this->Connect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxEAPConfigWindow::OnInitDialog));
+    this->Connect(wxEVT_UPDATE_UI, wxUpdateUIEventHandler(wxEAPConfigWindow::OnUpdateUI));
+}
+
+
+wxEAPConfigWindow::~wxEAPConfigWindow()
+{
+    // Disconnect Events
+    this->Disconnect(wxEVT_UPDATE_UI, wxUpdateUIEventHandler(wxEAPConfigWindow::OnUpdateUI));
+    this->Disconnect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxEAPConfigWindow::OnInitDialog));
+}
+
+
+void wxEAPConfigWindow::OnInitDialog(wxInitDialogEvent& event)
+{
+    UNREFERENCED_PARAMETER(event);
+
+    // Call TransferDataToWindow() manually, as wxScrolledWindow somehow skips that.
+    TransferDataToWindow();
+}
+
+
+void wxEAPConfigWindow::OnUpdateUI(wxUpdateUIEvent& event)
+{
+    UNREFERENCED_PARAMETER(event);
+
+    if (m_parent && m_parent->IsKindOf(wxCLASSINFO(wxNotebook))) {
+        // We're a notebook page. Set the ID of our provider as our page label.
+        wxNotebook *notebook = (wxNotebook*)m_parent;
+        int idx = notebook->FindPage(this);
+        if (idx != wxNOT_FOUND)
+            notebook->SetPageText(idx, wxEAPGetProviderName(m_prov.m_id));
+    } else
+        this->SetLabel(wxEAPGetProviderName(m_prov.m_id));
+}
+
+
+//////////////////////////////////////////////////////////////////////
+// wxEAPProviderIdentityPanel
+//////////////////////////////////////////////////////////////////////
+
+wxEAPProviderIdentityPanel::wxEAPProviderIdentityPanel(eap::config_provider &prov, wxWindow* parent) :
+    m_prov(prov),
+    wxEAPProviderIdentityPanelBase(parent)
+{
+    // Load and set icon.
+    if (m_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
+        wxSetIconFromResource(m_provider_id_icon, m_icon, m_shell32, MAKEINTRESOURCE(259));
+}
+
+
+bool wxEAPProviderIdentityPanel::TransferDataToWindow()
+{
+    m_provider_name ->SetValue(m_prov.m_id        );
+    m_provider_web  ->SetValue(m_prov.m_help_web  );
+    m_provider_email->SetValue(m_prov.m_help_email);
+    m_provider_phone->SetValue(m_prov.m_help_phone);
+
+    return wxEAPProviderIdentityPanelBase::TransferDataToWindow();
+}
+
+
+bool wxEAPProviderIdentityPanel::TransferDataFromWindow()
+{
+    wxCHECK(wxEAPProviderIdentityPanelBase::TransferDataFromWindow(), false);
+
+    m_prov.m_id         = m_provider_name ->GetValue();
+    m_prov.m_help_web   = m_provider_web  ->GetValue();
+    m_prov.m_help_email = m_provider_email->GetValue();
+    m_prov.m_help_phone = m_provider_phone->GetValue();
+
+    return true;
+}
+
+
+//////////////////////////////////////////////////////////////////////
+// wxEAPProviderLockPanel
+//////////////////////////////////////////////////////////////////////
+
+wxEAPProviderLockPanel::wxEAPProviderLockPanel(eap::config_provider &prov, wxWindow* parent) :
+    m_prov(prov),
+    wxEAPProviderLockPanelBase(parent)
+{
+    // Load and set icon.
+    if (m_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
+        wxSetIconFromResource(m_provider_lock_icon, m_icon, m_shell32, MAKEINTRESOURCE(1003));
+}
+
+
+bool wxEAPProviderLockPanel::TransferDataToWindow()
+{
+    m_provider_lock->SetValue(m_prov.m_read_only);
+
+    return wxEAPProviderLockPanelBase::TransferDataToWindow();
+}
+
+
+bool wxEAPProviderLockPanel::TransferDataFromWindow()
+{
+    wxCHECK(wxEAPProviderLockPanelBase::TransferDataFromWindow(), false);
+
+    m_prov.m_read_only = m_provider_lock->GetValue();
+
+    return true;
+}
+
+
+//////////////////////////////////////////////////////////////////////
+// wxEAPConfigProvider
+//////////////////////////////////////////////////////////////////////
+
+wxEAPConfigProvider::wxEAPConfigProvider(eap::config_provider &prov, wxWindow *parent, wxWindowID id, const wxString &title, const wxPoint &pos, const wxSize &size, long style) :
+    m_prov(prov),
+    wxEAPGeneralDialog(parent, id, title, pos, size, style)
+{
+    // Set banner title.
+    m_banner->m_title->SetLabel(title);
+
+    m_identity = new wxEAPProviderIdentityPanel(prov, this);
+    AddContent(m_identity);
+
+    m_lock = new wxEAPProviderLockPanel(prov, this);
+    AddContent(m_lock);
+
+    m_identity->m_provider_name->SetFocusFromKbd();
+}
+
+
+using namespace std;
+using namespace winstd;
+
+//////////////////////////////////////////////////////////////////////
+// eap::monitor_ui
+//////////////////////////////////////////////////////////////////////
+
+eap::monitor_ui::monitor_ui(_In_ HINSTANCE module, _In_ const GUID &guid) :
+    m_hwnd_popup(NULL)
+{
+    // Verify if the monitor is already running.
+    const WNDCLASSEX wnd_class_desc = {
+        sizeof(WNDCLASSEX), // cbSize
+        0,                  // style
+        winproc,            // lpfnWndProc
+        0,                  // cbClsExtra
+        0,                  // cbWndExtra
+        module,             // hInstance
+        NULL,               // hIcon
+        NULL,               // hCursor
+        NULL,               // hbrBackground
+        NULL,               // lpszMenuName
+        _T(__FUNCTION__),   // lpszClassName
+        NULL                // hIconSm
+    };
+    ATOM wnd_class = RegisterClassEx(&wnd_class_desc);
+    if (!wnd_class)
+        throw win_runtime_error(__FUNCTION__ " Error registering master monitor window class.");
+    tstring_guid guid_str(guid);
+    HWND hwnd_master = FindWindowEx(HWND_MESSAGE, NULL, (LPCTSTR)wnd_class, guid_str.c_str());
+    if (hwnd_master) {
+        // Another monitor is already running.
+        m_is_master = false;
+
+        // Register slave windows class slightly different, not to include slaves in FindWindowEx().
+        const WNDCLASSEX wnd_class_desc = {
+            sizeof(WNDCLASSEX),             // cbSize
+            0,                              // style
+            winproc,                        // lpfnWndProc
+            0,                              // cbClsExtra
+            0,                              // cbWndExtra
+            module,                         // hInstance
+            NULL,                           // hIcon
+            NULL,                           // hCursor
+            NULL,                           // hbrBackground
+            NULL,                           // lpszMenuName
+            _T(__FUNCTION__) _T("-Slave"),  // lpszClassName
+            NULL                            // hIconSm
+        };
+        wnd_class = RegisterClassEx(&wnd_class_desc);
+        if (!wnd_class)
+            throw win_runtime_error(__FUNCTION__ " Error registering slave monitor window class.");
+    } else {
+        // This is a fresh monitor.
+        m_is_master = true;
+    }
+
+    m_hwnd = CreateWindowEx(
+        0,                  // dwExStyle
+        (LPCTSTR)wnd_class, // lpClassName
+        guid_str.c_str(),   // lpWindowName
+        0,                  // dwStyle
+        0,                  // x
+        0,                  // y
+        0,                  // nWidth
+        0,                  // nHeight
+        HWND_MESSAGE,       // hWndParent
+        NULL,               // hMenu
+        module,             // hInstance
+        this);              // lpParam
+
+    if (!m_is_master) {
+        // Notify master we are waiting him.
+        SendMessage(hwnd_master, s_msg_attach, 0, (LPARAM)m_hwnd);
+
+        // Slaves must pump message queue until finished.
+        MSG msg;
+        while (GetMessage(&msg, NULL, 0, 0) > 0) {
+            TranslateMessage(&msg);
+            DispatchMessage(&msg);
+        }
+    }
+}
+
+
+eap::monitor_ui::~monitor_ui()
+{
+    if (m_hwnd)
+        DestroyWindow(m_hwnd);
+}
+
+
+void eap::monitor_ui::set_popup(_In_ HWND hwnd)
+{
+    m_hwnd_popup = hwnd;
+}
+
+
+void eap::monitor_ui::release_slaves(_In_bytecount_(size) const void *data, _In_ size_t size) const
+{
+    assert(!size || data);
+
+    for (list<HWND>::const_iterator slave = m_slaves.begin(), slave_end = m_slaves.end(); slave != slave_end; ++slave) {
+        // Get slave's PID.
+        DWORD pid_slave;
+        GetWindowThreadProcessId(*slave, &pid_slave);
+
+        // Get slave's process handle.
+        process proc_slave;
+        if (!proc_slave.open(PROCESS_VM_OPERATION | PROCESS_VM_WRITE, 0, pid_slave))
+            continue;
+
+        // Allocate memory in slave's virtual memory space and save data to it.
+        vmemory mem_slave;
+        if (!mem_slave.alloc(proc_slave, NULL, size, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE))
+            continue;
+        if (!WriteProcessMemory(proc_slave, mem_slave, data, size, NULL))
+            continue;
+
+        // Notify slave. Use SendMessage(), not PostMessage(), as memory will get cleaned up.
+        SendMessage(*slave, s_msg_finish, (WPARAM)size, (LPARAM)(LPVOID)mem_slave);
+    }
+}
+
+
+LRESULT eap::monitor_ui::winproc(
+    _In_ UINT   msg,
+    _In_ WPARAM wparam,
+    _In_ LPARAM lparam)
+{
+    UNREFERENCED_PARAMETER(wparam);
+
+    if (msg == s_msg_attach) {
+        // Attach a new slave.
+        assert(m_is_master);
+        m_slaves.push_back((HWND)lparam);
+
+        if (m_hwnd_popup) {
+            // Bring pop-up window up.
+            if (::IsIconic(m_hwnd_popup))
+                ::SendMessage(m_hwnd_popup, WM_SYSCOMMAND, SC_RESTORE, 0);
+            ::SetActiveWindow(m_hwnd_popup);
+            ::SetForegroundWindow(m_hwnd_popup);
+        }
+
+        return TRUE;
+    } else if (msg == s_msg_finish) {
+        // Master finished.
+        assert(!m_is_master);
+        m_data.assign((const unsigned char*)lparam, (const unsigned char*)lparam + wparam);
+
+        // Finish slave too.
+        DestroyWindow(m_hwnd);
+        return TRUE;
+    } else if (msg == WM_DESTROY) {
+        // Stop the message pump.
+        PostQuitMessage(0);
+        return 0;
+    }
+
+    return DefWindowProc(m_hwnd, msg, wparam, lparam);
+}
+
+
+LRESULT CALLBACK eap::monitor_ui::winproc(
+    _In_ HWND   hwnd,
+    _In_ UINT   msg,
+    _In_ WPARAM wparam,
+    _In_ LPARAM lparam)
+{
+    if (msg == WM_CREATE) {
+        // Set window's user data to "this" pointer.
+        const CREATESTRUCT *cs = (CREATESTRUCT*)lparam;
+        SetWindowLongPtr(hwnd, GWLP_USERDATA, (LONG_PTR)cs->lpCreateParams);
+
+        // Forward to our handler.
+        return ((eap::monitor_ui*)cs->lpCreateParams)->winproc(msg, wparam, lparam);
+    } else {
+        // Get "this" pointer from window's user data.
+        eap::monitor_ui *_this = (eap::monitor_ui*)GetWindowLongPtr(hwnd, GWLP_USERDATA);
+        if (_this) {
+            // Forward to our handler.
+            return _this->winproc(msg, wparam, lparam);
+        } else
+            return DefWindowProc(hwnd, msg, wparam, lparam);
+    }
+}
+
+
+const UINT eap::monitor_ui::s_msg_attach  = RegisterWindowMessage(_T(PRODUCT_NAME_STR) _T("-Attach"));
+const UINT eap::monitor_ui::s_msg_finish  = RegisterWindowMessage(_T(PRODUCT_NAME_STR) _T("-Finish"));

lib/EAPBase_UI/src/Module.cpp

@@ -0,0 +1,32 @@
+/*
+    Copyright 2015-2016 Amebis
+    Copyright 2016 G<>ANT
+
+    This file is part of G<>ANTLink.
+
+    G<>ANTLink is free software: you can redistribute it and/or modify it
+    under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    G<>ANTLink is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with G<>ANTLink. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "StdAfx.h"
+
+using namespace std;
+using namespace winstd;
+
+//////////////////////////////////////////////////////////////////////
+// eap::peer_ui
+//////////////////////////////////////////////////////////////////////
+
+eap::peer_ui::peer_ui(_In_ eap_type_t eap_method) : module(eap_method)
+{
+}

lib/Events/build/Events.vcxproj

@@ -93,6 +93,7 @@
       <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(IntDir)EventsETW.h;$(IntDir)EventsETW.rc;$(IntDir)EventsETW_MSG00001.bin;$(IntDir)EventsETWTEMP.BIN;%(Outputs)</Outputs>
       <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)EventsETW.h;$(IntDir)EventsETW.rc;$(IntDir)EventsETW_MSG00001.bin;$(IntDir)EventsETWTEMP.BIN;%(Outputs)</Outputs>
       <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(IntDir)EventsETW.h;$(IntDir)EventsETW.rc;$(IntDir)EventsETW_MSG00001.bin;$(IntDir)EventsETWTEMP.BIN;%(Outputs)</Outputs>
+      <SubType>Designer</SubType>
     </CustomBuild>
   </ItemGroup>
   <ItemGroup>

lib/PAP/include/Config.h

@@ -25,35 +25,7 @@ namespace eap
     ///
     /// PAP configuration
     ///
-    class config_pap;
-}
-
-namespace eapserial
-{
-    ///
-    /// Packs a PAP based method configuration
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[in]    val     Configuration to pack
-    ///
-    inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::config_pap &val);
-
-    ///
-    /// Returns packed size of a PAP based method configuration
-    ///
-    /// \param[in] val  Configuration to pack
-    ///
-    /// \returns Size of data when packed (in bytes)
-    ///
-    inline size_t get_pk_size(const eap::config_pap &val);
-
-    ///
-    /// Unpacks a PAP based method configuration
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[out]   val     Configuration to unpack to
-    ///
-    inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::config_pap &val);
+    class config_method_pap;
 }
 
 #pragma once
@@ -68,29 +40,29 @@ namespace eapserial
 
 namespace eap
 {
-    class config_pap : public config_method<credentials_pap>
+    class config_method_pap : public config_method_with_cred
     {
     public:
         ///
         /// Constructs configuration
         ///
-        /// \param[in] mod  Reference of the EAP module to use for global services
+        /// \param[in] mod  EAP module to use for global services
         ///
-        config_pap(_In_ module &mod);
+        config_method_pap(_In_ module &mod);
 
         ///
         /// Copies configuration
         ///
         /// \param[in] other  Configuration to copy from
         ///
-        config_pap(_In_ const config_pap &other);
+        config_method_pap(_In_ const config_method_pap &other);
 
         ///
         /// Moves configuration
         ///
         /// \param[in] other  Configuration to move from
         ///
-        config_pap(_Inout_ config_pap &&other);
+        config_method_pap(_Inout_ config_method_pap &&other);
 
         ///
         /// Copies configuration
@@ -99,7 +71,7 @@ namespace eap
         ///
         /// \returns Reference to this object
         ///
-        config_pap& operator=(_In_ const config_pap &other);
+        config_method_pap& operator=(_In_ const config_method_pap &other);
 
         ///
         /// Moves configuration
@@ -108,7 +80,7 @@ namespace eap
         ///
         /// \returns Reference to this object
         ///
-        config_pap& operator=(_Inout_ config_pap &&other);
+        config_method_pap& operator=(_Inout_ config_method_pap &&other);
 
         ///
         /// Clones configuration
@@ -122,27 +94,6 @@ namespace eap
         ///
         /// \returns `eap::type_pap`
         ///
-        virtual eap::type_t get_method_id() const;
+        virtual winstd::eap_type_t get_method_id() const;
     };
 }
-
-
-namespace eapserial
-{
-    inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::config_pap &val)
-    {
-        pack(cursor, (const eap::config_method<eap::credentials_pap>&)val);
-    }
-
-
-    inline size_t get_pk_size(const eap::config_pap &val)
-    {
-        return get_pk_size((const eap::config_method<eap::credentials_pap>&)val);
-    }
-
-
-    inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::config_pap &val)
-    {
-        unpack(cursor, (eap::config_method<eap::credentials_pap>&)val);
-    }
-}

lib/PAP/include/Credentials.h

@@ -18,9 +18,6 @@
     along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 
-#include "../../EAPBase/include/EAP.h"
-
-
 namespace eap
 {
     ///
@@ -29,36 +26,10 @@ namespace eap
     class credentials_pap;
 }
 
-namespace eapserial
-{
-    ///
-    /// Packs a PAP method credentials
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[in]    val     Credentials to pack
-    ///
-    inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::credentials_pap &val);
-
-    ///
-    /// Returns packed size of a PAP method credentials
-    ///
-    /// \param[in] val  Credentials to pack
-    ///
-    /// \returns Size of data when packed (in bytes)
-    ///
-    inline size_t get_pk_size(const eap::credentials_pap &val);
-
-    ///
-    /// Unpacks a PAP method credentials
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[out]   val     Credentials to unpack to
-    ///
-    inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::credentials_pap &val);
-}
-
 #pragma once
 
+#include "Config.h"
+
 #include "../../EAPBase/include/Credentials.h"
 
 #include <Windows.h>
@@ -74,7 +45,7 @@ namespace eap
         ///
         /// Constructs credentials
         ///
-        /// \param[in] mod  Reference of the EAP module to use for global services
+        /// \param[in] mod  EAP module to use for global services
         ///
         credentials_pap(_In_ module &mod);
 
@@ -126,26 +97,25 @@ namespace eap
         virtual LPCTSTR target_suffix() const;
 
         /// @}
+
+        ///
+        /// Combine credentials in the following order:
+        ///
+        /// 1. Cached credentials
+        /// 2. Pre-configured credentials
+        /// 3. Stored credentials
+        ///
+        /// \param[in] cred_cached    Cached credentials (optional, can be \c NULL)
+        /// \param[in] cfg            Method configuration
+        /// \param[in] pszTargetName  The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
+        ///
+        /// \returns
+        /// - \c true  if credentials were set;
+        /// - \c false otherwise
+        ///
+        source_t combine(
+            _In_       const credentials_pap   *cred_cached,
+            _In_       const config_method_pap &cfg,
+            _In_opt_z_       LPCTSTR           pszTargetName);
     };
 }
-
-
-namespace eapserial
-{
-    inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::credentials_pap &val)
-    {
-        pack(cursor, (const eap::credentials_pass&)val);
-    }
-
-
-    inline size_t get_pk_size(const eap::credentials_pap &val)
-    {
-        return get_pk_size((const eap::credentials_pass&)val);
-    }
-
-
-    inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::credentials_pap &val)
-    {
-        unpack(cursor, (eap::credentials_pass&)val);
-    }
-}

lib/PAP/src/Config.cpp

@@ -20,53 +20,57 @@
 
 #include "StdAfx.h"
 
+using namespace std;
+using namespace winstd;
+
 
 //////////////////////////////////////////////////////////////////////
-// eap::config_pap
+// eap::config_method_pap
 //////////////////////////////////////////////////////////////////////
 
-eap::config_pap::config_pap(_In_ module &mod) : config_method<credentials_pap>(mod)
+eap::config_method_pap::config_method_pap(_In_ module &mod) : config_method_with_cred(mod)
+{
+    m_preshared.reset(new credentials_pap(mod));
+}
+
+
+eap::config_method_pap::config_method_pap(_In_ const config_method_pap &other) :
+    config_method_with_cred(other)
 {
 }
 
 
-eap::config_pap::config_pap(_In_ const config_pap &other) :
-    config_method<credentials_pap>(other)
+eap::config_method_pap::config_method_pap(_Inout_ config_method_pap &&other) :
+    config_method_with_cred(std::move(other))
 {
 }
 
 
-eap::config_pap::config_pap(_Inout_ config_pap &&other) :
-    config_method<credentials_pap>(std::move(other))
-{
-}
-
-
-eap::config_pap& eap::config_pap::operator=(_In_ const config_pap &other)
+eap::config_method_pap& eap::config_method_pap::operator=(_In_ const config_method_pap &other)
 {
     if (this != &other)
-        (config_method<credentials_pap>&)*this = other;
+        (config_method_with_cred&)*this = other;
 
     return *this;
 }
 
 
-eap::config_pap& eap::config_pap::operator=(_Inout_ config_pap &&other)
+eap::config_method_pap& eap::config_method_pap::operator=(_Inout_ config_method_pap &&other)
 {
     if (this != &other)
-        (config_method<credentials_pap>&&)*this = std::move(other);
+        (config_method_with_cred&&)*this = std::move(other);
 
     return *this;
 }
 
 
-eap::config* eap::config_pap::clone() const
+eap::config* eap::config_method_pap::clone() const
 {
-    return new config_pap(*this);
+    return new config_method_pap(*this);
 }
 
 
-eap::type_t eap::config_pap::get_method_id() const
+eap_type_t eap::config_method_pap::get_method_id() const
 {
-    return eap::type_pap;
+    return eap_type_pap;
 }

lib/PAP/src/Credentials.cpp

@@ -20,6 +20,9 @@
 
 #include "StdAfx.h"
 
+using namespace std;
+using namespace winstd;
+
 
 //////////////////////////////////////////////////////////////////////
 // eap::credentials_pap
@@ -70,3 +73,40 @@ LPCTSTR eap::credentials_pap::target_suffix() const
 {
     return _T("PAP");
 }
+
+
+eap::credentials::source_t eap::credentials_pap::combine(
+    _In_       const credentials_pap   *cred_cached,
+    _In_       const config_method_pap &cfg,
+    _In_opt_z_       LPCTSTR           pszTargetName)
+{
+    if (cred_cached) {
+        // Using EAP service cached credentials.
+        *this = *cred_cached;
+        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank);
+        return source_cache;
+    }
+
+    if (cfg.m_use_preshared) {
+        // Using preshared credentials.
+        *this = *(credentials_pap*)cfg.m_preshared.get();
+        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank);
+        return source_preshared;
+    }
+
+    if (pszTargetName) {
+        try {
+            credentials_pap cred_loaded(m_module);
+            cred_loaded.retrieve(pszTargetName);
+
+            // Using stored credentials.
+            *this = std::move(cred_loaded);
+            m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_pap), event_data(credentials_pap::get_name()), event_data::blank);
+            return source_storage;
+        } catch (...) {
+            // Not actually an error.
+        }
+    }
+
+    return source_unknown;
+}

lib/PAP_UI/build/PAP_UI.vcxproj

@@ -83,6 +83,7 @@
     <ClInclude Include="..\src\StdAfx.h" />
   </ItemGroup>
   <ItemGroup>
+    <ClCompile Include="..\src\PAP_UI.cpp" />
     <ClCompile Include="..\src\StdAfx.cpp">
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>

lib/PAP_UI/build/PAP_UI.vcxproj.filters

@@ -26,5 +26,8 @@
     <ClCompile Include="..\src\StdAfx.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="..\src\PAP_UI.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
 </Project>

lib/PAP_UI/include/PAP_UI.h

@@ -23,14 +23,19 @@
 #include "../../PAP/include/Credentials.h"
 
 ///
-/// PAP credentials configuration panel
+/// PAP credential configuration panel
 ///
-template <class _Tprov> class wxPAPCredentialsConfigPanel;
+typedef wxEAPCredentialsConfigPanel<eap::credentials_pap, wxPasswordCredentialsPanel<eap::credentials_pap, wxEAPCredentialsPassPanelBase> > wxPAPCredentialsConfigPanel;
 
 ///
 /// PAP configuration panel
 ///
-template <class _Tprov> class wxPAPConfigPanel;
+class wxPAPConfigPanel;
+
+///
+/// PAP credential entry panel
+///
+typedef wxPasswordCredentialsPanel<eap::credentials_pap, wxEAPCredentialsPassPanelBase> wxPAPCredentialsPanel;
 
 #pragma once
 
@@ -40,69 +45,24 @@ template <class _Tprov> class wxPAPConfigPanel;
 #include <Windows.h>
 
 
-template <class _Tprov>
-class wxPAPCredentialsConfigPanel : public wxEAPCredentialsConfigPanel<_Tprov, eap::config_pap, wxPasswordCredentialsPanel<_Tprov> >
-{
-public:
-    ///
-    /// Constructs a PAP credential configuration panel
-    ///
-    /// \param[inout] prov           Provider configuration data
-    /// \param[inout] cfg            Configuration data
-    /// \param[in]    pszCredTarget  Target name of credentials in Windows Credential Manager. Can be further decorated to create final target name.
-    /// \param[in]    parent         Parent window
-    ///
-    wxPAPCredentialsConfigPanel(_Tprov &prov, eap::config_pap &cfg, LPCTSTR pszCredTarget, wxWindow *parent) :
-        wxEAPCredentialsConfigPanel<_Tprov, eap::config_pap, wxPasswordCredentialsPanel<_Tprov> >(prov, cfg, pszCredTarget, parent)
-    {
-    }
-};
-
-
-template <class _Tprov>
 class wxPAPConfigPanel : public wxPanel
 {
 public:
     ///
     /// Constructs a configuration panel
     ///
-    wxPAPConfigPanel(_Tprov &prov, eap::config_pap &cfg, LPCTSTR pszCredTarget, wxWindow* parent) : wxPanel(parent)
-    {
-        wxBoxSizer* sb_content;
-        sb_content = new wxBoxSizer( wxVERTICAL );
-
-        m_credentials = new wxPAPCredentialsConfigPanel<_Tprov>(prov, cfg, pszCredTarget, this);
-        sb_content->Add(m_credentials, 0, wxEXPAND, 5);
-
-        this->SetSizer(sb_content);
-        this->Layout();
-
-        // Connect Events
-        this->Connect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxPAPConfigPanel::OnInitDialog));
-    }
+    wxPAPConfigPanel(const eap::config_provider &prov, eap::config_method_pap &cfg, LPCTSTR pszCredTarget, wxWindow* parent);
 
     ///
     /// Destructs the configuration panel
     ///
-    virtual ~wxPAPConfigPanel()
-    {
-        // Disconnect Events
-        this->Disconnect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxPAPConfigPanel::OnInitDialog));
-    }
-
+    virtual ~wxPAPConfigPanel();
 
 protected:
     /// \cond internal
-
-    virtual void OnInitDialog(wxInitDialogEvent& event)
-    {
-        // Forward the event to child panels.
-        if (m_credentials)
-            m_credentials->GetEventHandler()->ProcessEvent(event);
-    }
-
+    virtual void OnInitDialog(wxInitDialogEvent& event);
     /// \endcond
 
 protected:
-    wxPAPCredentialsConfigPanel<_Tprov> *m_credentials; ///< Credentials configuration panel
+    wxPAPCredentialsConfigPanel *m_credentials; ///< Credentials configuration panel
 };

lib/PAP_UI/src/PAP_UI.cpp

@@ -0,0 +1,56 @@
+/*
+    Copyright 2015-2016 Amebis
+    Copyright 2016 G<>ANT
+
+    This file is part of G<>ANTLink.
+
+    G<>ANTLink is free software: you can redistribute it and/or modify it
+    under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    G<>ANTLink is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with G<>ANTLink. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "StdAfx.h"
+
+
+//////////////////////////////////////////////////////////////////////
+// wxPAPConfigPanel
+//////////////////////////////////////////////////////////////////////
+
+wxPAPConfigPanel::wxPAPConfigPanel(const eap::config_provider &prov, eap::config_method_pap &cfg, LPCTSTR pszCredTarget, wxWindow* parent) : wxPanel(parent)
+{
+    wxBoxSizer* sb_content;
+    sb_content = new wxBoxSizer( wxVERTICAL );
+
+    m_credentials = new wxPAPCredentialsConfigPanel(prov, cfg, pszCredTarget, this);
+    sb_content->Add(m_credentials, 0, wxEXPAND, 5);
+
+    this->SetSizer(sb_content);
+    this->Layout();
+
+    // Connect Events
+    this->Connect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxPAPConfigPanel::OnInitDialog));
+}
+
+
+wxPAPConfigPanel::~wxPAPConfigPanel()
+{
+    // Disconnect Events
+    this->Disconnect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxPAPConfigPanel::OnInitDialog));
+}
+
+
+void wxPAPConfigPanel::OnInitDialog(wxInitDialogEvent& event)
+{
+    // Forward the event to child panels.
+    if (m_credentials)
+        m_credentials->GetEventHandler()->ProcessEvent(event);
+}

lib/TLS/build/TLS.vcxproj

@@ -81,10 +81,13 @@
   <ItemGroup>
     <ClInclude Include="..\include\Config.h" />
     <ClInclude Include="..\include\Credentials.h" />
+    <ClInclude Include="..\include\Method.h" />
+    <ClInclude Include="..\include\TLS.h" />
     <ClInclude Include="..\src\StdAfx.h" />
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="..\src\Config.cpp" />
+    <ClCompile Include="..\src\Method.cpp" />
     <ClCompile Include="..\src\StdAfx.cpp">
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
@@ -92,6 +95,7 @@
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
     </ClCompile>
     <ClCompile Include="..\src\Credentials.cpp" />
+    <ClCompile Include="..\src\TLS.cpp" />
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">

lib/TLS/build/TLS.vcxproj.filters

@@ -20,6 +20,12 @@
     <ClInclude Include="..\include\Credentials.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="..\include\Method.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\include\TLS.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="..\src\StdAfx.cpp">
@@ -31,5 +37,11 @@
     <ClCompile Include="..\src\Credentials.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="..\src\Method.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\src\TLS.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
 </Project>

lib/TLS/include/Config.h

@@ -18,47 +18,35 @@
     along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
 */
 
+#include <WinStd/Common.h>
+
+#include <Windows.h>
+#include <WinCrypt.h> // Must include after <Windows.h>
+
 #include <sal.h>
 
+#define EAP_TLS_OWN             0   ///< We do the TLS ourself
+#define EAP_TLS_SCHANNEL        1   ///< TLS is done by Schannel, but server certificate check is done ourself
+#define EAP_TLS_SCHANNEL_FULL   2   ///< TLS is fully done by Schannel
+
 namespace eap
 {
     ///
     /// TLS configuration
     ///
-    class config_tls;
-}
-
-namespace eapserial
-{
-    ///
-    /// Packs a TLS method configuration
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[in]    val     Configuration to pack
-    ///
-    inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::config_tls &val);
+    class config_method_tls;
 
     ///
-    /// Returns packed size of a TLS method configuration
+    /// Helper function to compile human-readable certificate name for UI display
     ///
-    /// \param[in] val  Configuration to pack
-    ///
-    /// \returns Size of data when packed (in bytes)
-    ///
-    inline size_t get_pk_size(const eap::config_tls &val);
-
-    ///
-    /// Unpacks a TLS method configuration
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[out]   val     Configuration to unpack to
-    ///
-    inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::config_tls &val);
+    winstd::tstring get_cert_title(PCCERT_CONTEXT cert);
 }
 
 #pragma once
 
 #include "Credentials.h"
+#include "Method.h"
+#include "TLS.h"
 
 #include "../../EAPBase/include/Config.h"
 
@@ -72,29 +60,29 @@ namespace eapserial
 
 namespace eap
 {
-    class config_tls : public config_method<credentials_tls>
+    class config_method_tls : public config_method_with_cred
     {
     public:
         ///
         /// Constructs configuration
         ///
-        /// \param[in] mod  Reference of the EAP module to use for global services
+        /// \param[in] mod  EAP module to use for global services
         ///
-        config_tls(_In_ module &mod);
+        config_method_tls(_In_ module &mod);
 
         ///
         /// Copies configuration
         ///
         /// \param[in] other  Configuration to copy from
         ///
-        config_tls(_In_ const config_tls &other);
+        config_method_tls(_In_ const config_method_tls &other);
 
         ///
         /// Moves configuration
         ///
         /// \param[in] other  Configuration to move from
         ///
-        config_tls(_Inout_ config_tls &&other);
+        config_method_tls(_Inout_ config_method_tls &&other);
 
         ///
         /// Copies configuration
@@ -103,7 +91,7 @@ namespace eap
         ///
         /// \returns Reference to this object
         ///
-        config_tls& operator=(_In_ const config_tls &other);
+        config_method_tls& operator=(_In_ const config_method_tls &other);
 
         ///
         /// Moves configuration
@@ -112,7 +100,7 @@ namespace eap
         ///
         /// \returns Reference to this object
         ///
-        config_tls& operator=(_Inout_ config_tls &&other);
+        config_method_tls& operator=(_Inout_ config_method_tls &&other);
 
         ///
         /// Clones configuration
@@ -125,29 +113,45 @@ namespace eap
         /// @{
 
         ///
-        /// Save configuration to XML document
+        /// Save to XML document
         ///
         /// \param[in]  pDoc         XML document
-        /// \param[in]  pConfigRoot  Suggested root element for saving configuration
-        /// \param[out] ppEapError   Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
+        /// \param[in]  pConfigRoot  Suggested root element for saving
         ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const;
+        virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
 
         ///
-        /// Load configuration from XML document
+        /// Load from XML document
         ///
-        /// \param[in]  pConfigRoot  Root element for loading configuration
-        /// \param[out] ppEapError   Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
+        /// \param[in]  pConfigRoot  Root element for loading
         ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
+        virtual void load(_In_ IXMLDOMNode *pConfigRoot);
+
+        /// @}
+
+        /// \name BLOB management
+        /// @{
+
         ///
-        virtual bool load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError);
+        /// Packs a configuration
+        ///
+        /// \param[inout] cursor  Memory cursor
+        ///
+        virtual void operator<<(_Inout_ cursor_out &cursor) const;
+
+        ///
+        /// Returns packed size of a configuration
+        ///
+        /// \returns Size of data when packed (in bytes)
+        ///
+        virtual size_t get_pk_size() const;
+
+        ///
+        /// Unpacks a configuration
+        ///
+        /// \param[inout] cursor  Memory cursor
+        ///
+        virtual void operator>>(_Inout_ cursor_in &cursor);
 
         /// @}
 
@@ -156,7 +160,7 @@ namespace eap
         ///
         /// \returns `eap::type_tls`
         ///
-        virtual eap::type_t get_method_id() const;
+        virtual winstd::eap_type_t get_method_id() const;
 
         ///
         /// Adds CA to the list of trusted root CA's
@@ -167,34 +171,12 @@ namespace eap
 
     public:
         std::list<winstd::cert_context> m_trusted_root_ca;  ///< Trusted root CAs
-        std::list<std::string> m_server_names;              ///< Acceptable authenticating server names
+        std::list<std::wstring> m_server_names;             ///< Acceptable authenticating server names
+
+#if EAP_TLS < EAP_TLS_SCHANNEL
+        // Following members are used for session resumptions. They are not exported/imported to XML.
+        sanitizing_blob m_session_id;                       ///< TLS session ID
+        tls_master_secret m_master_secret;                  ///< TLS master secret
+#endif
     };
 }
-
-
-namespace eapserial
-{
-    inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::config_tls &val)
-    {
-        pack(cursor, (const eap::config_method<eap::credentials_tls>&)val);
-        pack(cursor, val.m_trusted_root_ca);
-        pack(cursor, val.m_server_names   );
-    }
-
-
-    inline size_t get_pk_size(const eap::config_tls &val)
-    {
-        return
-            get_pk_size((const eap::config_method<eap::credentials_tls>&)val) +
-            get_pk_size(val.m_trusted_root_ca) +
-            get_pk_size(val.m_server_names   );
-    }
-
-
-    inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::config_tls &val)
-    {
-        unpack(cursor, (eap::config_method<eap::credentials_tls>&)val);
-        unpack(cursor, val.m_trusted_root_ca);
-        unpack(cursor, val.m_server_names   );
-    }
-}

lib/TLS/include/Credentials.h

@@ -28,38 +28,11 @@ namespace eap
     class credentials_tls;
 }
 
-namespace eapserial
-{
-    ///
-    /// Packs a TLS method credentials
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[in]    val     Credentials to pack
-    ///
-    inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::credentials_tls &val);
-
-    ///
-    /// Returns packed size of a TLS method credentials
-    ///
-    /// \param[in] val  Credentials to pack
-    ///
-    /// \returns Size of data when packed (in bytes)
-    ///
-    inline size_t get_pk_size(const eap::credentials_tls &val);
-
-    ///
-    /// Unpacks a TLS method credentials
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[out]   val     Credentials to unpack to
-    ///
-    inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::credentials_tls &val);
-}
-
 #pragma once
 
+#include "Config.h"
+
 #include "../../EAPBase/include/Credentials.h"
-#include "../../EAPBase/include/EAPSerial.h"
 
 #include <WinStd/Crypt.h>
 
@@ -75,7 +48,7 @@ namespace eap
         ///
         /// Constructs credentials
         ///
-        /// \param[in] mod  Reference of the EAP module to use for global services
+        /// \param[in] mod  EAP module to use for global services
         ///
         credentials_tls(_In_ module &mod);
 
@@ -126,35 +99,55 @@ namespace eap
         ///
         /// Test credentials if blank
         ///
+        /// \returns
+        /// - \c true if blank
+        /// - \c false otherwise
+        ///
         virtual bool empty() const;
 
         /// \name XML credentials management
         /// @{
 
         ///
-        /// Save credentials to XML document
+        /// Save to XML document
         ///
         /// \param[in]  pDoc         XML document
-        /// \param[in]  pConfigRoot  Suggested root element for saving credentials
-        /// \param[out] ppEapError   Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
+        /// \param[in]  pConfigRoot  Suggested root element for saving
         ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const;
+        virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
 
         ///
-        /// Load credentials from XML document
+        /// Load from XML document
         ///
-        /// \param[in]  pConfigRoot  Root element for loading credentials
-        /// \param[out] ppEapError   Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
+        /// \param[in]  pConfigRoot  Root element for loading
         ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
+        virtual void load(_In_ IXMLDOMNode *pConfigRoot);
+
+        /// @}
+
+        /// \name BLOB management
+        /// @{
+
         ///
-        virtual bool load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError);
+        /// Packs a configuration
+        ///
+        /// \param[inout] cursor  Memory cursor
+        ///
+        virtual void operator<<(_Inout_ cursor_out &cursor) const;
+
+        ///
+        /// Returns packed size of a configuration
+        ///
+        /// \returns Size of data when packed (in bytes)
+        ///
+        virtual size_t get_pk_size() const;
+
+        ///
+        /// Unpacks a configuration
+        ///
+        /// \param[inout] cursor  Memory cursor
+        ///
+        virtual void operator>>(_Inout_ cursor_in &cursor);
 
         /// @}
 
@@ -165,33 +158,48 @@ namespace eap
         /// Save credentials to Windows Credential Manager
         ///
         /// \param[in]  pszTargetName  The name in Windows Credential Manager to store credentials as
-        /// \param[out] ppEapError     Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
         ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) const;
+        virtual void store(_In_z_ LPCTSTR pszTargetName) const;
 
         ///
         /// Retrieve credentials from Windows Credential Manager
         ///
         /// \param[in]  pszTargetName  The name in Windows Credential Manager to retrieve credentials from
-        /// \param[out] ppEapError     Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
         ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError);
+        virtual void retrieve(_In_z_ LPCTSTR pszTargetName);
 
         ///
         /// Return target suffix for Windows Credential Manager credential name
         ///
-        virtual LPCTSTR target_suffix() const { return _T("TLS"); }
+        virtual LPCTSTR target_suffix() const;
 
         /// @}
 
+        ///
+        /// Returns credential identity.
+        ///
+        virtual std::wstring get_identity() const;
+
+        ///
+        /// Combine credentials in the following order:
+        ///
+        /// 1. Cached credentials
+        /// 2. Pre-configured credentials
+        /// 3. Stored credentials
+        ///
+        /// \param[in] cred_cached    Cached credentials (optional, can be \c NULL)
+        /// \param[in] cfg            Method configuration
+        /// \param[in] pszTargetName  The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
+        ///
+        /// \returns
+        /// - \c true  if credentials were set;
+        /// - \c false otherwise
+        ///
+        source_t combine(
+            _In_       const credentials_tls   *cred_cached,
+            _In_       const config_method_tls &cfg,
+            _In_opt_z_       LPCTSTR           pszTargetName);
+
     public:
         winstd::cert_context m_cert;    ///< Client certificate
 
@@ -201,36 +209,3 @@ namespace eap
         /// \endcond
     };
 }
-
-
-namespace eapserial
-{
-    inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::credentials_tls &val)
-    {
-        // Don't save m_identity. We rebuild it on every load.
-        //pack(cursor, (const eap::credentials&)val);
-        pack(cursor, val.m_cert                  );
-    }
-
-
-    inline size_t get_pk_size(const eap::credentials_tls &val)
-    {
-        return
-            // Don't save m_identity. We rebuild it on every load.
-            //get_pk_size((const eap::credentials&)val) +
-            get_pk_size(val.m_cert                  );
-    }
-
-
-    inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::credentials_tls &val)
-    {
-        // Don't load m_identity. We rebuild it on load.
-        //unpack(cursor, (eap::credentials&)val);
-        unpack(cursor, val.m_cert            );
-
-        if (val.m_cert) {
-            // Generate identity. TODO: Find which CERT_NAME_... constant returns valid identity (username@domain or DOMAIN\Username).
-            CertGetNameString(val.m_cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, val.m_identity);
-        }
-    }
-}

lib/TLS/include/Method.h

@@ -0,0 +1,563 @@
+/*
+    Copyright 2015-2016 Amebis
+    Copyright 2016 G<>ANT
+
+    This file is part of G<>ANTLink.
+
+    G<>ANTLink is free software: you can redistribute it and/or modify it
+    under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    G<>ANTLink is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with G<>ANTLink. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+namespace eap
+{
+    ///
+    /// EAP-TLS method
+    ///
+    class method_tls;
+}
+
+
+#pragma once
+
+#include "Config.h"
+#include "Credentials.h"
+#include "TLS.h"
+
+#include "../../EAPBase/include/Method.h"
+
+#include <WinStd/Crypt.h>
+#include <WinStd/Sec.h>
+
+#include <list>
+#include <vector>
+
+
+namespace eap
+{
+    class method_tls : public method
+    {
+    public:
+#pragma warning(push)
+#pragma warning(disable: 4480)
+
+        ///
+        /// EAP-TLS request packet flags
+        ///
+        /// \sa [The EAP-TLS Authentication Protocol (Chapter: 3.1 EAP-TLS Request Packet)](https://tools.ietf.org/html/rfc5216#section-3.1)
+        ///
+        enum flags_req_t : unsigned char {
+            flags_req_length_incl = 0x80,   ///< Length included
+            flags_req_more_frag   = 0x40,   ///< More fragments
+            flags_req_start       = 0x20,   ///< Start
+        };
+
+        ///
+        /// EAP-TLS response packet flags
+        ///
+        /// \sa [The EAP-TLS Authentication Protocol (Chapter: 3.2 EAP-TLS Response Packet)](https://tools.ietf.org/html/rfc5216#section-3.2)
+        ///
+        enum flags_res_t : unsigned char {
+            flags_res_length_incl = 0x80,   ///< Length included
+            flags_res_more_frag   = 0x40,   ///< More fragments
+        };
+
+#pragma warning(pop)
+
+        ///
+        /// EAP-TLS packet (data)
+        ///
+        class packet
+        {
+        public:
+            ///
+            /// Constructs an empty packet
+            ///
+            packet();
+
+            ///
+            /// Copies a packet
+            ///
+            /// \param[in] other  Packet to copy from
+            ///
+            packet(_In_ const packet &other);
+
+            ///
+            /// Moves a packet
+            ///
+            /// \param[in] other  Packet to move from
+            ///
+            packet(_Inout_ packet &&other);
+
+            ///
+            /// Copies a packet
+            ///
+            /// \param[in] other  Packet to copy from
+            ///
+            /// \returns Reference to this object
+            ///
+            packet& operator=(_In_ const packet &other);
+
+            ///
+            /// Moves a packet
+            ///
+            /// \param[in] other  Packet to move from
+            ///
+            /// \returns Reference to this object
+            ///
+            packet& operator=(_Inout_ packet &&other);
+
+            ///
+            /// Empty the packet
+            ///
+            void clear();
+
+        public:
+            EapCode m_code;                             ///< Packet code
+            unsigned char m_id;                         ///< Packet ID
+            unsigned char m_flags;                      ///< Packet flags
+            std::vector<unsigned char> m_data;          ///< Packet data
+        };
+
+#pragma pack(push)
+#pragma pack(1)
+        ///
+        /// TLS message
+        ///
+        struct message_header
+        {
+            tls_message_type_t type;    ///< Message type (one of `message_type_t` constants)
+            tls_version version;        ///< SSL/TLS version
+            unsigned char length[2];    ///< Message length (in network byte order)
+        };
+#pragma pack(pop)
+
+    public:
+        ///
+        /// Constructs an EAP method
+        ///
+        /// \param[in] mod   EAP module to use for global services
+        /// \param[in] cfg   Connection configuration
+        /// \param[in] cred  User credentials
+        ///
+        method_tls(_In_ module &module, _In_ config_connection &cfg, _In_ credentials_tls &cred);
+
+        ///
+        /// Moves an EAP method
+        ///
+        /// \param[in] other  EAP method to move from
+        ///
+        method_tls(_Inout_ method_tls &&other);
+
+        ///
+        /// Destructor
+        ///
+        virtual ~method_tls();
+
+        ///
+        /// Moves an EAP method
+        ///
+        /// \param[in] other  EAP method to move from
+        ///
+        /// \returns Reference to this object
+        ///
+        method_tls& operator=(_Inout_ method_tls &&other);
+
+        /// \name Packet processing
+        /// @{
+
+        ///
+        /// Starts an EAP authentication session on the peer EAPHost using the EAP method.
+        ///
+        /// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
+        ///
+        virtual void begin_session(
+            _In_        DWORD         dwFlags,
+            _In_  const EapAttributes *pAttributeArray,
+            _In_        HANDLE        hTokenImpersonateUser,
+            _In_        DWORD         dwMaxSendPacketSize);
+
+        ///
+        /// Processes a packet received by EAPHost from a supplicant.
+        ///
+        /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
+        ///
+        virtual void process_request_packet(
+            _In_bytecount_(dwReceivedPacketSize) const EapPacket           *pReceivedPacket,
+            _In_                                       DWORD               dwReceivedPacketSize,
+            _Inout_                                    EapPeerMethodOutput *pEapOutput);
+
+        ///
+        /// Obtains a response packet from the EAP method.
+        ///
+        /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
+        ///
+        virtual void get_response_packet(
+            _Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket,
+            _Inout_                            DWORD     *pdwSendPacketSize);
+
+        ///
+        /// Obtains the result of an authentication session from the EAP method.
+        ///
+        /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
+        ///
+        virtual void get_result(
+            _In_    EapPeerMethodResultReason reason,
+            _Inout_ EapPeerMethodResult       *ppResult);
+
+        /// @}
+
+    protected:
+#if EAP_TLS < EAP_TLS_SCHANNEL
+        /// \name Client handshake message generation
+        /// @{
+
+        ///
+        /// Makes a TLS client hello message
+        ///
+        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.1.2. Client Hello)](https://tools.ietf.org/html/rfc5246#section-7.4.1.2)
+        ///
+        /// \returns Client hello message
+        ///
+        sanitizing_blob make_client_hello();
+
+        ///
+        /// Makes a TLS client certificate message
+        ///
+        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.6. Client Certificate)](https://tools.ietf.org/html/rfc5246#section-7.4.6)
+        ///
+        /// \returns Client certificate message
+        ///
+        sanitizing_blob make_client_cert() const;
+
+        ///
+        /// Makes a TLS client key exchange message
+        ///
+        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.7. Client Key Exchange Message )](https://tools.ietf.org/html/rfc5246#section-7.4.7)
+        ///
+        /// \param[in] pms  Pre-master secret
+        ///
+        /// \returns Client key exchange message
+        ///
+        sanitizing_blob make_client_key_exchange(_In_ const tls_master_secret &pms) const;
+
+        ///
+        /// Makes a TLS finished message
+        ///
+        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1)
+        ///
+        /// \returns Change cipher spec
+        ///
+        eap::sanitizing_blob make_finished() const;
+
+        /// @}
+
+        /// \name Client/Server handshake hashing
+        /// @{
+
+        ///
+        /// Hashes handshake message for "finished" message validation.
+        ///
+        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.9. Finished)](https://tools.ietf.org/html/rfc5246#section-7.4.9)
+        ///
+        /// \param[in] data  Data to hash
+        /// \param[in] size  \p data size in bytes
+        ///
+        inline void hash_handshake(_In_count_(size) const void *data, _In_ size_t size)
+        {
+            CryptHashData(m_hash_handshake_msgs_md5   , (const BYTE*)data, (DWORD)size, 0);
+            CryptHashData(m_hash_handshake_msgs_sha1  , (const BYTE*)data, (DWORD)size, 0);
+            CryptHashData(m_hash_handshake_msgs_sha256, (const BYTE*)data, (DWORD)size, 0);
+        }
+
+        ///
+        /// Hashes handshake message for "finished" message validation.
+        ///
+        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.9. Finished)](https://tools.ietf.org/html/rfc5246#section-7.4.9)
+        ///
+        /// \param[in] data  Data to hash
+        /// \param[in] size  \p data size in bytes
+        ///
+        template<class _Ty, class _Ax>
+        inline void hash_handshake(_In_ const std::vector<_Ty, _Ax> &data)
+        {
+            hash_handshake(data.data(), data.size() * sizeof(_Ty));
+        }
+
+        /// @}
+
+        ///
+        /// Makes a TLS message
+        ///
+        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter A.1. Record Layer)](https://tools.ietf.org/html/rfc5246#appendix-A.1)
+        ///
+        /// \param[in]    type  Message type
+        /// \param[inout] data  Message data contents
+        ///
+        /// \returns TLS message message
+        ///
+        eap::sanitizing_blob make_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &&data);
+
+        /// @}
+
+        /// \name Key derivation
+        /// @{
+
+        ///
+        /// Generates master session key
+        ///
+        /// \sa [The EAP-TLS Authentication Protocol (Chapter 2.3. Key Hierarchy)](https://tools.ietf.org/html/rfc5216#section-2.3)
+        ///
+        virtual void derive_msk();
+
+        /// @}
+
+        /// \name Server message processing
+        /// @{
+
+        ///
+        /// Processes messages in a TLS packet
+        ///
+        /// \param[in] pck       Packet data
+        /// \param[in] size_pck  \p pck size in bytes
+        ///
+        void process_packet(_In_bytecount_(size_pck) const void *pck, _In_ size_t size_pck);
+
+        ///
+        /// Processes a TLS change_cipher_spec message
+        ///
+        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.1. Change Cipher Spec Protocol)](https://tools.ietf.org/html/rfc5246#section-7.1)
+        ///
+        /// \param[in] msg       TLS change_cipher_spec message data
+        /// \param[in] msg_size  TLS change_cipher_spec message data size
+        ///
+        virtual void process_change_cipher_spec(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
+
+        ///
+        /// Processes a TLS alert message
+        ///
+        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.2. Alert Protocol)](https://tools.ietf.org/html/rfc5246#section-7.2)
+        ///
+        /// \param[in] msg       TLS alert message data
+        /// \param[in] msg_size  TLS alert message data size
+        ///
+        virtual void process_alert(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
+
+        ///
+        /// Processes a TLS handshake message
+        ///
+        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4. Handshake Protocol)](https://tools.ietf.org/html/rfc5246#section-7.4)
+        ///
+        /// \param[in] msg       TLS handshake message data
+        /// \param[in] msg_size  TLS handshake message data size
+        ///
+        virtual void process_handshake(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
+
+#else
+        ///
+        /// Process handshake
+        ///
+        void process_handshake();
+
+        ///
+        /// Process application data
+        ///
+        void process_application_data();
+#endif
+
+        ///
+        /// Processes a TLS application_data message
+        ///
+        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 10. Application Data Protocol)](https://tools.ietf.org/html/rfc5246#section-10)
+        ///
+        /// \param[in] msg       TLS application_data message data
+        /// \param[in] msg_size  TLS application_data message data size
+        ///
+        virtual void process_application_data(_In_bytecount_(msg_size) const void *msg, _In_ size_t msg_size);
+
+        /// @}
+
+#if EAP_TLS < EAP_TLS_SCHANNEL_FULL
+        ///
+        /// Verifies server's certificate if trusted by configuration
+        ///
+        void verify_server_trust() const;
+#endif
+
+#if EAP_TLS < EAP_TLS_SCHANNEL
+        /// \name Encryption
+        /// @{
+
+        ///
+        /// Encrypt TLS message
+        ///
+        /// \param[in]    type  Message type
+        /// \param[inout] data  TLS message to encrypt
+        ///
+        void encrypt_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &data);
+
+        ///
+        /// Decrypt TLS message
+        ///
+        /// \param[in]    type  Original message type for HMAC verification
+        /// \param[inout] data  TLS message to decrypt
+        ///
+        void decrypt_message(_In_ tls_message_type_t type, _Inout_ sanitizing_blob &data);
+
+        /// @}
+
+        /// \name Pseudo-random generation
+        /// @{
+
+        ///
+        /// Calculates pseudo-random P_hash data defined in RFC 5246
+        ///
+        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.1 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc4346#section-5)
+        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc5246#section-5)
+        ///
+        /// \param[in] cp         Handle of the cryptographics provider
+        /// \param[in] alg        Hashing Algorithm to use (CALG_TLS1PRF = combination of MD5 and SHA-1, CALG_SHA_256...)
+        /// \param[in] secret     Hashing secret key
+        /// \param[in] seed       Random seed
+        /// \param[in] size_seed  \p seed size
+        /// \param[in] size       Number of bytes of pseudo-random data required
+        ///
+        /// \returns Generated pseudo-random data (\p size bytes)
+        ///
+        static sanitizing_blob prf(
+            _In_                            HCRYPTPROV        cp,
+            _In_                            ALG_ID            alg,
+            _In_                      const tls_master_secret &secret,
+            _In_bytecount_(size_seed) const void              *seed,
+            _In_                            size_t            size_seed,
+            _In_                            size_t            size);
+
+        ///
+        /// Calculates pseudo-random P_hash data defined in RFC 5246
+        ///
+        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.1 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc4346#section-5)
+        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 5. HMAC and the Pseudorandom Function)](https://tools.ietf.org/html/rfc5246#section-5)
+        ///
+        /// \param[in] cp      Handle of the cryptographics provider
+        /// \param[in] alg     Hashing Algorithm to use (CALG_TLS1PRF = combination of MD5 and SHA-1, CALG_SHA_256...)
+        /// \param[in] secret  Hashing secret key
+        /// \param[in] seed    Random seed
+        /// \param[in] size    Number of bytes of pseudo-random data required
+        ///
+        /// \returns Generated pseudo-random data (\p size bytes)
+        ///
+        template<class _Ty, class _Ax>
+        inline static sanitizing_blob prf(
+            _In_       HCRYPTPROV            cp,
+            _In_       ALG_ID                alg,
+            _In_ const tls_master_secret     &secret,
+            _In_ const std::vector<_Ty, _Ax> &seed,
+            _In_       size_t                size)
+        {
+            return prf(cp, alg, secret, seed.data(), seed.size() * sizeof(_Ty), size);
+        }
+
+        /// @}
+
+        ///
+        /// Creates a key
+        ///
+        /// \sa [How to export and import plain text session keys by using CryptoAPI](https://support.microsoft.com/en-us/kb/228786)
+        ///
+        /// \param[in] cp           Handle of the cryptographics provider
+        /// \param[in] alg          Key algorithm
+        /// \param[in] key          Key that decrypts \p secret
+        /// \param[in] secret       Key data
+        /// \param[in] size_secret  \p secret size
+        ///
+        /// \returns Key
+        ///
+        HCRYPTKEY create_key(
+            _In_                              HCRYPTPROV cp,
+            _In_                              ALG_ID     alg,
+            _In_                              HCRYPTKEY  key,
+            _In_bytecount_(size_secret) const void       *secret,
+            _In_                              size_t     size_secret);
+#endif
+
+    protected:
+        credentials_tls &m_cred;                                ///< EAP-TLS user credentials
+        HANDLE m_user_ctx;                                      ///< Handle to user context
+
+        packet m_packet_req;                                    ///< Request packet
+        packet m_packet_res;                                    ///< Response packet
+
+#if EAP_TLS < EAP_TLS_SCHANNEL
+        winstd::crypt_prov m_cp;                                ///< Cryptography provider for general services
+        winstd::crypt_prov m_cp_enc_client;                     ///< Cryptography provider for encryption
+        winstd::crypt_prov m_cp_enc_server;                     ///< Cryptography provider for encryption
+        winstd::crypt_key m_key_exp1;                           ///< Key for importing derived keys
+
+        tls_version m_tls_version;                              ///< TLS version in use
+        ALG_ID m_alg_prf;                                       ///< Pseudo-random function algorithm in use
+
+        tls_conn_state m_state_client;                          ///< Client TLS connection state
+        tls_conn_state m_state_client_pending;                  ///< Client TLS connection state (pending)
+        tls_conn_state m_state_server;                          ///< Server TLS connection state
+        tls_conn_state m_state_server_pending;                  ///< Server TLS connection state (pending)
+
+        tls_master_secret m_master_secret;                      ///< TLS master secret
+        tls_random m_random_client;                             ///< Client random
+        tls_random m_random_server;                             ///< Server random
+
+        tls_random m_key_mppe_client;                           ///< MS-MPPE-Recv-Key
+        tls_random m_key_mppe_server;                           ///< MS-MPPE-Send-Key
+
+        sanitizing_blob m_session_id;                           ///< TLS session ID
+
+        std::list<winstd::cert_context> m_server_cert_chain;    ///< Server certificate chain
+
+        winstd::crypt_hash m_hash_handshake_msgs_md5;           ///< Running MD5 hash of handshake messages
+        winstd::crypt_hash m_hash_handshake_msgs_sha1;          ///< Running SHA-1 hash of handshake messages
+        winstd::crypt_hash m_hash_handshake_msgs_sha256;        ///< Running SHA-256 hash of handshake messages
+
+        bool m_handshake[tls_handshake_type_max];               ///< Handshake flags (map od handshake messages received)
+
+        enum {
+            phase_unknown = -1,                                 ///< Unknown phase
+            phase_client_hello = 0,                             ///< Send client hello
+            phase_server_hello,                                 ///< Wait for server hello
+            phase_change_cipher_spec,                           ///< Wait for change cipher spec
+            phase_application_data                              ///< Exchange application data
+        } m_phase;                                              ///< What phase is our communication at?
+
+        unsigned __int64 m_seq_num_client;                      ///< Sequence number for encrypting
+        unsigned __int64 m_seq_num_server;                      ///< Sequence number for decrypting
+#else
+        winstd::tstring m_sc_target_name;                       ///< Schannel target name
+        winstd::sec_credentials m_sc_cred;                      ///< Schannel client credentials
+        std::vector<unsigned char> m_sc_queue;                  ///< TLS data queue
+        winstd::sec_context m_sc_ctx;                           ///< Schannel context
+
+        enum {
+            phase_unknown = -1,                                 ///< Unknown phase
+            phase_handshake_init = 0,                           ///< Handshake initialize
+            phase_handshake_cont,                               ///< Handshake continue
+            phase_application_data,                             ///< Exchange application data
+            phase_shutdown,                                     ///< Connection shut down
+        } m_phase, m_phase_prev;                                ///< What phase is our communication at?
+#endif
+
+        // The following members are required to avoid memory leakage in get_result()
+        EAP_ATTRIBUTES m_eap_attr_desc;                         ///< EAP Radius attributes descriptor
+        std::vector<winstd::eap_attr> m_eap_attr;               ///< EAP Radius attributes
+        BYTE *m_blob_cfg;                                       ///< Configuration BLOB
+#ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
+        BYTE *m_blob_cred;                                      ///< Credentials BLOB
+#endif
+    };
+}

lib/TLS/include/TLS.h

@@ -0,0 +1,526 @@
+/*
+    Copyright 2015-2016 Amebis
+    Copyright 2016 G<>ANT
+
+    This file is part of G<>ANTLink.
+
+    G<>ANTLink is free software: you can redistribute it and/or modify it
+    under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    G<>ANTLink is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with G<>ANTLink. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "../../EAPBase/include/EAP.h"
+
+namespace eap
+{
+    ///
+    /// TLS packet type
+    ///
+    /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter: A.1. Record Layer](https://tools.ietf.org/html/rfc5246#appendix-A.1)
+    ///
+    enum tls_message_type_t;
+
+    ///
+    /// TLS handshake type
+    ///
+    /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter: A.4. Handshake Protocol](https://tools.ietf.org/html/rfc5246#appendix-A.4)
+    ///
+    enum tls_handshake_type_t;
+
+    ///
+    /// TLS alert level
+    ///
+    /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter: 7.2. Alert Protocol)](https://tools.ietf.org/html/rfc5246#section-7.2)
+    ///
+    enum tls_alert_level_t;
+
+    ///
+    /// TLS alert description
+    ///
+    /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter: 7.2. Alert Protocol)](https://tools.ietf.org/html/rfc5246#section-7.2)
+    ///
+    enum tls_alert_desc_t;
+
+    ///
+    /// TLS protocol version
+    ///
+    struct tls_version;
+    extern const tls_version tls_version_1_0;
+    extern const tls_version tls_version_1_1;
+    extern const tls_version tls_version_1_2;
+
+    ///
+    /// TLS client/server random
+    ///
+    struct tls_random;
+
+    ///
+    /// Master secret
+    ///
+    /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (8.1. Computing the Master Secret)](https://tools.ietf.org/html/rfc5246#section-8.1)
+    ///
+    struct tls_master_secret;
+
+    ///
+    /// HMAC padding
+    ///
+    /// \sa [HMAC: Keyed-Hashing for Message Authentication](https://tools.ietf.org/html/rfc2104)
+    ///
+    struct hmac_padding;
+
+    ///
+    /// Our own implementation of HMAC hashing
+    /// Microsoft's implementation ([MSDN](https://msdn.microsoft.com/en-us/library/windows/desktop/aa382379.aspx)) is flaky.
+    ///
+    /// \sa [HMAC: Keyed-Hashing for Message Authentication](https://tools.ietf.org/html/rfc2104)
+    ///
+    class hmac_hash;
+
+    ///
+    /// TLS client connection state
+    ///
+    /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 6.1. Connection States)](https://tools.ietf.org/html/rfc5246#section-6.1)
+    ///
+    class tls_conn_state;
+}
+
+/////
+///// Packs a TLS connection state
+/////
+///// \param[inout] cursor  Memory cursor
+///// \param[in]    val     Variable with data to pack
+/////
+//inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const eap::tls_conn_state &val);
+//
+/////
+///// Returns packed size of TLS connection state
+/////
+///// \param[in] val  Data to pack
+/////
+///// \returns Size of data when packed (in bytes)
+/////
+//inline size_t pksizeof(_In_ const eap::tls_conn_state &val);
+//
+/////
+///// Unpacks a TLS connection state
+/////
+///// \param[inout] cursor  Memory cursor
+///// \param[out]   val     Variable to receive unpacked value
+/////
+//inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::tls_conn_state &val);
+
+#pragma once
+
+#include <memory>
+
+
+namespace eap
+{
+#pragma warning(push)
+#pragma warning(disable: 4480)
+
+    enum tls_message_type_t : unsigned char
+    {
+        tls_message_type_change_cipher_spec = 20,
+        tls_message_type_alert              = 21,
+        tls_message_type_handshake          = 22,
+        tls_message_type_application_data   = 23,
+    };
+
+
+    enum tls_handshake_type_t : unsigned char
+    {
+        tls_handshake_type_hello_request       =  0,
+        tls_handshake_type_client_hello        =  1,
+        tls_handshake_type_server_hello        =  2,
+        tls_handshake_type_certificate         = 11,
+        tls_handshake_type_server_key_exchange = 12,
+        tls_handshake_type_certificate_request = 13,
+        tls_handshake_type_server_hello_done   = 14,
+        tls_handshake_type_certificate_verify  = 15,
+        tls_handshake_type_client_key_exchange = 16,
+        tls_handshake_type_finished            = 20,
+
+        tls_handshake_type_min                 =  0,    ///< First existing handshake message
+        tls_handshake_type_max                 = 21     ///< First non-existing (officially) handshake message
+    };
+
+
+    enum tls_alert_level_t : unsigned char
+    {
+        tls_alert_level_warning = 1,
+        tls_alert_level_fatal   = 2,
+    };
+
+
+    enum tls_alert_desc_t : unsigned char
+    {
+        tls_alert_desc_close_notify            =   0,
+        tls_alert_desc_unexpected_message      =  10,
+        tls_alert_desc_bad_record_mac          =  20,
+        tls_alert_desc_decryption_failed       =  21, // reserved
+        tls_alert_desc_record_overflow         =  22,
+        tls_alert_desc_decompression_failure   =  30,
+        tls_alert_desc_handshake_failure       =  40,
+        tls_alert_desc_no_certificate          =  41, // reserved
+        tls_alert_desc_bad_certificate         =  42,
+        tls_alert_desc_unsupported_certificate =  43,
+        tls_alert_desc_certificate_revoked     =  44,
+        tls_alert_desc_certificate_expired     =  45,
+        tls_alert_desc_certificate_unknown     =  46,
+        tls_alert_desc_illegal_parameter       =  47,
+        tls_alert_desc_unknown_ca              =  48,
+        tls_alert_desc_access_denied           =  49,
+        tls_alert_desc_decode_error            =  50,
+        tls_alert_desc_decrypt_error           =  51,
+        tls_alert_desc_export_restriction      =  60, // reserved
+        tls_alert_desc_protocol_version        =  70,
+        tls_alert_desc_insufficient_security   =  71,
+        tls_alert_desc_internal_error          =  80,
+        tls_alert_desc_user_canceled           =  90,
+        tls_alert_desc_no_renegotiation        = 100,
+        tls_alert_desc_unsupported_extension   = 110,
+    };
+
+#pragma warning(pop)
+
+
+#pragma pack(push)
+#pragma pack(1)
+    ///
+    /// TLS protocol version
+    ///
+    struct __declspec(novtable) tls_version
+    {
+        unsigned char major;    ///< Major version
+        unsigned char minor;    ///< Minor version
+
+        ///
+        /// Copies a TLS version
+        ///
+        /// \param[in] other  Version to copy from
+        ///
+        /// \returns Reference to this object
+        ///
+        inline tls_version& operator=(_In_ const tls_version &other)
+        {
+            if (this != std::addressof(other)) {
+                major = other.major;
+                minor = other.minor;
+            }
+            return *this;
+        }
+
+        ///
+        /// Is version less than?
+        ///
+        /// \param[in] other  Protocol version to compare against
+        /// \return
+        /// - Non zero when protocol version is less than h;
+        /// - Zero otherwise.
+        ///
+        inline bool operator<(_In_ const tls_version &other) const
+        {
+            return major < other.major || major == other.major && minor < other.minor;
+        }
+
+        ///
+        /// Is version less than or equal to?
+        ///
+        /// \param[in] other  Protocol version to compare against
+        /// \return
+        /// - Non zero when protocol version is less than or equal to h;
+        /// - Zero otherwise.
+        ///
+        inline bool operator<=(_In_ const tls_version &other) const
+        {
+            return !operator>(other);
+        }
+
+        ///
+        /// Is version greater than or equal to?
+        ///
+        /// \param[in] other  Protocol version to compare against
+        /// \return
+        /// - Non zero when protocol version is greater than or equal to h;
+        /// - Zero otherwise.
+        ///
+        inline bool operator>=(_In_ const tls_version &other) const
+        {
+            return !operator<(other);
+        }
+
+        ///
+        /// Is version greater than?
+        ///
+        /// \param[in] other  Protocol version to compare against
+        /// \return
+        /// - Non zero when protocol version is greater than h;
+        /// - Zero otherwise.
+        ///
+        inline bool operator>(_In_ const tls_version &other) const
+        {
+            return other.major < major || other.major == major && other.minor < minor;
+        }
+
+        ///
+        /// Is version not equal to?
+        ///
+        /// \param[in] other  Protocol version to compare against
+        /// \return
+        /// - Non zero when protocol version is not equal to h;
+        /// - Zero otherwise.
+        ///
+        inline bool operator!=(_In_ const tls_version &other) const
+        {
+            return !operator==(other);
+        }
+
+        ///
+        /// Is version equal to?
+        ///
+        /// \param[in] other  Protocol version to compare against
+        /// \return
+        /// - Non zero when protocol version is equal to h;
+        /// - Zero otherwise.
+        ///
+        inline bool operator==(_In_ const tls_version &other) const
+        {
+            return major == other.major && minor == other.minor;
+        }
+    };
+#pragma pack(pop)
+
+
+#pragma pack(push)
+#pragma pack(1)
+    struct __declspec(novtable) tls_random : public sanitizing_blob_xf<32>
+    {
+        ///
+        /// Generate TLS random
+        ///
+        /// \param[in] cp  Handle of the cryptographics provider
+        ///
+        void randomize(_In_ HCRYPTPROV cp);
+    };
+#pragma pack(pop)
+
+
+#pragma pack(push)
+#pragma pack(1)
+    struct __declspec(novtable) tls_master_secret : public sanitizing_blob_xf<48>
+    {
+        ///
+        /// Constructor
+        ///
+        tls_master_secret();
+
+        ///
+        /// Constructs a pre-master secret
+        ///
+        /// \sa [The Transport Layer Security (TLS) Protocol Version 1.2 (Chapter 7.4.7.1. RSA-Encrypted Premaster Secret Message)](https://tools.ietf.org/html/rfc5246#section-7.4.7.1)
+        ///
+        /// \param[in] cp   Handle of the cryptographics provider
+        /// \param[in] ver  TLS version
+        ///
+        tls_master_secret(_In_ HCRYPTPROV cp, _In_ tls_version ver);
+
+        ///
+        /// Copies a master secret
+        ///
+        /// \param[in] other  Master secret to copy from
+        ///
+        tls_master_secret(_In_ const sanitizing_blob_f<48> &other);
+
+#ifdef _DEBUG
+        ///
+        /// Moves the master secret
+        ///
+        /// \param[inout] other  Master secret to move from
+        ///
+        tls_master_secret(_Inout_ sanitizing_blob_zf<48> &&other);
+#endif
+    };
+#pragma pack(pop)
+
+
+#pragma pack(push)
+#pragma pack(1)
+    struct __declspec(novtable) hmac_padding : public sanitizing_blob_xf<64>
+    {
+        ///
+        /// Constructor
+        ///
+        hmac_padding();
+
+        ///
+        /// Derive padding from secret
+        ///
+        /// \param[in] cp           Handle of the cryptographics provider
+        /// \param[in] alg          Hashing algorithm
+        /// \param[in] secret       HMAC secret
+        /// \param[in] size_secret  \p secret size
+        /// \param[in] pad          Padding value to XOR with (0x36=inner, 0x5c=outer...)
+        ///
+        hmac_padding(
+            _In_                               HCRYPTPROV    cp,
+            _In_                               ALG_ID        alg,
+            _In_bytecount_(size_secret ) const void          *secret,
+            _In_                               size_t        size_secret,
+            _In_opt_                           unsigned char pad = 0x36);
+
+        ///
+        /// Copies a padding
+        ///
+        /// \param[in] other  Master secret to copy from
+        ///
+        hmac_padding(_In_ const sanitizing_blob_f<64> &other);
+
+#ifdef _DEBUG
+        ///
+        /// Moves the padding
+        ///
+        /// \param[inout] other  Padding to move from
+        ///
+        hmac_padding(_Inout_ sanitizing_blob_zf<64> &&other);
+#endif
+    };
+#pragma pack(pop)
+
+
+    class hmac_hash
+    {
+    public:
+        ///
+        /// Construct new HMAC hashing object
+        ///
+        /// \param[in] cp           Handle of the cryptographics provider
+        /// \param[in] alg          Hashing algorithm
+        /// \param[in] secret       HMAC secret
+        /// \param[in] size_secret  \p secret size
+        ///
+        hmac_hash(
+            _In_                               HCRYPTPROV cp,
+            _In_                               ALG_ID     alg,
+            _In_bytecount_(size_secret ) const void       *secret,
+            _In_                               size_t     size_secret);
+
+        ///
+        /// Construct new HMAC hashing object using already prepared inner padding
+        ///
+        /// \param[in] cp           Handle of the cryptographics provider
+        /// \param[in] alg          Hashing algorithm
+        /// \param[in] padding      HMAC secret XOR inner padding
+        ///
+        hmac_hash(
+            _In_       HCRYPTPROV   cp,
+            _In_       ALG_ID       alg,
+            _In_ const hmac_padding &padding);
+
+        ///
+        /// Provides access to inner hash object to hash data at will.
+        ///
+        /// \returns Inner hashing object handle
+        ///
+        inline operator HCRYPTHASH()
+        {
+            return m_hash_inner;
+        }
+
+        ///
+        /// Completes hashing and returns hashed data.
+        ///
+        /// \param[out] val  Calculated hash value
+        ///
+        template<class _Ty, class _Ax>
+        inline void calculate(_Out_ std::vector<_Ty, _Ax> &val)
+        {
+            // Calculate inner hash.
+            if (!CryptGetHashParam(m_hash_inner, HP_HASHVAL, val, 0))
+                throw win_runtime_error(__FUNCTION__ " Error calculating inner hash.");
+
+            // Hash inner hash with outer hash.
+            if (!CryptHashData(m_hash_outer, (const BYTE*)val.data(), (DWORD)(val.size() * sizeof(_Ty)), 0))
+                throw win_runtime_error(__FUNCTION__ " Error hashing inner hash.");
+
+            // Calculate outer hash.
+            if (!CryptGetHashParam(m_hash_outer, HP_HASHVAL, val, 0))
+                throw win_runtime_error(__FUNCTION__ " Error calculating outer hash.");
+        }
+
+    protected:
+        winstd::crypt_hash m_hash_inner; ///< Inner hashing object
+        winstd::crypt_hash m_hash_outer; ///< Outer hashing object
+    };
+
+
+    class tls_conn_state
+    {
+    public:
+        ///
+        /// Constructs a connection state
+        ///
+        tls_conn_state();
+
+        ///
+        /// Copy a connection state
+        ///
+        /// \param[in] other  Connection state to copy from
+        ///
+        tls_conn_state(_In_ const tls_conn_state &other);
+
+        ///
+        /// Moves a connection state
+        ///
+        /// \param[inout] other  Connection state to move from
+        ///
+        tls_conn_state(_Inout_ tls_conn_state &&other);
+
+        ///
+        /// Copy a connection state
+        ///
+        /// \param[inout] other  Connection state to copy from
+        ///
+        /// \returns Reference to this object
+        ///
+        tls_conn_state& operator=(_In_ const tls_conn_state &other);
+
+        ///
+        /// Moves a connection state
+        ///
+        /// \param[in] other  Connection state to move from
+        ///
+        /// \returns Reference to this object
+        ///
+        tls_conn_state& operator=(_Inout_ tls_conn_state &&other);
+
+        ///
+        /// Configures state according to given cipher
+        ///
+        /// \param[in] cipher  Cipher ID
+        ///
+        void set_cipher(_In_ const unsigned char cipher[2]);
+
+    public:
+        LPCTSTR m_prov_name;            ///< Cryptography provider name
+        DWORD m_prov_type;              ///< Cryptography provider type
+        ALG_ID m_alg_encrypt;           ///< Bulk encryption algorithm
+        size_t m_size_enc_key;          ///< Encryption key size in bytes (has to comply with `m_alg_encrypt`)
+        size_t m_size_enc_iv;           ///< Encryption initialization vector size in bytes (has to comply with `m_alg_encrypt`)
+        size_t m_size_enc_block;        ///< Encryption block size in bytes (has to comply with `m_alg_encrypt`)
+        winstd::crypt_key m_key;        ///< Key for encrypting messages
+        ALG_ID m_alg_mac;               ///< Message authenticy check algorithm
+        size_t m_size_mac_key;          ///< Message authenticy check algorithm key size (has to comply with `m_alg_mac`)
+        size_t m_size_mac_hash;         ///< Message authenticy check algorithm result size (has to comply with `m_alg_mac`)
+        hmac_padding m_padding_hmac;    ///< Padding (key) for HMAC calculation
+    };
+}

lib/TLS/src/Config.cpp

@@ -20,143 +20,188 @@
 
 #include "StdAfx.h"
 
+#pragma comment(lib, "Cryptui.lib")
+
 using namespace std;
 using namespace winstd;
 
 
 //////////////////////////////////////////////////////////////////////
-// eap::config_tls
+// eap::get_cert_title
 //////////////////////////////////////////////////////////////////////
 
-eap::config_tls::config_tls(_In_ module &mod) : config_method<credentials_tls>(mod)
+tstring eap::get_cert_title(PCCERT_CONTEXT cert)
 {
+    tstring name, str, issuer, title;
+    FILETIME ft;
+    SYSTEMTIME st;
+
+    // Prepare certificate information
+    CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, name);
+    title += name;
+
+    FileTimeToLocalFileTime(&(cert->pCertInfo->NotBefore), &ft);
+    FileTimeToSystemTime(&ft, &st);
+    GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, str);
+    title += _T(", ");
+    title += str;
+
+    FileTimeToLocalFileTime(&(cert->pCertInfo->NotAfter ), &ft);
+    FileTimeToSystemTime(&ft, &st);
+    GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, str);
+    title += _T('-');
+    title += str;
+
+    CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, CERT_NAME_ISSUER_FLAG, NULL, issuer);
+    if (name != issuer) {
+        title += _T(", ");
+        title += issuer;
+    }
+
+    return title;
 }
 
 
-eap::config_tls::config_tls(_In_ const config_tls &other) :
+//////////////////////////////////////////////////////////////////////
+// eap::config_method_tls
+//////////////////////////////////////////////////////////////////////
+
+eap::config_method_tls::config_method_tls(_In_ module &mod) : config_method_with_cred(mod)
+{
+    m_preshared.reset(new credentials_tls(mod));
+}
+
+
+eap::config_method_tls::config_method_tls(_In_ const config_method_tls &other) :
     m_trusted_root_ca(other.m_trusted_root_ca),
     m_server_names(other.m_server_names),
-    config_method<credentials_tls>(other)
+#if EAP_TLS < EAP_TLS_SCHANNEL
+    m_session_id(other.m_session_id),
+    m_master_secret(other.m_master_secret),
+#endif
+    config_method_with_cred(other)
 {
 }
 
 
-eap::config_tls::config_tls(_Inout_ config_tls &&other) :
+eap::config_method_tls::config_method_tls(_Inout_ config_method_tls &&other) :
     m_trusted_root_ca(std::move(other.m_trusted_root_ca)),
     m_server_names(std::move(other.m_server_names)),
-    config_method<credentials_tls>(std::move(other))
+#if EAP_TLS < EAP_TLS_SCHANNEL
+    m_session_id(std::move(other.m_session_id)),
+    m_master_secret(std::move(other.m_master_secret)),
+#endif
+    config_method_with_cred(std::move(other))
 {
 }
 
 
-eap::config_tls& eap::config_tls::operator=(_In_ const eap::config_tls &other)
+eap::config_method_tls& eap::config_method_tls::operator=(_In_ const config_method_tls &other)
 {
     if (this != &other) {
-        (config_method<credentials_tls>&)*this = other;
+        (config_method_with_cred&)*this = other;
         m_trusted_root_ca = other.m_trusted_root_ca;
         m_server_names    = other.m_server_names;
+#if EAP_TLS < EAP_TLS_SCHANNEL
+        m_session_id      = other.m_session_id;
+        m_master_secret   = other.m_master_secret;
+#endif
     }
 
     return *this;
 }
 
 
-eap::config_tls& eap::config_tls::operator=(_Inout_ eap::config_tls &&other)
+eap::config_method_tls& eap::config_method_tls::operator=(_Inout_ config_method_tls &&other)
 {
     if (this != &other) {
-        (config_method<credentials_tls>&&)*this = std::move(other);
+        (config_method_with_cred&&)*this = std::move(other);
         m_trusted_root_ca = std::move(other.m_trusted_root_ca);
         m_server_names    = std::move(other.m_server_names);
+#if EAP_TLS < EAP_TLS_SCHANNEL
+        m_session_id      = std::move(other.m_session_id);
+        m_master_secret   = std::move(other.m_master_secret);
+#endif
     }
 
     return *this;
 }
 
 
-eap::config* eap::config_tls::clone() const
+eap::config* eap::config_method_tls::clone() const
 {
-    return new config_tls(*this);
+    return new config_method_tls(*this);
 }
 
 
-bool eap::config_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const
+void eap::config_method_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
 {
-    const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
-    DWORD dwResult;
-    HRESULT hr;
+    assert(pDoc);
+    assert(pConfigRoot);
 
-    if (!config_method<credentials_tls>::save(pDoc, pConfigRoot, ppEapError))
-        return false;
+    config_method_with_cred::save(pDoc, pConfigRoot);
+
+    const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
+    HRESULT hr;
 
     // <ServerSideCredential>
     com_obj<IXMLDOMElement> pXmlElServerSideCredential;
-    if ((dwResult = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), bstr(L"ServerSideCredential"), bstrNamespace, &pXmlElServerSideCredential)) != ERROR_SUCCESS) {
-        *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <ServerSideCredential> element."));
-        return false;
-    }
+    if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), bstr(L"ServerSideCredential"), bstrNamespace, &pXmlElServerSideCredential)))
+        throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerSideCredential> element.");
 
     for (list<cert_context>::const_iterator i = m_trusted_root_ca.begin(), i_end = m_trusted_root_ca.end(); i != i_end; ++i) {
         // <CA>
         com_obj<IXMLDOMElement> pXmlElCA;
-        if ((dwResult = eapxml::create_element(pDoc, bstr(L"CA"), bstrNamespace, &pXmlElCA))) {
-            *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <CA> element."));
-            return false;
-        }
+        if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"CA"), bstrNamespace, &pXmlElCA)))
+            throw com_runtime_error(hr, __FUNCTION__ " Error creating <CA> element.");
 
         // <CA>/<format>
-        if ((dwResult = eapxml::put_element_value(pDoc, pXmlElCA, bstr(L"format"), bstrNamespace, bstr(L"PEM"))) != ERROR_SUCCESS) {
-            *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <format> element."));
-            return false;
-        }
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElCA, bstr(L"format"), bstrNamespace, bstr(L"PEM"))))
+            throw com_runtime_error(hr, __FUNCTION__ " Error creating <format> element.");
 
         // <CA>/<cert-data>
         const cert_context &cc = *i;
-        if ((dwResult = eapxml::put_element_base64(pDoc, pXmlElCA, bstr(L"cert-data"), bstrNamespace, cc->pbCertEncoded, cc->cbCertEncoded)) != ERROR_SUCCESS) {
-            *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <cert-data> element."));
-            return false;
-        }
+        if (FAILED(hr = eapxml::put_element_base64(pDoc, pXmlElCA, bstr(L"cert-data"), bstrNamespace, cc->pbCertEncoded, cc->cbCertEncoded)))
+            throw com_runtime_error(hr, __FUNCTION__ " Error creating <cert-data> element.");
 
-        if (FAILED(hr = pXmlElServerSideCredential->appendChild(pXmlElCA, NULL))) {
-            *ppEapError = m_module.make_error(HRESULT_CODE(hr), _T(__FUNCTION__) _T(" Error appending <CA> element."));
-            return false;
-        }
+        if (FAILED(hr = pXmlElServerSideCredential->appendChild(pXmlElCA, NULL)))
+            throw com_runtime_error(hr, __FUNCTION__ " Error appending <CA> element.");
     }
 
     // <ServerName>
-    for (list<string>::const_iterator i = m_server_names.begin(), i_end = m_server_names.end(); i != i_end; ++i) {
-        wstring str;
-        MultiByteToWideChar(CP_UTF8, 0, i->c_str(), (int)i->length(), str);
-        if ((dwResult = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(str))) != ERROR_SUCCESS) {
-            *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <ServerName> element."));
-            return false;
-        }
+    for (list<wstring>::const_iterator i = m_server_names.begin(), i_end = m_server_names.end(); i != i_end; ++i) {
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(*i))))
+            throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerName> element.");
     }
-
-    return true;
 }
 
 
-bool eap::config_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError)
+void eap::config_method_tls::load(_In_ IXMLDOMNode *pConfigRoot)
 {
-    if (!config_method<credentials_tls>::load(pConfigRoot, ppEapError))
-        return false;
+    assert(pConfigRoot);
+
+    config_method_with_cred::load(pConfigRoot);
+
+    std::wstring xpath(eapxml::get_xpath(pConfigRoot));
 
     m_trusted_root_ca.clear();
     m_server_names.clear();
 
     // <ServerSideCredential>
     com_obj<IXMLDOMElement> pXmlElServerSideCredential;
-    if (eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), &pXmlElServerSideCredential) == ERROR_SUCCESS) {
+    if (SUCCEEDED(eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), &pXmlElServerSideCredential))) {
+        std::wstring xpathServerSideCredential(xpath + L"/ServerSideCredential");
+
         // <CA>
         com_obj<IXMLDOMNodeList> pXmlListCAs;
         long lCACount = 0;
-        if (eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:CA"), &pXmlListCAs) == ERROR_SUCCESS && SUCCEEDED(pXmlListCAs->get_length(&lCACount))) {
+        if (SUCCEEDED(eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:CA"), &pXmlListCAs)) && SUCCEEDED(pXmlListCAs->get_length(&lCACount))) {
             for (long j = 0; j < lCACount; j++) {
                 // Load CA certificate.
                 com_obj<IXMLDOMNode> pXmlElCA;
                 pXmlListCAs->get_item(j, &pXmlElCA);
                 bstr bstrFormat;
-                if (eapxml::get_element_value(pXmlElCA, bstr(L"eap-metadata:format"), &bstrFormat) != ERROR_SUCCESS) {
+                if (FAILED(eapxml::get_element_value(pXmlElCA, bstr(L"eap-metadata:format"), &bstrFormat))) {
                     // <format> not specified.
                     continue;
                 }
@@ -167,46 +212,87 @@ bool eap::config_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEa
                 }
 
                 vector<unsigned char> aData;
-                if (eapxml::get_element_base64(pXmlElCA, bstr(L"eap-metadata:cert-data"), aData) != ERROR_SUCCESS) {
+                if (FAILED(eapxml::get_element_base64(pXmlElCA, bstr(L"eap-metadata:cert-data"), aData))) {
                     // Error reading <cert-data> element.
                     continue;
                 }
 
                 add_trusted_ca(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, aData.data(), (DWORD)aData.size());
             }
+
+            // Log loaded CA certificates.
+            list<tstring> cert_names;
+            for (std::list<winstd::cert_context>::const_iterator cert = m_trusted_root_ca.cbegin(), cert_end = m_trusted_root_ca.cend(); cert != cert_end; ++cert)
+                cert_names.push_back(std::move(get_cert_title(*cert)));
+            m_module.log_config((xpathServerSideCredential + L"/CA").c_str(), cert_names);
         }
 
         // <ServerName>
         com_obj<IXMLDOMNodeList> pXmlListServerIDs;
         long lServerIDCount = 0;
-        if (eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:ServerName"), &pXmlListServerIDs) == ERROR_SUCCESS && SUCCEEDED(pXmlListServerIDs->get_length(&lServerIDCount))) {
+        if (SUCCEEDED(eapxml::select_nodes(pXmlElServerSideCredential, bstr(L"eap-metadata:ServerName"), &pXmlListServerIDs)) && SUCCEEDED(pXmlListServerIDs->get_length(&lServerIDCount))) {
             for (long j = 0; j < lServerIDCount; j++) {
                 // Load server name (<ServerName>).
                 com_obj<IXMLDOMNode> pXmlElServerID;
                 pXmlListServerIDs->get_item(j, &pXmlElServerID);
                 bstr bstrServerID;
                 pXmlElServerID->get_text(&bstrServerID);
-
-                // Server names (FQDNs) are always ASCII. Hopefully. Convert them to UTF-8 anyway for consistent comparison. CP_ANSI varies.
-                string str;
-                WideCharToMultiByte(CP_UTF8, 0, bstrServerID, bstrServerID.length(), str, NULL, NULL);
-
-                m_server_names.push_back(str);
+                m_server_names.push_back(wstring(bstrServerID));
             }
+
+            m_module.log_config((xpathServerSideCredential + L"/ServerName").c_str(), m_server_names);
         }
     }
-
-    return true;
 }
 
 
-eap::type_t eap::config_tls::get_method_id() const
+void eap::config_method_tls::operator<<(_Inout_ cursor_out &cursor) const
 {
-    return eap::type_tls;
+    config_method_with_cred::operator<<(cursor);
+    cursor << m_trusted_root_ca;
+    cursor << m_server_names   ;
+#if EAP_TLS < EAP_TLS_SCHANNEL
+    cursor << m_session_id     ;
+    cursor << m_master_secret  ;
+#endif
 }
 
 
-bool eap::config_tls::add_trusted_ca(_In_  DWORD dwCertEncodingType, _In_  const BYTE *pbCertEncoded, _In_  DWORD cbCertEncoded)
+size_t eap::config_method_tls::get_pk_size() const
+{
+    return
+        config_method_with_cred::get_pk_size() +
+        pksizeof(m_trusted_root_ca) +
+        pksizeof(m_server_names   )
+#if EAP_TLS < EAP_TLS_SCHANNEL
+        +
+        pksizeof(m_session_id     ) +
+        pksizeof(m_master_secret  );
+#else
+        ;
+#endif
+}
+
+
+void eap::config_method_tls::operator>>(_Inout_ cursor_in &cursor)
+{
+    config_method_with_cred::operator>>(cursor);
+    cursor >> m_trusted_root_ca;
+    cursor >> m_server_names   ;
+#if EAP_TLS < EAP_TLS_SCHANNEL
+    cursor >> m_session_id     ;
+    cursor >> m_master_secret  ;
+#endif
+}
+
+
+eap_type_t eap::config_method_tls::get_method_id() const
+{
+    return eap_type_tls;
+}
+
+
+bool eap::config_method_tls::add_trusted_ca(_In_  DWORD dwCertEncodingType, _In_  const BYTE *pbCertEncoded, _In_  DWORD cbCertEncoded)
 {
     cert_context cert;
     if (!cert.create(dwCertEncodingType, pbCertEncoded, cbCertEncoded)) {

lib/TLS/src/Credentials.cpp

@@ -88,97 +88,98 @@ bool eap::credentials_tls::empty() const
 }
 
 
-bool eap::credentials_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const
+void eap::credentials_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
 {
-    const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
-    DWORD dwResult;
-    HRESULT hr;
+    assert(pDoc);
+    assert(pConfigRoot);
 
-    // Don't save m_identity. We rebuild it on every load.
-    //if (!credentials::save(pDoc, pConfigRoot, ppEapError))
-    //    return false;
+    credentials::save(pDoc, pConfigRoot);
+
+    const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
+    HRESULT hr;
 
     // <ClientCertificate>
     com_obj<IXMLDOMElement> pXmlElClientCertificate;
-    if ((dwResult = eapxml::create_element(pDoc, bstr(L"ClientCertificate"), bstrNamespace, &pXmlElClientCertificate))) {
-        *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <ClientCertificate> element."));
-        return false;
-    }
+    if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"ClientCertificate"), bstrNamespace, &pXmlElClientCertificate)))
+        throw com_runtime_error(hr, __FUNCTION__ " Error creating <ClientCertificate> element.");
 
     if (m_cert) {
         // <ClientCertificate>/<format>
-        if ((dwResult = eapxml::put_element_value(pDoc, pXmlElClientCertificate, bstr(L"format"), bstrNamespace, bstr(L"PEM"))) != ERROR_SUCCESS) {
-            *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <format> element."));
-            return false;
-        }
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElClientCertificate, bstr(L"format"), bstrNamespace, bstr(L"PEM"))))
+            throw com_runtime_error(hr, __FUNCTION__ " Error creating <format> element.");
 
         // <ClientCertificate>/<cert-data>
-        if ((dwResult = eapxml::put_element_base64(pDoc, pXmlElClientCertificate, bstr(L"cert-data"), bstrNamespace, m_cert->pbCertEncoded, m_cert->cbCertEncoded)) != ERROR_SUCCESS) {
-            *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error creating <cert-data> element."));
-            return false;
-        }
+        if (FAILED(hr = eapxml::put_element_base64(pDoc, pXmlElClientCertificate, bstr(L"cert-data"), bstrNamespace, m_cert->pbCertEncoded, m_cert->cbCertEncoded)))
+            throw com_runtime_error(hr, __FUNCTION__ " Error creating <cert-data> element.");
     }
 
-    if (FAILED(hr = pConfigRoot->appendChild(pXmlElClientCertificate, NULL))) {
-        *ppEapError = m_module.make_error(HRESULT_CODE(hr), _T(__FUNCTION__) _T(" Error appending <ClientCertificate> element."));
-        return false;
-    }
-
-    return true;
+    if (FAILED(hr = pConfigRoot->appendChild(pXmlElClientCertificate, NULL)))
+        throw com_runtime_error(hr, __FUNCTION__ " Error appending <ClientCertificate> element.");
 }
 
 
-bool eap::credentials_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError)
+void eap::credentials_tls::load(_In_ IXMLDOMNode *pConfigRoot)
 {
     assert(pConfigRoot);
-    DWORD dwResult;
+    HRESULT hr;
 
-    // Don't load m_identity. We rebuild it on load.
-    //if (!credentials::load(pConfigRoot, ppEapError))
-    //    return false;
+    credentials::load(pConfigRoot);
+
+    std::wstring xpath(eapxml::get_xpath(pConfigRoot));
 
-    m_identity.clear();
     m_cert.free();
 
     // <ClientCertificate>
     com_obj<IXMLDOMElement> pXmlElClientCertificate;
-    if ((dwResult = eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ClientCertificate"), &pXmlElClientCertificate)) != ERROR_SUCCESS) {
-        *ppEapError = m_module.make_error(dwResult, _T(__FUNCTION__) _T(" Error reading <ClientCertificate> element."), _T("Please make sure profile XML is a valid ") _T(PRODUCT_NAME_STR) _T(" profile XML document."));
-        return false;
-    }
+    if (FAILED(hr = eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ClientCertificate"), &pXmlElClientCertificate)))
+        throw com_runtime_error(hr, __FUNCTION__ " Error reading <ClientCertificate> element.");
 
     // <ClientCertificate>/<format>
     bstr bstrFormat;
-    if ((dwResult = eapxml::get_element_value(pXmlElClientCertificate, bstr(L"eap-metadata:format"), &bstrFormat)) == ERROR_SUCCESS) {
+    if (SUCCEEDED(eapxml::get_element_value(pXmlElClientCertificate, bstr(L"eap-metadata:format"), &bstrFormat))) {
         if (CompareStringEx(LOCALE_NAME_INVARIANT, NORM_IGNORECASE, bstrFormat, bstrFormat.length(), L"PEM", -1, NULL, NULL, 0) == CSTR_EQUAL) {
             // <ClientCertificate>/<cert-data>
             vector<unsigned char> aData;
-            if ((dwResult = eapxml::get_element_base64(pXmlElClientCertificate, bstr(L"eap-metadata:cert-data"), aData)) == ERROR_SUCCESS) {
-                if (m_cert.create(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, aData.data(), (DWORD)aData.size())) {
-                    // Generate identity. TODO: Find which CERT_NAME_... constant returns valid identity (username@domain or DOMAIN\Username).
-                    CertGetNameString(m_cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, m_identity);
-                }
-            }
+            if (SUCCEEDED(eapxml::get_element_base64(pXmlElClientCertificate, bstr(L"eap-metadata:cert-data"), aData)))
+                m_cert.create(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, aData.data(), (DWORD)aData.size());
         }
     }
-
-    return true;
+    m_module.log_config((xpath + L"/ClientCertificate").c_str(), get_name().c_str());
 }
 
 
-bool eap::credentials_tls::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) const
+void eap::credentials_tls::operator<<(_Inout_ cursor_out &cursor) const
+{
+    credentials::operator<<(cursor);
+    cursor << m_cert;
+}
+
+
+size_t eap::credentials_tls::get_pk_size() const
+{
+    return
+        credentials::get_pk_size() +
+        pksizeof(m_cert);
+}
+
+
+void eap::credentials_tls::operator>>(_Inout_ cursor_in &cursor)
+{
+    credentials::operator>>(cursor);
+    cursor >> m_cert;
+}
+
+
+void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName) const
 {
     assert(pszTargetName);
-    assert(ppEapError);
 
     // Encrypt the certificate using user's key.
     DATA_BLOB cred_blob    = { m_cert->cbCertEncoded,         m_cert->pbCertEncoded };
     DATA_BLOB entropy_blob = { sizeof(s_entropy)    , (LPBYTE)s_entropy             };
     data_blob cred_enc;
-    if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc)) {
-        *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptProtectData failed."));
-        return false;
-    }
+    if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc))
+        throw win_runtime_error(__FUNCTION__ " CryptProtectData failed.");
 
     tstring target(target_name(pszTargetName));
 
@@ -199,46 +200,96 @@ bool eap::credentials_tls::store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **p
         NULL,                       // TargetAlias
         (LPTSTR)m_identity.c_str()  // UserName
     };
-    if (!CredWrite(&cred, 0)) {
-        *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CredWrite failed."));
-        return false;
-    }
-
-    return true;
+    if (!CredWrite(&cred, 0))
+        throw win_runtime_error(__FUNCTION__ " CredWrite failed.");
 }
 
 
-bool eap::credentials_tls::retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError)
+void eap::credentials_tls::retrieve(_In_z_ LPCTSTR pszTargetName)
 {
     assert(pszTargetName);
 
     // Read credentials.
     unique_ptr<CREDENTIAL, CredFree_delete<CREDENTIAL> > cred;
-    if (!CredRead(target_name(pszTargetName).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred)) {
-        *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CredRead failed."));
-        return false;
-    }
+    if (!CredRead(target_name(pszTargetName).c_str(), CRED_TYPE_GENERIC, 0, (PCREDENTIAL*)&cred))
+        throw win_runtime_error(__FUNCTION__ " CredRead failed.");
 
     // Decrypt the certificate using user's key.
     DATA_BLOB cred_enc     = { cred->CredentialBlobSize, cred->CredentialBlob };
     DATA_BLOB entropy_blob = { sizeof(s_entropy)       , (LPBYTE)s_entropy    };
     data_blob cred_int;
-    if (!CryptUnprotectData(&cred_enc, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_VERIFY_PROTECTION, &cred_int)) {
-        *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" CryptUnprotectData failed."));
-        return false;
-    }
+    if (!CryptUnprotectData(&cred_enc, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_VERIFY_PROTECTION, &cred_int))
+        throw win_runtime_error(__FUNCTION__ " CryptUnprotectData failed.");
 
     bool bResult = m_cert.create(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cred_int.pbData, cred_int.cbData);
     SecureZeroMemory(cred_int.pbData, cred_int.cbData);
-    if (!bResult) {
-        *ppEapError = m_module.make_error(GetLastError(), _T(__FUNCTION__) _T(" Error loading certificate."));
-        return false;
+    if (!bResult)
+        throw win_runtime_error(__FUNCTION__ " Error loading certificate.");
+
+    if (cred->UserName)
+        m_identity = cred->UserName;
+    else
+        m_identity.clear();
+
+    wstring xpath(pszTargetName);
+    m_module.log_config((xpath + L"/Identity").c_str(), m_identity.c_str());
+    m_module.log_config((xpath + L"/Certificate").c_str(), get_name().c_str());
+}
+
+
+LPCTSTR eap::credentials_tls::target_suffix() const
+{
+    return _T("TLS");
+}
+
+
+std::wstring eap::credentials_tls::get_identity() const
+{
+    if (!m_identity.empty()) {
+        return m_identity;
+    } else if (m_cert) {
+        wstring identity;
+        CertGetNameString(m_cert, CERT_NAME_EMAIL_TYPE, 0, NULL, identity);
+        return identity;
+    } else
+        return L"";
+}
+
+
+eap::credentials::source_t eap::credentials_tls::combine(
+    _In_       const credentials_tls   *cred_cached,
+    _In_       const config_method_tls &cfg,
+    _In_opt_z_       LPCTSTR           pszTargetName)
+{
+    if (cred_cached) {
+        // Using EAP service cached credentials.
+        *this = *cred_cached;
+        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank);
+        return source_cache;
     }
 
-    // Generate identity. TODO: Find which CERT_NAME_... constant returns valid identity (username@domain or DOMAIN\Username).
-    CertGetNameString(m_cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, m_identity);
+    if (cfg.m_use_preshared) {
+        // Using preshared credentials.
+        *this = *(credentials_tls*)cfg.m_preshared.get();
+        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank);
+        return source_preshared;
+    }
 
-    return true;
+    if (pszTargetName) {
+        try {
+            credentials_tls cred_loaded(m_module);
+            cred_loaded.retrieve(pszTargetName);
+
+            // Using stored credentials.
+            *this = std::move(cred_loaded);
+            m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank);
+            return source_storage;
+        } catch (...) {
+            // Not actually an error.
+        }
+    }
+
+    return source_unknown;
 }
 
 

lib/TLS/src/StdAfx.h

@@ -22,7 +22,16 @@
 
 #include "../include/Config.h"
 #include "../include/Credentials.h"
+#include "../include/Method.h"
+#include "../include/TLS.h"
 
 #include "../../EAPBase/include/EAPXML.h"
 
 #include <WinStd/Cred.h>
+#include <WinStd/EAP.h>
+
+#include <EapHostError.h>
+#include <schnlsp.h>
+#include <time.h>
+
+#include <algorithm>

lib/TLS/src/TLS.cpp

@@ -0,0 +1,432 @@
+/*
+    Copyright 2015-2016 Amebis
+    Copyright 2016 G<>ANT
+
+    This file is part of G<>ANTLink.
+
+    G<>ANTLink is free software: you can redistribute it and/or modify it
+    under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    G<>ANTLink is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with G<>ANTLink. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "StdAfx.h"
+
+using namespace std;
+using namespace winstd;
+
+
+//////////////////////////////////////////////////////////////////////
+// eap::tls_version
+//////////////////////////////////////////////////////////////////////
+
+const eap::tls_version eap::tls_version_1_0 = { 3, 1 };
+const eap::tls_version eap::tls_version_1_1 = { 3, 2 };
+const eap::tls_version eap::tls_version_1_2 = { 3, 3 };
+
+
+//////////////////////////////////////////////////////////////////////
+// eap::tls_random
+//////////////////////////////////////////////////////////////////////
+
+void eap::tls_random::randomize(_In_ HCRYPTPROV cp)
+{
+    _time32((__time32_t*)data);
+    if (!CryptGenRandom(cp, sizeof(data) - sizeof(__time32_t), data + sizeof(__time32_t)))
+        throw win_runtime_error(__FUNCTION__ " Error creating randomness.");
+}
+
+
+//////////////////////////////////////////////////////////////////////
+// eap::tls_master_secret
+//////////////////////////////////////////////////////////////////////
+
+eap::tls_master_secret::tls_master_secret()
+{
+}
+
+
+eap::tls_master_secret::tls_master_secret(_In_ HCRYPTPROV cp, _In_ tls_version ver)
+{
+    data[0] = ver.major;
+    data[1] = ver.minor;
+
+    if (!CryptGenRandom(cp, sizeof(data) - 2, data + 2))
+        throw win_runtime_error(__FUNCTION__ " Error creating PMS randomness.");
+}
+
+
+eap::tls_master_secret::tls_master_secret(_In_ const sanitizing_blob_f<48> &other) :
+    sanitizing_blob_xf<48>(other)
+{
+}
+
+
+#ifdef _DEBUG
+
+eap::tls_master_secret::tls_master_secret(_Inout_ sanitizing_blob_zf<48> &&other) :
+    sanitizing_blob_xf<48>(std::move(other))
+{
+}
+
+#endif
+
+
+//////////////////////////////////////////////////////////////////////
+// eap::hmac_padding
+//////////////////////////////////////////////////////////////////////
+
+eap::hmac_padding::hmac_padding()
+{
+}
+
+
+eap::hmac_padding::hmac_padding(
+            _In_                               HCRYPTPROV    cp,
+            _In_                               ALG_ID        alg,
+            _In_bytecount_(size_secret ) const void          *secret,
+            _In_                               size_t        size_secret,
+            _In_opt_                           unsigned char pad)
+{
+    if (size_secret > sizeof(hmac_padding)) {
+        // If the secret is longer than padding, use secret's hash instead.
+        crypt_hash hash;
+        if (!hash.create(cp, alg))
+            throw win_runtime_error(__FUNCTION__ " Error creating hash.");
+        if (!CryptHashData(hash, (const BYTE*)secret, (DWORD)size_secret, 0))
+            throw win_runtime_error(__FUNCTION__ " Error hashing.");
+        DWORD size_hash = sizeof(hmac_padding);
+        if (!CryptGetHashParam(hash, HP_HASHVAL, data, &size_hash, 0))
+            throw win_runtime_error(__FUNCTION__ " Error finishing hash.");
+        size_secret = size_hash;
+    } else
+        memcpy(data, secret, size_secret);
+    for (size_t i = 0; i < size_secret; i++)
+        data[i] ^= pad;
+    memset(data + size_secret, pad, sizeof(hmac_padding) - size_secret);
+}
+
+
+eap::hmac_padding::hmac_padding(_In_ const sanitizing_blob_f<64> &other) :
+    sanitizing_blob_xf<64>(other)
+{
+}
+
+
+#ifdef _DEBUG
+
+eap::hmac_padding::hmac_padding(_Inout_ sanitizing_blob_zf<64> &&other) :
+    sanitizing_blob_xf<64>(std::move(other))
+{
+}
+
+#endif
+
+
+//////////////////////////////////////////////////////////////////////
+// eap::hmac_hash
+//////////////////////////////////////////////////////////////////////
+
+eap::hmac_hash::hmac_hash(
+    _In_                               HCRYPTPROV cp,
+    _In_                               ALG_ID     alg,
+    _In_bytecount_(size_secret ) const void       *secret,
+    _In_                               size_t     size_secret)
+{
+    // Prepare inner padding and forward to the other constructor.
+    this->hmac_hash::hmac_hash(cp, alg, hmac_padding(cp, alg, secret, size_secret));
+}
+
+
+eap::hmac_hash::hmac_hash(
+    _In_       HCRYPTPROV   cp,
+    _In_       ALG_ID       alg,
+    _In_ const hmac_padding &padding)
+{
+    // Create inner hash.
+    if (!m_hash_inner.create(cp, alg))
+        throw win_runtime_error(__FUNCTION__ " Error creating inner hash.");
+
+    // Initialize it with the inner padding.
+    if (!CryptHashData(m_hash_inner, padding.data, sizeof(hmac_padding), 0))
+        throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding.");
+
+    // Convert inner padding to outer padding for final calculation.
+    hmac_padding padding_out;
+    for (size_t i = 0; i < sizeof(hmac_padding); i++)
+        padding_out.data[i] = padding.data[i] ^ (0x36 ^ 0x5c);
+
+    // Create outer hash.
+    if (!m_hash_outer.create(cp, alg))
+        throw win_runtime_error(__FUNCTION__ " Error creating outer hash.");
+
+    // Initialize it with the outer padding.
+    if (!CryptHashData(m_hash_outer, padding_out.data, sizeof(hmac_padding), 0))
+        throw win_runtime_error(__FUNCTION__ " Error hashing secret XOR inner padding.");
+}
+
+
+//////////////////////////////////////////////////////////////////////
+// eap::tls_conn_state
+//////////////////////////////////////////////////////////////////////
+
+eap::tls_conn_state::tls_conn_state()
+#ifdef _DEBUG
+    // Initialize state primitive members for diagnostic purposes.
+    :
+    m_prov_name     (NULL),
+    m_prov_type     (0),
+    m_alg_encrypt   (0),
+    m_size_enc_key  (0),
+    m_size_enc_iv   (0),
+    m_size_enc_block(0),
+    m_alg_mac       (0),
+    m_size_mac_key  (0),
+    m_size_mac_hash (0)
+#endif
+{
+}
+
+
+eap::tls_conn_state::tls_conn_state(_In_ const tls_conn_state &other) :
+    m_prov_name     (other.m_prov_name     ),
+    m_prov_type     (other.m_prov_type     ),
+    m_alg_encrypt   (other.m_alg_encrypt   ),
+    m_size_enc_key  (other.m_size_enc_key  ),
+    m_size_enc_iv   (other.m_size_enc_iv   ),
+    m_size_enc_block(other.m_size_enc_block),
+    m_key           (other.m_key           ),
+    m_alg_mac       (other.m_alg_mac       ),
+    m_size_mac_key  (other.m_size_mac_key  ),
+    m_size_mac_hash (other.m_size_mac_hash ),
+    m_padding_hmac  (other.m_padding_hmac  )
+{
+}
+
+
+eap::tls_conn_state::tls_conn_state(_Inout_ tls_conn_state &&other) :
+    m_prov_name     (std::move(other.m_prov_name     )),
+    m_prov_type     (std::move(other.m_prov_type     )),
+    m_alg_encrypt   (std::move(other.m_alg_encrypt   )),
+    m_size_enc_key  (std::move(other.m_size_enc_key  )),
+    m_size_enc_iv   (std::move(other.m_size_enc_iv   )),
+    m_size_enc_block(std::move(other.m_size_enc_block)),
+    m_key           (std::move(other.m_key           )),
+    m_alg_mac       (std::move(other.m_alg_mac       )),
+    m_size_mac_key  (std::move(other.m_size_mac_key  )),
+    m_size_mac_hash (std::move(other.m_size_mac_hash )),
+    m_padding_hmac  (std::move(other.m_padding_hmac  ))
+{
+#ifdef _DEBUG
+    // Reinitialize other state primitive members for diagnostic purposes.
+    other.m_prov_name      = NULL;
+    other.m_prov_type      = 0;
+    other.m_alg_encrypt    = 0;
+    other.m_size_enc_key   = 0;
+    other.m_size_enc_iv    = 0;
+    other.m_size_enc_block = 0;
+    other.m_alg_mac        = 0;
+    other.m_size_mac_key   = 0;
+    other.m_size_mac_hash  = 0;
+#endif
+}
+
+
+eap::tls_conn_state& eap::tls_conn_state::operator=(_In_ const tls_conn_state &other)
+{
+    if (this != std::addressof(other)) {
+        m_prov_name      = other.m_prov_name     ;
+        m_prov_type      = other.m_prov_type     ;
+        m_alg_encrypt    = other.m_alg_encrypt   ;
+        m_size_enc_key   = other.m_size_enc_key  ;
+        m_size_enc_iv    = other.m_size_enc_iv   ;
+        m_size_enc_block = other.m_size_enc_block;
+        m_key            = other.m_key           ;
+        m_alg_mac        = other.m_alg_mac       ;
+        m_size_mac_key   = other.m_size_mac_key  ;
+        m_size_mac_hash  = other.m_size_mac_hash ;
+        m_padding_hmac   = other.m_padding_hmac  ;
+    }
+
+    return *this;
+}
+
+
+eap::tls_conn_state& eap::tls_conn_state::operator=(_Inout_ tls_conn_state &&other)
+{
+    if (this != std::addressof(other)) {
+        m_prov_name      = std::move(other.m_prov_name     );
+        m_prov_type      = std::move(other.m_prov_type     );
+        m_alg_encrypt    = std::move(other.m_alg_encrypt   );
+        m_size_enc_key   = std::move(other.m_size_enc_key  );
+        m_size_enc_iv    = std::move(other.m_size_enc_iv   );
+        m_size_enc_block = std::move(other.m_size_enc_block);
+        m_key            = std::move(other.m_key           );
+        m_alg_mac        = std::move(other.m_alg_mac       );
+        m_size_mac_key   = std::move(other.m_size_mac_key  );
+        m_size_mac_hash  = std::move(other.m_size_mac_hash );
+        m_padding_hmac   = std::move(other.m_padding_hmac  );
+
+#ifdef _DEBUG
+        // Reinitialize other state primitive members for diagnostic purposes.
+        other.m_prov_name      = NULL;
+        other.m_prov_type      = 0;
+        other.m_alg_encrypt    = 0;
+        other.m_size_enc_key   = 0;
+        other.m_size_enc_iv    = 0;
+        other.m_size_enc_block = 0;
+        other.m_alg_mac        = 0;
+        other.m_size_mac_key   = 0;
+        other.m_size_mac_hash  = 0;
+#endif
+    }
+
+    return *this;
+}
+
+
+void eap::tls_conn_state::set_cipher(_In_ const unsigned char cipher[2])
+{
+    if (cipher[0] == 0x00 && cipher[1] == 0x0a) {
+        // TLS_RSA_WITH_3DES_EDE_CBC_SHA
+        m_prov_name      = NULL;
+        m_prov_type      = PROV_RSA_AES;
+        m_alg_encrypt    = CALG_3DES;
+        m_size_enc_key   = 192/8; // 3DES 192bits
+        m_size_enc_iv    = 64/8;  // 3DES 64bits
+        m_size_enc_block = 64/8;  // 3DES 64bits
+        m_alg_mac        = CALG_SHA1;
+        m_size_mac_key   = 160/8; // SHA-1
+        m_size_mac_hash  = 160/8; // SHA-1
+    } else if (cipher[0] == 0x00 && cipher[1] == 0x2f) {
+        // TLS_RSA_WITH_AES_128_CBC_SHA
+        m_prov_name      = NULL;
+        m_prov_type      = PROV_RSA_AES;
+        m_alg_encrypt    = CALG_AES_128;
+        m_size_enc_key   = 128/8; // AES-128
+        m_size_enc_iv    = 128/8; // AES-128
+        m_size_enc_block = 128/8; // AES-128
+        m_alg_mac        = CALG_SHA1;
+        m_size_mac_key   = 160/8; // SHA-1
+        m_size_mac_hash  = 160/8; // SHA-1
+    } else if (cipher[0] == 0x00 && cipher[1] == 0x3c) {
+        // AES128-SHA256
+        m_prov_name      = NULL;
+        m_prov_type      = PROV_RSA_AES;
+        m_alg_encrypt    = CALG_AES_128;
+        m_size_enc_key   = 128/8; // AES-128
+        m_size_enc_iv    = 128/8; // AES-128
+        m_size_enc_block = 128/8; // AES-128
+        m_alg_mac        = CALG_SHA_256;
+        m_size_mac_key   = 256/8; // SHA-256
+        m_size_mac_hash  = 256/8; // SHA-256
+    } else if (cipher[0] == 0x00 && cipher[1] == 0x3d) {
+        // AES256-SHA256
+        m_prov_name      = MS_ENH_RSA_AES_PROV;
+        m_prov_type      = PROV_RSA_AES;
+        m_alg_encrypt    = CALG_AES_256;
+        m_size_enc_key   = 256/8; // AES-256
+        m_size_enc_iv    = 128/8; // AES-256
+        m_size_enc_block = 128/8; // AES-256
+        m_alg_mac        = CALG_SHA_256;
+        m_size_mac_key   = 256/8; // SHA-256
+        m_size_mac_hash  = 256/8; // SHA-256
+    } else if (cipher[0] == 0x00 && cipher[1] == 0x40) {
+        // DHE-DSS-AES128-SHA256
+        m_prov_name      = MS_ENH_DSS_DH_PROV;
+        m_prov_type      = PROV_DSS_DH;
+        m_alg_encrypt    = CALG_AES_128;
+        m_size_enc_key   = 128/8; // AES-128
+        m_size_enc_iv    = 128/8; // AES-128
+        m_size_enc_block = 128/8; // AES-128
+        m_alg_mac        = CALG_SHA_256;
+        m_size_mac_key   = 256/8; // SHA-256
+        m_size_mac_hash  = 256/8; // SHA-256
+    } else if (cipher[0] == 0x00 && cipher[1] == 0x67) {
+        // DHE-RSA-AES128-SHA256
+        m_prov_name      = MS_DEF_DH_SCHANNEL_PROV;
+        m_prov_type      = PROV_DH_SCHANNEL;
+        m_alg_encrypt    = CALG_AES_128;
+        m_size_enc_key   = 128/8; // AES-128
+        m_size_enc_iv    = 128/8; // AES-128
+        m_size_enc_block = 128/8; // AES-128
+        m_alg_mac        = CALG_SHA_256;
+        m_size_mac_key   = 256/8; // SHA-256
+        m_size_mac_hash  = 256/8; // SHA-256
+    } else if (cipher[0] == 0x00 && cipher[1] == 0x6a) {
+        // DHE-DSS-AES256-SHA256
+        m_prov_name      = MS_ENH_DSS_DH_PROV;
+        m_prov_type      = PROV_DSS_DH;
+        m_alg_encrypt    = CALG_AES_256;
+        m_size_enc_key   = 256/8; // AES-256
+        m_size_enc_iv    = 128/8; // AES-256
+        m_size_enc_block = 128/8; // AES-256
+        m_alg_mac        = CALG_SHA_256;
+        m_size_mac_key   = 256/8; // SHA-256
+        m_size_mac_hash  = 256/8; // SHA-256
+    } else if (cipher[0] == 0x00 && cipher[1] == 0x6b) {
+        // DHE-RSA-AES256-SHA256
+        m_prov_name      = MS_DEF_DH_SCHANNEL_PROV;
+        m_prov_type      = PROV_DH_SCHANNEL;
+        m_alg_encrypt    = CALG_AES_256;
+        m_size_enc_key   = 256/8; // AES-256
+        m_size_enc_iv    = 128/8; // AES-256
+        m_size_enc_block = 128/8; // AES-256
+        m_alg_mac        = CALG_SHA_256;
+        m_size_mac_key   = 256/8; // SHA-256
+        m_size_mac_hash  = 256/8; // SHA-256
+    } else if (cipher[0] == 0xc0 && cipher[1] == 0x23) {
+        // ECDHE-ECDSA-AES128-SHA256
+        m_prov_name      = MS_ENH_DSS_DH_PROV;
+        m_prov_type      = PROV_DSS_DH;
+        m_alg_encrypt    = CALG_AES_128;
+        m_size_enc_key   = 128/8; // AES-128
+        m_size_enc_iv    = 128/8; // AES-128
+        m_size_enc_block = 128/8; // AES-128
+        m_alg_mac        = CALG_SHA_256;
+        m_size_mac_key   = 256/8; // SHA-256
+        m_size_mac_hash  = 256/8; // SHA-256
+    } else if (cipher[0] == 0xc0 && cipher[1] == 0x24) {
+        // ECDHE-ECDSA-AES256-SHA384
+        m_prov_name      = MS_ENH_DSS_DH_PROV;
+        m_prov_type      = PROV_DSS_DH;
+        m_alg_encrypt    = CALG_AES_256;
+        m_size_enc_key   = 256/8; // AES-256
+        m_size_enc_iv    = 128/8; // AES-256
+        m_size_enc_block = 128/8; // AES-256
+        m_alg_mac        = CALG_SHA_384;
+        m_size_mac_key   = 384/8; // SHA-384
+        m_size_mac_hash  = 384/8; // SHA-384
+    } else if (cipher[0] == 0xc0 && cipher[1] == 0x27) {
+        // ECDHE-RSA-AES128-SHA256
+        m_prov_name      = MS_ENH_DSS_DH_PROV;
+        m_prov_type      = PROV_DSS_DH;
+        m_alg_encrypt    = CALG_AES_128;
+        m_size_enc_key   = 128/8; // AES-128
+        m_size_enc_iv    = 128/8; // AES-128
+        m_size_enc_block = 128/8; // AES-128
+        m_alg_mac        = CALG_SHA_256;
+        m_size_mac_key   = 256/8; // SHA-256
+        m_size_mac_hash  = 256/8; // SHA-256
+    } else if (cipher[0] == 0xc0 && cipher[1] == 0x28) {
+        // ECDHE-RSA-AES256-SHA384
+        m_prov_name      = MS_ENH_DSS_DH_PROV;
+        m_prov_type      = PROV_DSS_DH;
+        m_alg_encrypt    = CALG_AES_256;
+        m_size_enc_key   = 256/8; // AES-256
+        m_size_enc_iv    = 128/8; // AES-256
+        m_size_enc_block = 128/8; // AES-256
+        m_alg_mac        = CALG_SHA_384;
+        m_size_mac_key   = 384/8; // SHA-384
+        m_size_mac_hash  = 384/8; // SHA-384
+    } else
+        throw win_runtime_error(ERROR_NOT_SUPPORTED, string_printf(__FUNCTION__ " Unknown cipher (received 0x%02x%02x).", cipher[0], cipher[1]));
+}

lib/TLS_UI/include/TLS_UI.h

@@ -27,8 +27,8 @@
 #include <wx/filedlg.h>
 #include <wx/msgdlg.h>
 
-#include <cryptuiapi.h>
 #include <Windows.h>
+#include <cryptuiapi.h>
 #include <WinCrypt.h> // Must include after <Windows.h>
 
 #include <list>
@@ -56,32 +56,24 @@ class wxFQDNValidator;
 class wxFQDNListValidator;
 
 ///
-/// EAPTLS credential panel
+/// TLS credential panel
 ///
-template <class _Tprov> class wxEAPTLSCredentialsPanel;
+class wxTLSCredentialsPanel;
 
 ///
-/// EAPTLS server trust configuration panel
+/// TLS server trust configuration panel
 ///
-template <class _Tprov> class wxEAPTLSServerTrustPanel;
+class wxTLSServerTrustPanel;
 
 ///
 /// TLS credentials configuration panel
 ///
-template <class _Tprov> class wxEAPTLSCredentialsConfigPanel;
+typedef wxEAPCredentialsConfigPanel<eap::credentials_tls, wxTLSCredentialsPanel> wxTLSCredentialsConfigPanel;
 
 ///
-/// EAPTLS configuration panel
+/// TLS configuration panel
 ///
-template <class _Tprov> class wxEAPTLSConfigPanel;
-
-namespace eap
-{
-    ///
-    /// Helper function to compile human-readable certificate name for UI display
-    ///
-    void get_cert_title(PCCERT_CONTEXT cert, winstd::tstring &title);
-}
+class wxTLSConfigPanel;
 
 #pragma once
 
@@ -127,7 +119,7 @@ public:
     ///
     /// Construct the validator with a value to store data
     ///
-    wxHostNameValidator(std::string *val = NULL);
+    wxHostNameValidator(std::wstring *val = NULL);
 
     ///
     /// Copy constructor
@@ -157,10 +149,10 @@ public:
     ///
     /// Parses FQDN value
     ///
-    static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::string *val_out = NULL);
+    static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL);
 
 protected:
-    std::string *m_val; ///< Pointer to variable to receive control's parsed value
+    std::wstring *m_val; ///< Pointer to variable to receive control's parsed value
 };
 
 
@@ -173,7 +165,7 @@ public:
     ///
     /// Construct the validator with a value to store data
     ///
-    wxFQDNValidator(std::string *val = NULL);
+    wxFQDNValidator(std::wstring *val = NULL);
 
     ///
     /// Copy constructor
@@ -203,10 +195,10 @@ public:
     ///
     /// Parses FQDN value
     ///
-    static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::string *val_out = NULL);
+    static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out = NULL);
 
 protected:
-    std::string *m_val; ///< Pointer to variable to receive control's parsed value
+    std::wstring *m_val; ///< Pointer to variable to receive control's parsed value
 };
 
 
@@ -219,7 +211,7 @@ public:
     ///
     /// Construct the validator with a value to store data
     ///
-    wxFQDNListValidator(std::list<std::string> *val = NULL);
+    wxFQDNListValidator(std::list<std::wstring> *val = NULL);
 
     ///
     /// Copy constructor
@@ -249,257 +241,58 @@ public:
     ///
     /// Parses FQDN list value
     ///
-    static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::string> *val_out = NULL);
+    static bool Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::wstring> *val_out = NULL);
 
 protected:
-    std::list<std::string> *m_val;  ///< Pointer to variable to receive control's parsed value
+    std::list<std::wstring> *m_val;  ///< Pointer to variable to receive control's parsed value
 };
 
 
-template <class _Tprov>
-class wxEAPTLSCredentialsPanel : public wxCredentialsPanel<eap::credentials_tls, wxEAPTLSCredentialsPanelBase>
+class wxTLSCredentialsPanel : public wxEAPCredentialsPanelBase<eap::credentials_tls, wxTLSCredentialsPanelBase>
 {
 public:
     ///
     /// Constructs a configuration panel
     ///
-    wxEAPTLSCredentialsPanel(_Tprov &prov, eap::credentials_tls &cred, LPCTSTR pszCredTarget, wxWindow* parent, bool is_config = false) :
-        wxCredentialsPanel<eap::credentials_tls, wxEAPTLSCredentialsPanelBase>(cred, pszCredTarget, parent, is_config)
-    {
-        UNREFERENCED_PARAMETER(prov);
-
-        // Load and set icon.
-        if (m_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
-            wxSetIconFromResource(m_credentials_icon, m_icon, m_shell32, MAKEINTRESOURCE(269));
-    }
+    /// \param[in]    prov           Provider configuration data
+    /// \param[in]    cfg            Configuration data
+    /// \param[inout] cred           Credentials data
+    /// \param[in]    pszCredTarget  Target name of credentials in Windows Credential Manager. Can be further decorated to create final target name.
+    /// \param[in]    parent         Parent window
+    /// \param[in]    is_config      Is this panel used to pre-enter credentials? When \c true, the "Remember" checkbox is always selected and disabled.
+    ///
+    wxTLSCredentialsPanel(const eap::config_provider &prov, const eap::config_method_with_cred &cfg, eap::credentials_tls &cred, LPCTSTR pszCredTarget, wxWindow* parent, bool is_config = false);
 
 protected:
     /// \cond internal
-
-    virtual bool TransferDataToWindow()
-    {
-        // Populate certificate list.
-        bool is_found = false;
-        winstd::cert_store store;
-        if (store.create(CERT_STORE_PROV_SYSTEM, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, (HCRYPTPROV)NULL, CERT_SYSTEM_STORE_CURRENT_USER, _T("My"))) {
-            for (PCCERT_CONTEXT cert = NULL; (cert = CertEnumCertificatesInStore(store, cert)) != NULL;) {
-                DWORD dwKeySpec = 0, dwSize = sizeof(dwKeySpec);
-                if (!CertGetCertificateContextProperty(cert, CERT_KEY_SPEC_PROP_ID, &dwKeySpec, &dwSize) || !dwKeySpec) {
-                    // Skip certificates without private key.
-                    continue;
-                }
-
-                // Prepare certificate information.
-                std::unique_ptr<wxCertificateClientData> data(new wxCertificateClientData(CertDuplicateCertificateContext(cert)));
-
-                // Add to list.
-                bool is_selected =
-                    m_cred.m_cert &&
-                    m_cred.m_cert->cbCertEncoded == data->m_cert->cbCertEncoded &&
-                    memcmp(m_cred.m_cert->pbCertEncoded, data->m_cert->pbCertEncoded, m_cred.m_cert->cbCertEncoded) == 0;
-                winstd::tstring name;
-                eap::get_cert_title(cert, name);
-                int i = m_cert_select_val->Append(name, data.release());
-                if (is_selected) {
-                    m_cert_select_val->SetSelection(i);
-                    is_found = true;
-                }
-            }
-        }
-
-        if (is_found) {
-            m_cert_select    ->SetValue(true);
-            m_cert_select_val->Enable(true);
-        } else {
-            m_cert_none      ->SetValue(true);
-            m_cert_select_val->Enable(false);
-            if (!m_cert_select_val->IsEmpty())
-                m_cert_select_val->SetSelection(0);
-        }
-
-        return __super::TransferDataToWindow();
-    }
-
-
-    virtual bool TransferDataFromWindow()
-    {
-        if (m_cert_none->GetValue())
-            m_cred.clear();
-        else {
-            const wxCertificateClientData *data = dynamic_cast<const wxCertificateClientData*>(m_cert_select_val->GetClientObject(m_cert_select_val->GetSelection()));
-            if (data) {
-                m_cred.m_cert.attach_duplicated(data->m_cert);
-
-                // Generate identity. TODO: Find which CERT_NAME_... constant returns valid identity (username@domain or DOMAIN\Username).
-                CertGetNameString(m_cred.m_cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, m_cred.m_identity);
-            } else
-                m_cred.clear();
-        }
-
-        // Inherited TransferDataFromWindow() calls m_cred.store().
-        // Therefore, call it only now, that m_cred is set.
-        return __super::TransferDataFromWindow();
-    }
-
-
-    virtual void OnCertSelect(wxCommandEvent& event)
-    {
-        UNREFERENCED_PARAMETER(event);
-        m_cert_select_val->Enable(m_cert_select->GetValue());
-    }
-
+    virtual bool TransferDataToWindow();
+    virtual bool TransferDataFromWindow();
+    virtual void OnUpdateUI(wxUpdateUIEvent& event);
     /// \endcond
 
 protected:
-    winstd::library m_shell32;  ///< shell32.dll resource library reference
-    wxIcon m_icon;              ///< Panel icon
+    winstd::library m_shell32;      ///< shell32.dll resource library reference
+    wxIcon m_icon;                  ///< Panel icon
 };
 
 
-template <class _Tprov>
-class wxEAPTLSServerTrustPanel : public wxEAPTLSServerTrustConfigPanelBase
+class wxTLSServerTrustPanel : public wxEAPTLSServerTrustConfigPanelBase
 {
 public:
     ///
     /// Constructs a configuration panel
     ///
-    wxEAPTLSServerTrustPanel(_Tprov &prov, eap::config_tls &cfg, wxWindow* parent) :
-        m_prov(prov),
-        m_cfg(cfg),
-        wxEAPTLSServerTrustConfigPanelBase(parent)
-    {
-        // Load and set icon.
-        if (m_certmgr.load(_T("certmgr.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
-            wxSetIconFromResource(m_server_trust_icon, m_icon, m_certmgr, MAKEINTRESOURCE(218));
-
-        // Do not use cfg.m_server_names directly, so we can decide not to store the value in case of provider-locked configuration.
-        // Never rely on control disabled state alone, as they can be enabled using external tool like Spy++.
-        m_server_names->SetValidator(wxFQDNListValidator(&m_server_names_val));
-    }
+    wxTLSServerTrustPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, wxWindow* parent);
 
 protected:
     /// \cond internal
-
-    virtual bool TransferDataToWindow()
-    {
-        if (m_prov.m_read_only) {
-            // This is provider-locked configuration. Disable controls.
-            m_root_ca_add_store->Enable(false);
-            m_root_ca_add_file ->Enable(false);
-            m_root_ca_remove   ->Enable(false);
-            m_server_names     ->Enable(false);
-        }
-
-        // Populate trusted CA list.
-        for (std::list<winstd::cert_context>::const_iterator cert = m_cfg.m_trusted_root_ca.cbegin(), cert_end = m_cfg.m_trusted_root_ca.cend(); cert != cert_end; ++cert) {
-            winstd::tstring name;
-            if (CertGetNameString(*cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, name) > 0)
-                m_root_ca->Append(wxString(name), new wxCertificateClientData(cert->duplicate()));
-        }
-
-        // Set server acceptable names. The edit control will get populated by validator.
-        m_server_names_val = m_cfg.m_server_names;
-
-        return wxEAPTLSServerTrustConfigPanelBase::TransferDataToWindow();
-    }
-
-
-    virtual bool TransferDataFromWindow()
-    {
-        wxCHECK(wxEAPTLSServerTrustConfigPanelBase::TransferDataFromWindow(), false);
-
-        if (!m_prov.m_read_only) {
-            // This is not a provider-locked configuration. Save the data.
-
-            // Parse trusted CA list.
-            m_cfg.m_trusted_root_ca.clear();
-            for (unsigned int i = 0, i_end = m_root_ca->GetCount(); i < i_end; i++) {
-                wxCertificateClientData *cert = dynamic_cast<wxCertificateClientData*>(m_root_ca->GetClientObject(i));
-                if (cert)
-                    m_cfg.add_trusted_ca(cert->m_cert->dwCertEncodingType, cert->m_cert->pbCertEncoded, cert->m_cert->cbCertEncoded);
-            }
-
-            // Save acceptable server names.
-            m_cfg.m_server_names = m_server_names_val;
-        }
-
-        return true;
-    }
-
-
-    virtual void OnUpdateUI(wxUpdateUIEvent& event)
-    {
-        UNREFERENCED_PARAMETER(event);
-
-        if (!m_prov.m_read_only) {
-            // This is not a provider-locked configuration. Selectively enable/disable controls.
-            wxArrayInt selections;
-            m_root_ca_remove->Enable(m_root_ca->GetSelections(selections) ? true : false);
-        }
-    }
-
-
-    virtual void OnRootCADClick(wxCommandEvent& event)
-    {
-        wxCertificateClientData *cert = dynamic_cast<wxCertificateClientData*>(event.GetClientObject());
-        if (cert)
-            CryptUIDlgViewContext(CERT_STORE_CERTIFICATE_CONTEXT, cert->m_cert, this->GetHWND(), NULL, 0, NULL);
-    }
-
-
-    virtual void OnRootCAAddStore(wxCommandEvent& event)
-    {
-        UNREFERENCED_PARAMETER(event);
-
-        winstd::cert_store store;
-        if (store.create(NULL, _T("ROOT"))) {
-            winstd::cert_context cert;
-            cert.attach(CryptUIDlgSelectCertificateFromStore(store, this->GetHWND(), NULL, NULL, 0, 0, NULL));
-            if (cert)
-                AddRootCA(cert);
-        }
-    }
-
-
-    virtual void OnRootCAAddFile(wxCommandEvent& event)
-    {
-        UNREFERENCED_PARAMETER(event);
-
-        const wxString separator(wxT("|"));
-        wxFileDialog open_dialog(this, _("Add Certificate"), wxEmptyString, wxEmptyString,
-            _("Certificate Files (*.cer;*.crt;*.der;*.p7b;*.pem)") + separator + wxT("*.cer;*.crt;*.der;*.p7b;*.pem") + separator +
-            _("X.509 Certificate Files (*.cer;*.crt;*.der;*.pem)") + separator + wxT("*.cer;*.crt;*.der;*.pem") + separator +
-            _("PKCS #7 Certificate Files (*.p7b)") + separator + wxT("*.p7b") + separator +
-            _("All Files (*.*)") + separator + wxT("*.*"),
-            wxFD_OPEN|wxFD_FILE_MUST_EXIST|wxFD_MULTIPLE);
-        if (open_dialog.ShowModal() == wxID_CANCEL) {
-            event.Skip();
-            return;
-        }
-
-        wxArrayString paths;
-        open_dialog.GetPaths(paths);
-        for (size_t i = 0, i_end = paths.GetCount(); i < i_end; i++) {
-            // Load certificate(s) from file.
-            winstd::cert_store cs;
-            if (cs.create(CERT_STORE_PROV_FILENAME, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, NULL, CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG, (LPCTSTR)(paths[i]))) {
-                for (PCCERT_CONTEXT cert = NULL; (cert = CertEnumCertificatesInStore(cs, cert)) != NULL;)
-                    AddRootCA(cert);
-            } else
-                wxMessageBox(wxString::Format(_("Invalid or unsupported certificate file %s"), paths[i]), _("Error"), wxOK | wxICON_EXCLAMATION, this);
-        }
-    }
-
-
-    virtual void OnRootCARemove(wxCommandEvent& event)
-    {
-        UNREFERENCED_PARAMETER(event);
-
-        wxArrayInt selections;
-        for (int i = m_root_ca->GetSelections(selections); i--; )
-            m_root_ca->Delete(selections[i]);
-    }
-
+    virtual bool TransferDataToWindow();
+    virtual bool TransferDataFromWindow();
+    virtual void OnUpdateUI(wxUpdateUIEvent& event);
+    virtual void OnRootCADClick(wxCommandEvent& event);
+    virtual void OnRootCAAddStore(wxCommandEvent& event);
+    virtual void OnRootCAAddFile(wxCommandEvent& event);
+    virtual void OnRootCARemove(wxCommandEvent& event);
     /// \endcond
 
     ///
@@ -511,110 +304,41 @@ protected:
     /// - \c true  if certificate was added;
     /// - \c false if duplicate found or an error occured.
     ///
-    bool AddRootCA(PCCERT_CONTEXT cert)
-    {
-        for (unsigned int i = 0, i_end = m_root_ca->GetCount(); i < i_end; i++) {
-            wxCertificateClientData *c = dynamic_cast<wxCertificateClientData*>(m_root_ca->GetClientObject(i));
-            if (c && c->m_cert &&
-                c->m_cert->cbCertEncoded == cert->cbCertEncoded &&
-                memcmp(c->m_cert->pbCertEncoded, cert->pbCertEncoded, cert->cbCertEncoded) == 0)
-            {
-                // This certificate is already on the list.
-                m_root_ca->SetSelection(i);
-                return false;
-            }
-        }
-
-        // Add certificate to the list.
-        winstd::tstring name;
-        if (CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, name) > 0) {
-            int i = m_root_ca->Append(wxString(name), new wxCertificateClientData(CertDuplicateCertificateContext(cert)));
-            if (0 <= i) {
-                m_root_ca->SetSelection(i);
-            }
-            return true;
-        }
-
-        return false;
-    }
+    bool AddRootCA(PCCERT_CONTEXT cert);
 
 protected:
-    _Tprov &m_prov;                             ///< EAP provider
-    eap::config_tls &m_cfg;                     ///< TLS configuration
+    const eap::config_provider &m_prov;         ///< EAP provider
+    eap::config_method_tls &m_cfg;              ///< TLS configuration
     winstd::library m_certmgr;                  ///< certmgr.dll resource library reference
     wxIcon m_icon;                              ///< Panel icon
-    std::list<std::string> m_server_names_val;  ///< Acceptable authenticating server names
+    std::list<std::wstring> m_server_names_val; ///< Acceptable authenticating server names
 };
 
 
-template <class _Tprov>
-class wxEAPTLSCredentialsConfigPanel : public wxEAPCredentialsConfigPanel<_Tprov, eap::config_tls, wxEAPTLSCredentialsPanel<_Tprov> >
-{
-public:
-    ///
-    /// Constructs a credential configuration panel
-    ///
-    /// \param[inout] prov           Provider configuration data
-    /// \param[inout] cfg            Configuration data
-    /// \param[in]    pszCredTarget  Target name of credentials in Windows Credential Manager. Can be further decorated to create final target name.
-    /// \param[in]    parent         Parent window
-    ///
-    wxEAPTLSCredentialsConfigPanel(_Tprov &prov, eap::config_tls &cfg, LPCTSTR pszCredTarget, wxWindow *parent) :
-        wxEAPCredentialsConfigPanel<_Tprov, eap::config_tls, wxEAPTLSCredentialsPanel<_Tprov> >(prov, cfg, pszCredTarget, parent)
-    {
-    }
-};
-
-
-template <class _Tprov>
-class wxEAPTLSConfigPanel : public wxPanel
+class wxTLSConfigPanel : public wxPanel
 {
 public:
     ///
     /// Constructs a configuration panel
     ///
-    wxEAPTLSConfigPanel(_Tprov &prov, eap::config_tls &cfg, LPCTSTR pszCredTarget, wxWindow* parent) : wxPanel(parent)
-    {
-        wxBoxSizer* sb_content;
-        sb_content = new wxBoxSizer( wxVERTICAL );
-
-        m_server_trust = new wxEAPTLSServerTrustPanel<_Tprov>(prov, cfg, this);
-        sb_content->Add(m_server_trust, 0, wxDOWN|wxEXPAND, 5);
-
-        m_credentials = new wxEAPTLSCredentialsConfigPanel<_Tprov>(prov, cfg, pszCredTarget, this);
-        sb_content->Add(m_credentials, 0, wxUP|wxEXPAND, 5);
-
-        this->SetSizer(sb_content);
-        this->Layout();
-
-        // Connect Events
-        this->Connect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxEAPTLSConfigPanel::OnInitDialog));
-    }
-
+    wxTLSConfigPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, LPCTSTR pszCredTarget, wxWindow* parent);
 
     ///
     /// Destructs the configuration panel
     ///
-    virtual ~wxEAPTLSConfigPanel()
-    {
-        // Disconnect Events
-        this->Disconnect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxEAPTLSConfigPanel::OnInitDialog));
-    }
+    virtual ~wxTLSConfigPanel();
 
 protected:
     /// \cond internal
-
-    virtual void OnInitDialog(wxInitDialogEvent& event)
-    {
-        // Forward the event to child panels.
-        m_server_trust->GetEventHandler()->ProcessEvent(event);
-        if (m_credentials)
-            m_credentials->GetEventHandler()->ProcessEvent(event);
-    }
-
+    virtual void OnInitDialog(wxInitDialogEvent& event);
+#if EAP_TLS < EAP_TLS_SCHANNEL
+    virtual bool TransferDataFromWindow();
+#endif
     /// \endcond
 
 protected:
-    wxEAPTLSServerTrustPanel<_Tprov> *m_server_trust;       ///< Server trust configuration panel
-    wxEAPTLSCredentialsConfigPanel<_Tprov> *m_credentials;  ///< Credentials configuration panel
+    const eap::config_provider &m_prov;          ///< EAP provider
+    eap::config_method_tls &m_cfg;               ///< TLS configuration
+    wxTLSServerTrustPanel *m_server_trust;       ///< Server trust configuration panel
+    wxTLSCredentialsConfigPanel *m_credentials;  ///< Credentials configuration panel
 };

lib/TLS_UI/res/wxTLS_UI.cpp

@@ -74,11 +74,11 @@ wxEAPTLSServerTrustConfigPanelBase::wxEAPTLSServerTrustConfigPanelBase( wxWindow
 	sb_server_names->Add( m_server_names_label, 0, wxBOTTOM, 5 );
 	
 	m_server_names = new wxTextCtrl( sb_server_trust->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
-	m_server_names->SetToolTip( _("A semicolon delimited list of acceptable server FQDN names; blank to skip name check; \"*\" wildchar allowed") );
+	m_server_names->SetToolTip( _("A semicolon delimited list of acceptable server FQDN names; blank to skip name check; Unicode characters allowed") );
 	
 	sb_server_names->Add( m_server_names, 0, wxEXPAND|wxBOTTOM, 5 );
 	
-	m_server_names_note = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("(Example: foo.bar.com;*.domain.org)"), wxDefaultPosition, wxDefaultSize, 0 );
+	m_server_names_note = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("(Example: foo.bar.com;server2.bar.com)"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_server_names_note->Wrap( -1 );
 	sb_server_names->Add( m_server_names_note, 0, wxALIGN_RIGHT, 5 );
 	
@@ -114,7 +114,7 @@ wxEAPTLSServerTrustConfigPanelBase::~wxEAPTLSServerTrustConfigPanelBase()
 	
 }
 
-wxEAPTLSCredentialsPanelBase::wxEAPTLSCredentialsPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
+wxTLSCredentialsPanelBase::wxTLSCredentialsPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
 {
 	wxStaticBoxSizer* sb_credentials;
 	sb_credentials = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("TLS Client Certificate") ), wxVERTICAL );
@@ -161,6 +161,25 @@ wxEAPTLSCredentialsPanelBase::wxEAPTLSCredentialsPanelBase( wxWindow* parent, wx
 	
 	sb_credentials_vert->Add( sb_cert_radio, 0, wxEXPAND|wxALL, 5 );
 	
+	wxBoxSizer* sb_identity;
+	sb_identity = new wxBoxSizer( wxVERTICAL );
+	
+	m_identity_label = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("Custom &identity:"), wxDefaultPosition, wxDefaultSize, 0 );
+	m_identity_label->Wrap( -1 );
+	sb_identity->Add( m_identity_label, 0, wxBOTTOM, 5 );
+	
+	m_identity = new wxTextCtrl( sb_credentials->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
+	m_identity->SetToolTip( _("Your identity (username@domain) to override one from certificate; or blank to use one provided in certificate") );
+	
+	sb_identity->Add( m_identity, 0, wxEXPAND|wxBOTTOM, 5 );
+	
+	m_identity_note = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("(Example: user@contoso.com)"), wxDefaultPosition, wxDefaultSize, 0 );
+	m_identity_note->Wrap( -1 );
+	sb_identity->Add( m_identity_note, 0, wxALIGN_RIGHT, 5 );
+	
+	
+	sb_credentials_vert->Add( sb_identity, 1, wxEXPAND|wxALL, 5 );
+	
 	m_remember = new wxCheckBox( sb_credentials->GetStaticBox(), wxID_ANY, _("&Remember"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_remember->SetHelpText( _("Check if you would like to save certificate selection") );
 	
@@ -175,14 +194,8 @@ wxEAPTLSCredentialsPanelBase::wxEAPTLSCredentialsPanelBase( wxWindow* parent, wx
 	
 	this->SetSizer( sb_credentials );
 	this->Layout();
-	
-	// Connect Events
-	m_cert_select->Connect( wxEVT_COMMAND_RADIOBUTTON_SELECTED, wxCommandEventHandler( wxEAPTLSCredentialsPanelBase::OnCertSelect ), NULL, this );
 }
 
-wxEAPTLSCredentialsPanelBase::~wxEAPTLSCredentialsPanelBase()
+wxTLSCredentialsPanelBase::~wxTLSCredentialsPanelBase()
 {
-	// Disconnect Events
-	m_cert_select->Disconnect( wxEVT_COMMAND_RADIOBUTTON_SELECTED, wxCommandEventHandler( wxEAPTLSCredentialsPanelBase::OnCertSelect ), NULL, this );
-	
 }

lib/TLS_UI/res/wxTLS_UI.fbp

@@ -870,7 +870,7 @@
                                                 <property name="style"></property>
                                                 <property name="subclass"></property>
                                                 <property name="toolbar_pane">0</property>
-                                                <property name="tooltip">A semicolon delimited list of acceptable server FQDN names; blank to skip name check; &quot;*&quot; wildchar allowed</property>
+                                                <property name="tooltip">A semicolon delimited list of acceptable server FQDN names; blank to skip name check; Unicode characters allowed</property>
                                                 <property name="validator_data_type"></property>
                                                 <property name="validator_style">wxFILTER_NONE</property>
                                                 <property name="validator_type">wxDefaultValidator</property>
@@ -940,7 +940,7 @@
                                                 <property name="gripper">0</property>
                                                 <property name="hidden">0</property>
                                                 <property name="id">wxID_ANY</property>
-                                                <property name="label">(Example: foo.bar.com;*.domain.org)</property>
+                                                <property name="label">(Example: foo.bar.com;server2.bar.com)</property>
                                                 <property name="max_size"></property>
                                                 <property name="maximize_button">0</property>
                                                 <property name="maximum_size"></property>
@@ -1013,7 +1013,7 @@
             <property name="id">wxID_ANY</property>
             <property name="maximum_size"></property>
             <property name="minimum_size"></property>
-            <property name="name">wxEAPTLSCredentialsPanelBase</property>
+            <property name="name">wxTLSCredentialsPanelBase</property>
             <property name="pos"></property>
             <property name="size">500,-1</property>
             <property name="subclass"></property>
@@ -1426,7 +1426,7 @@
                                                         <event name="OnMouseEvents"></event>
                                                         <event name="OnMouseWheel"></event>
                                                         <event name="OnPaint"></event>
-                                                        <event name="OnRadioButton">OnCertSelect</event>
+                                                        <event name="OnRadioButton"></event>
                                                         <event name="OnRightDClick"></event>
                                                         <event name="OnRightDown"></event>
                                                         <event name="OnRightUp"></event>
@@ -1527,6 +1527,274 @@
                                         </object>
                                     </object>
                                 </object>
+                                <object class="sizeritem" expanded="1">
+                                    <property name="border">5</property>
+                                    <property name="flag">wxEXPAND|wxALL</property>
+                                    <property name="proportion">1</property>
+                                    <object class="wxBoxSizer" expanded="1">
+                                        <property name="minimum_size"></property>
+                                        <property name="name">sb_identity</property>
+                                        <property name="orient">wxVERTICAL</property>
+                                        <property name="permission">none</property>
+                                        <object class="sizeritem" expanded="1">
+                                            <property name="border">5</property>
+                                            <property name="flag">wxBOTTOM</property>
+                                            <property name="proportion">0</property>
+                                            <object class="wxStaticText" expanded="1">
+                                                <property name="BottomDockable">1</property>
+                                                <property name="LeftDockable">1</property>
+                                                <property name="RightDockable">1</property>
+                                                <property name="TopDockable">1</property>
+                                                <property name="aui_layer"></property>
+                                                <property name="aui_name"></property>
+                                                <property name="aui_position"></property>
+                                                <property name="aui_row"></property>
+                                                <property name="best_size"></property>
+                                                <property name="bg"></property>
+                                                <property name="caption"></property>
+                                                <property name="caption_visible">1</property>
+                                                <property name="center_pane">0</property>
+                                                <property name="close_button">1</property>
+                                                <property name="context_help"></property>
+                                                <property name="context_menu">1</property>
+                                                <property name="default_pane">0</property>
+                                                <property name="dock">Dock</property>
+                                                <property name="dock_fixed">0</property>
+                                                <property name="docking">Left</property>
+                                                <property name="enabled">1</property>
+                                                <property name="fg"></property>
+                                                <property name="floatable">1</property>
+                                                <property name="font"></property>
+                                                <property name="gripper">0</property>
+                                                <property name="hidden">0</property>
+                                                <property name="id">wxID_ANY</property>
+                                                <property name="label">Custom &amp;identity:</property>
+                                                <property name="max_size"></property>
+                                                <property name="maximize_button">0</property>
+                                                <property name="maximum_size"></property>
+                                                <property name="min_size"></property>
+                                                <property name="minimize_button">0</property>
+                                                <property name="minimum_size"></property>
+                                                <property name="moveable">1</property>
+                                                <property name="name">m_identity_label</property>
+                                                <property name="pane_border">1</property>
+                                                <property name="pane_position"></property>
+                                                <property name="pane_size"></property>
+                                                <property name="permission">protected</property>
+                                                <property name="pin_button">1</property>
+                                                <property name="pos"></property>
+                                                <property name="resize">Resizable</property>
+                                                <property name="show">1</property>
+                                                <property name="size"></property>
+                                                <property name="style"></property>
+                                                <property name="subclass"></property>
+                                                <property name="toolbar_pane">0</property>
+                                                <property name="tooltip"></property>
+                                                <property name="window_extra_style"></property>
+                                                <property name="window_name"></property>
+                                                <property name="window_style"></property>
+                                                <property name="wrap">-1</property>
+                                                <event name="OnChar"></event>
+                                                <event name="OnEnterWindow"></event>
+                                                <event name="OnEraseBackground"></event>
+                                                <event name="OnKeyDown"></event>
+                                                <event name="OnKeyUp"></event>
+                                                <event name="OnKillFocus"></event>
+                                                <event name="OnLeaveWindow"></event>
+                                                <event name="OnLeftDClick"></event>
+                                                <event name="OnLeftDown"></event>
+                                                <event name="OnLeftUp"></event>
+                                                <event name="OnMiddleDClick"></event>
+                                                <event name="OnMiddleDown"></event>
+                                                <event name="OnMiddleUp"></event>
+                                                <event name="OnMotion"></event>
+                                                <event name="OnMouseEvents"></event>
+                                                <event name="OnMouseWheel"></event>
+                                                <event name="OnPaint"></event>
+                                                <event name="OnRightDClick"></event>
+                                                <event name="OnRightDown"></event>
+                                                <event name="OnRightUp"></event>
+                                                <event name="OnSetFocus"></event>
+                                                <event name="OnSize"></event>
+                                                <event name="OnUpdateUI"></event>
+                                            </object>
+                                        </object>
+                                        <object class="sizeritem" expanded="1">
+                                            <property name="border">5</property>
+                                            <property name="flag">wxEXPAND|wxBOTTOM</property>
+                                            <property name="proportion">0</property>
+                                            <object class="wxTextCtrl" expanded="1">
+                                                <property name="BottomDockable">1</property>
+                                                <property name="LeftDockable">1</property>
+                                                <property name="RightDockable">1</property>
+                                                <property name="TopDockable">1</property>
+                                                <property name="aui_layer"></property>
+                                                <property name="aui_name"></property>
+                                                <property name="aui_position"></property>
+                                                <property name="aui_row"></property>
+                                                <property name="best_size"></property>
+                                                <property name="bg"></property>
+                                                <property name="caption"></property>
+                                                <property name="caption_visible">1</property>
+                                                <property name="center_pane">0</property>
+                                                <property name="close_button">1</property>
+                                                <property name="context_help"></property>
+                                                <property name="context_menu">1</property>
+                                                <property name="default_pane">0</property>
+                                                <property name="dock">Dock</property>
+                                                <property name="dock_fixed">0</property>
+                                                <property name="docking">Left</property>
+                                                <property name="enabled">1</property>
+                                                <property name="fg"></property>
+                                                <property name="floatable">1</property>
+                                                <property name="font"></property>
+                                                <property name="gripper">0</property>
+                                                <property name="hidden">0</property>
+                                                <property name="id">wxID_ANY</property>
+                                                <property name="max_size"></property>
+                                                <property name="maximize_button">0</property>
+                                                <property name="maximum_size"></property>
+                                                <property name="maxlength"></property>
+                                                <property name="min_size"></property>
+                                                <property name="minimize_button">0</property>
+                                                <property name="minimum_size"></property>
+                                                <property name="moveable">1</property>
+                                                <property name="name">m_identity</property>
+                                                <property name="pane_border">1</property>
+                                                <property name="pane_position"></property>
+                                                <property name="pane_size"></property>
+                                                <property name="permission">protected</property>
+                                                <property name="pin_button">1</property>
+                                                <property name="pos"></property>
+                                                <property name="resize">Resizable</property>
+                                                <property name="show">1</property>
+                                                <property name="size"></property>
+                                                <property name="style"></property>
+                                                <property name="subclass"></property>
+                                                <property name="toolbar_pane">0</property>
+                                                <property name="tooltip">Your identity (username@domain) to override one from certificate; or blank to use one provided in certificate</property>
+                                                <property name="validator_data_type"></property>
+                                                <property name="validator_style">wxFILTER_NONE</property>
+                                                <property name="validator_type">wxDefaultValidator</property>
+                                                <property name="validator_variable"></property>
+                                                <property name="value"></property>
+                                                <property name="window_extra_style"></property>
+                                                <property name="window_name"></property>
+                                                <property name="window_style"></property>
+                                                <event name="OnChar"></event>
+                                                <event name="OnEnterWindow"></event>
+                                                <event name="OnEraseBackground"></event>
+                                                <event name="OnKeyDown"></event>
+                                                <event name="OnKeyUp"></event>
+                                                <event name="OnKillFocus"></event>
+                                                <event name="OnLeaveWindow"></event>
+                                                <event name="OnLeftDClick"></event>
+                                                <event name="OnLeftDown"></event>
+                                                <event name="OnLeftUp"></event>
+                                                <event name="OnMiddleDClick"></event>
+                                                <event name="OnMiddleDown"></event>
+                                                <event name="OnMiddleUp"></event>
+                                                <event name="OnMotion"></event>
+                                                <event name="OnMouseEvents"></event>
+                                                <event name="OnMouseWheel"></event>
+                                                <event name="OnPaint"></event>
+                                                <event name="OnRightDClick"></event>
+                                                <event name="OnRightDown"></event>
+                                                <event name="OnRightUp"></event>
+                                                <event name="OnSetFocus"></event>
+                                                <event name="OnSize"></event>
+                                                <event name="OnText"></event>
+                                                <event name="OnTextEnter"></event>
+                                                <event name="OnTextMaxLen"></event>
+                                                <event name="OnTextURL"></event>
+                                                <event name="OnUpdateUI"></event>
+                                            </object>
+                                        </object>
+                                        <object class="sizeritem" expanded="1">
+                                            <property name="border">5</property>
+                                            <property name="flag">wxALIGN_RIGHT</property>
+                                            <property name="proportion">0</property>
+                                            <object class="wxStaticText" expanded="1">
+                                                <property name="BottomDockable">1</property>
+                                                <property name="LeftDockable">1</property>
+                                                <property name="RightDockable">1</property>
+                                                <property name="TopDockable">1</property>
+                                                <property name="aui_layer"></property>
+                                                <property name="aui_name"></property>
+                                                <property name="aui_position"></property>
+                                                <property name="aui_row"></property>
+                                                <property name="best_size"></property>
+                                                <property name="bg"></property>
+                                                <property name="caption"></property>
+                                                <property name="caption_visible">1</property>
+                                                <property name="center_pane">0</property>
+                                                <property name="close_button">1</property>
+                                                <property name="context_help"></property>
+                                                <property name="context_menu">1</property>
+                                                <property name="default_pane">0</property>
+                                                <property name="dock">Dock</property>
+                                                <property name="dock_fixed">0</property>
+                                                <property name="docking">Left</property>
+                                                <property name="enabled">1</property>
+                                                <property name="fg"></property>
+                                                <property name="floatable">1</property>
+                                                <property name="font"></property>
+                                                <property name="gripper">0</property>
+                                                <property name="hidden">0</property>
+                                                <property name="id">wxID_ANY</property>
+                                                <property name="label">(Example: user@contoso.com)</property>
+                                                <property name="max_size"></property>
+                                                <property name="maximize_button">0</property>
+                                                <property name="maximum_size"></property>
+                                                <property name="min_size"></property>
+                                                <property name="minimize_button">0</property>
+                                                <property name="minimum_size"></property>
+                                                <property name="moveable">1</property>
+                                                <property name="name">m_identity_note</property>
+                                                <property name="pane_border">1</property>
+                                                <property name="pane_position"></property>
+                                                <property name="pane_size"></property>
+                                                <property name="permission">protected</property>
+                                                <property name="pin_button">1</property>
+                                                <property name="pos"></property>
+                                                <property name="resize">Resizable</property>
+                                                <property name="show">1</property>
+                                                <property name="size"></property>
+                                                <property name="style"></property>
+                                                <property name="subclass"></property>
+                                                <property name="toolbar_pane">0</property>
+                                                <property name="tooltip"></property>
+                                                <property name="window_extra_style"></property>
+                                                <property name="window_name"></property>
+                                                <property name="window_style"></property>
+                                                <property name="wrap">-1</property>
+                                                <event name="OnChar"></event>
+                                                <event name="OnEnterWindow"></event>
+                                                <event name="OnEraseBackground"></event>
+                                                <event name="OnKeyDown"></event>
+                                                <event name="OnKeyUp"></event>
+                                                <event name="OnKillFocus"></event>
+                                                <event name="OnLeaveWindow"></event>
+                                                <event name="OnLeftDClick"></event>
+                                                <event name="OnLeftDown"></event>
+                                                <event name="OnLeftUp"></event>
+                                                <event name="OnMiddleDClick"></event>
+                                                <event name="OnMiddleDown"></event>
+                                                <event name="OnMiddleUp"></event>
+                                                <event name="OnMotion"></event>
+                                                <event name="OnMouseEvents"></event>
+                                                <event name="OnMouseWheel"></event>
+                                                <event name="OnPaint"></event>
+                                                <event name="OnRightDClick"></event>
+                                                <event name="OnRightDown"></event>
+                                                <event name="OnRightUp"></event>
+                                                <event name="OnSetFocus"></event>
+                                                <event name="OnSize"></event>
+                                                <event name="OnUpdateUI"></event>
+                                            </object>
+                                        </object>
+                                    </object>
+                                </object>
                                 <object class="sizeritem" expanded="1">
                                     <property name="border">5</property>
                                     <property name="flag">wxALL|wxEXPAND</property>

lib/TLS_UI/res/wxTLS_UI.h

@@ -68,9 +68,9 @@ class wxEAPTLSServerTrustConfigPanelBase : public wxPanel
 };
 
 ///////////////////////////////////////////////////////////////////////////////
-/// Class wxEAPTLSCredentialsPanelBase
+/// Class wxTLSCredentialsPanelBase
 ///////////////////////////////////////////////////////////////////////////////
-class wxEAPTLSCredentialsPanelBase : public wxPanel 
+class wxTLSCredentialsPanelBase : public wxPanel 
 {
 	private:
 	
@@ -80,16 +80,15 @@ class wxEAPTLSCredentialsPanelBase : public wxPanel
 		wxRadioButton* m_cert_none;
 		wxRadioButton* m_cert_select;
 		wxChoice* m_cert_select_val;
+		wxStaticText* m_identity_label;
+		wxTextCtrl* m_identity;
+		wxStaticText* m_identity_note;
 		wxCheckBox* m_remember;
-		
-		// Virtual event handlers, overide them in your derived class
-		virtual void OnCertSelect( wxCommandEvent& event ) { event.Skip(); }
-		
 	
 	public:
 		
-		wxEAPTLSCredentialsPanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL ); 
-		~wxEAPTLSCredentialsPanelBase();
+		wxTLSCredentialsPanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL ); 
+		~wxTLSCredentialsPanelBase();
 	
 };
 

lib/TLS_UI/src/TLS_UI.cpp

@@ -20,46 +20,9 @@
 
 #include "StdAfx.h"
 
-#pragma comment(lib, "Cryptui.lib")
 #pragma comment(lib, "Crypt32.lib")
 
 
-//////////////////////////////////////////////////////////////////////
-// eap::get_cert_title
-//////////////////////////////////////////////////////////////////////
-
-void eap::get_cert_title(PCCERT_CONTEXT cert, winstd::tstring &title)
-{
-    winstd::tstring name, str, issuer;
-    FILETIME ft;
-    SYSTEMTIME st;
-
-    title.clear();
-
-    // Prepare certificate information
-    CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, name);
-    title += name;
-
-    FileTimeToLocalFileTime(&(cert->pCertInfo->NotBefore), &ft);
-    FileTimeToSystemTime(&ft, &st);
-    GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, str);
-    title += _T(", ");
-    title += str;
-
-    FileTimeToLocalFileTime(&(cert->pCertInfo->NotAfter ), &ft);
-    FileTimeToSystemTime(&ft, &st);
-    GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, str);
-    title += _T('-');
-    title += str;
-
-    CertGetNameString(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, CERT_NAME_ISSUER_FLAG, NULL, issuer);
-    if (name != issuer) {
-        title += _T(", ");
-        title += issuer;
-    }
-}
-
-
 //////////////////////////////////////////////////////////////////////
 // wxCertificateClientData
 //////////////////////////////////////////////////////////////////////
@@ -83,7 +46,7 @@ wxCertificateClientData::~wxCertificateClientData()
 wxIMPLEMENT_DYNAMIC_CLASS(wxHostNameValidator, wxValidator);
 
 
-wxHostNameValidator::wxHostNameValidator(std::string *val) :
+wxHostNameValidator::wxHostNameValidator(std::wstring *val) :
     m_val(val),
     wxValidator()
 {
@@ -135,7 +98,7 @@ bool wxHostNameValidator::TransferFromWindow()
 }
 
 
-bool wxHostNameValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::string *val_out)
+bool wxHostNameValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out)
 {
     const wxStringCharType *buf = val_in;
 
@@ -145,7 +108,7 @@ bool wxHostNameValidator::Parse(const wxString &val_in, size_t i_start, size_t i
             // End of host name found.
             if (val_out) val_out->assign(val_in.c_str() + i_start, i - i_start);
             return true;
-        } else if (_tcschr(wxT("abcdefghijklmnopqrstuvwxyz0123456789-*"), buf[i])) {
+        } else if (buf[i] == _T('-') || buf[i] == _T('_') || _istalnum(buf[i])) {
             // Valid character found.
             i++;
         } else {
@@ -166,7 +129,7 @@ bool wxHostNameValidator::Parse(const wxString &val_in, size_t i_start, size_t i
 wxIMPLEMENT_DYNAMIC_CLASS(wxFQDNValidator, wxValidator);
 
 
-wxFQDNValidator::wxFQDNValidator(std::string *val) :
+wxFQDNValidator::wxFQDNValidator(std::wstring *val) :
     m_val(val),
     wxValidator()
 {
@@ -218,7 +181,7 @@ bool wxFQDNValidator::TransferFromWindow()
 }
 
 
-bool wxFQDNValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::string *val_out)
+bool wxFQDNValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::wstring *val_out)
 {
     const wxStringCharType *buf = val_in;
 
@@ -247,7 +210,7 @@ bool wxFQDNValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end
 wxIMPLEMENT_DYNAMIC_CLASS(wxFQDNListValidator, wxValidator);
 
 
-wxFQDNListValidator::wxFQDNListValidator(std::list<std::string> *val) :
+wxFQDNListValidator::wxFQDNListValidator(std::list<std::wstring> *val) :
     m_val(val),
     wxValidator()
 {
@@ -283,7 +246,7 @@ bool wxFQDNListValidator::TransferToWindow()
 
     if (m_val) {
         wxString str;
-        for (std::list<std::string>::const_iterator name = m_val->cbegin(), name_end = m_val->cend(); name != name_end; ++name) {
+        for (std::list<std::wstring>::const_iterator name = m_val->cbegin(), name_end = m_val->cend(); name != name_end; ++name) {
             if (!str.IsEmpty()) str += wxT("; ");
             str += *name;
         }
@@ -304,11 +267,11 @@ bool wxFQDNListValidator::TransferFromWindow()
 }
 
 
-bool wxFQDNListValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::string> *val_out)
+bool wxFQDNListValidator::Parse(const wxString &val_in, size_t i_start, size_t i_end, wxTextCtrl *ctrl, wxWindow *parent, std::list<std::wstring> *val_out)
 {
     const wxStringCharType *buf = val_in;
-    std::string _fqdn, *fqdn = val_out ? &_fqdn : NULL;
-    std::list<std::string> _val_out;
+    std::wstring _fqdn, *fqdn = val_out ? &_fqdn : NULL;
+    std::list<std::wstring> _val_out;
 
     size_t i = i_start;
     for (;;) {
@@ -342,3 +305,327 @@ bool wxFQDNListValidator::Parse(const wxString &val_in, size_t i_start, size_t i
         }
     }
 }
+
+
+//////////////////////////////////////////////////////////////////////
+// wxTLSCredentialsPanel
+//////////////////////////////////////////////////////////////////////
+
+wxTLSCredentialsPanel::wxTLSCredentialsPanel(const eap::config_provider &prov, const eap::config_method_with_cred &cfg, eap::credentials_tls &cred, LPCTSTR pszCredTarget, wxWindow* parent, bool is_config) :
+    wxEAPCredentialsPanelBase<eap::credentials_tls, wxTLSCredentialsPanelBase>(prov, cfg, cred, pszCredTarget, parent, is_config)
+{
+    // Load and set icon.
+    if (m_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
+        wxSetIconFromResource(m_credentials_icon, m_icon, m_shell32, MAKEINTRESOURCE(269));
+}
+
+
+bool wxTLSCredentialsPanel::TransferDataToWindow()
+{
+    // Populate certificate list.
+    bool is_found = false;
+    winstd::cert_store store;
+    if (store.create(CERT_STORE_PROV_SYSTEM, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, (HCRYPTPROV)NULL, CERT_SYSTEM_STORE_CURRENT_USER, _T("My"))) {
+        for (PCCERT_CONTEXT cert = NULL; (cert = CertEnumCertificatesInStore(store, cert)) != NULL;) {
+            DWORD dwKeySpec = 0, dwSize = sizeof(dwKeySpec);
+            if (!CertGetCertificateContextProperty(cert, CERT_KEY_SPEC_PROP_ID, &dwKeySpec, &dwSize) || !dwKeySpec) {
+                // Skip certificates without private key.
+                continue;
+            }
+
+            // Prepare certificate information.
+            std::unique_ptr<wxCertificateClientData> data(new wxCertificateClientData(CertDuplicateCertificateContext(cert)));
+
+            // Add to list.
+            bool is_selected =
+                m_cred.m_cert &&
+                m_cred.m_cert->cbCertEncoded == data->m_cert->cbCertEncoded &&
+                memcmp(m_cred.m_cert->pbCertEncoded, data->m_cert->pbCertEncoded, m_cred.m_cert->cbCertEncoded) == 0;
+            winstd::tstring name(std::move(eap::get_cert_title(cert)));
+            int i = m_cert_select_val->Append(name, data.release());
+            if (is_selected) {
+                m_cert_select_val->SetSelection(i);
+                is_found = true;
+            }
+        }
+    }
+
+    if (is_found) {
+        m_cert_select->SetValue(true);
+    } else {
+        m_cert_none->SetValue(true);
+        if (!m_cert_select_val->IsEmpty())
+            m_cert_select_val->SetSelection(0);
+    }
+
+    m_identity->SetValue(m_cred.m_identity);
+
+    return wxEAPCredentialsPanelBase<eap::credentials_tls, wxTLSCredentialsPanelBase>::TransferDataToWindow();
+}
+
+
+bool wxTLSCredentialsPanel::TransferDataFromWindow()
+{
+    if (m_cert_none->GetValue())
+        m_cred.m_cert.free();
+    else {
+        const wxCertificateClientData *data = dynamic_cast<const wxCertificateClientData*>(m_cert_select_val->GetClientObject(m_cert_select_val->GetSelection()));
+        if (data)
+            m_cred.m_cert.attach_duplicated(data->m_cert);
+        else
+            m_cred.m_cert.free();
+    }
+
+    m_cred.m_identity = m_identity->GetValue();
+
+    // Inherited TransferDataFromWindow() calls m_cred.store().
+    // Therefore, call it only now, that m_cred is set.
+    return wxEAPCredentialsPanelBase<eap::credentials_tls, wxTLSCredentialsPanelBase>::TransferDataFromWindow();
+}
+
+
+void wxTLSCredentialsPanel::OnUpdateUI(wxUpdateUIEvent& event)
+{
+    if (!m_is_config && m_cfg.m_use_preshared) {
+        // Credential prompt mode & Using pre-shared credentials
+        // To avoid run-away selection of radio buttons, disable the selected one last.
+        if (m_cert_none->GetValue()) {
+            m_cert_select->Enable(false);
+            m_cert_none  ->Enable(false);
+        } else {
+            m_cert_none  ->Enable(false);
+            m_cert_select->Enable(false);
+        }
+        m_cert_select_val->Enable(false);
+        m_identity->Enable(false);
+    } else {
+        // Configuration mode or using own credentials. Selectively enable/disable controls.
+        m_cert_select_val->Enable(m_cert_select->GetValue());
+        m_identity->Enable(true);
+    }
+
+    wxEAPCredentialsPanelBase<eap::credentials_tls, wxTLSCredentialsPanelBase>::OnUpdateUI(event);
+}
+
+
+//////////////////////////////////////////////////////////////////////
+// wxTLSServerTrustPanel
+//////////////////////////////////////////////////////////////////////
+
+wxTLSServerTrustPanel::wxTLSServerTrustPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, wxWindow* parent) :
+    m_prov(prov),
+    m_cfg(cfg),
+    wxEAPTLSServerTrustConfigPanelBase(parent)
+{
+    // Load and set icon.
+    if (m_certmgr.load(_T("certmgr.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
+        wxSetIconFromResource(m_server_trust_icon, m_icon, m_certmgr, MAKEINTRESOURCE(218));
+
+    // Do not use cfg.m_server_names directly, so we can decide not to store the value in case of provider-locked configuration.
+    // Never rely on control disabled state alone, as they can be enabled using external tool like Spy++.
+    m_server_names->SetValidator(wxFQDNListValidator(&m_server_names_val));
+}
+
+
+bool wxTLSServerTrustPanel::TransferDataToWindow()
+{
+    // Populate trusted CA list.
+    for (std::list<winstd::cert_context>::const_iterator cert = m_cfg.m_trusted_root_ca.cbegin(), cert_end = m_cfg.m_trusted_root_ca.cend(); cert != cert_end; ++cert)
+        m_root_ca->Append(wxString(eap::get_cert_title(*cert)), new wxCertificateClientData(cert->duplicate()));
+
+    // Set server acceptable names. The edit control will get populated by validator.
+    m_server_names_val = m_cfg.m_server_names;
+
+    return wxEAPTLSServerTrustConfigPanelBase::TransferDataToWindow();
+}
+
+
+bool wxTLSServerTrustPanel::TransferDataFromWindow()
+{
+    wxCHECK(wxEAPTLSServerTrustConfigPanelBase::TransferDataFromWindow(), false);
+
+    if (!m_prov.m_read_only) {
+        // This is not a provider-locked configuration. Save the data.
+
+        // Parse trusted CA list.
+        m_cfg.m_trusted_root_ca.clear();
+        for (unsigned int i = 0, i_end = m_root_ca->GetCount(); i < i_end; i++) {
+            wxCertificateClientData *cert = dynamic_cast<wxCertificateClientData*>(m_root_ca->GetClientObject(i));
+            if (cert)
+                m_cfg.add_trusted_ca(cert->m_cert->dwCertEncodingType, cert->m_cert->pbCertEncoded, cert->m_cert->cbCertEncoded);
+        }
+
+        // Save acceptable server names.
+        m_cfg.m_server_names = m_server_names_val;
+    }
+
+    return true;
+}
+
+
+void wxTLSServerTrustPanel::OnUpdateUI(wxUpdateUIEvent& event)
+{
+    UNREFERENCED_PARAMETER(event);
+
+    if (m_prov.m_read_only) {
+        // This is provider-locked configuration. Disable controls.
+        m_root_ca_add_store->Enable(false);
+        m_root_ca_add_file ->Enable(false);
+        m_root_ca_remove   ->Enable(false);
+        m_server_names     ->Enable(false);
+    } else {
+        // This is not a provider-locked configuration. Selectively enable/disable controls.
+        m_root_ca_add_store->Enable(true);
+        m_root_ca_add_file ->Enable(true);
+        wxArrayInt selections;
+        m_root_ca_remove->Enable(m_root_ca->GetSelections(selections) ? true : false);
+        m_server_names     ->Enable(true);
+    }
+}
+
+
+void wxTLSServerTrustPanel::OnRootCADClick(wxCommandEvent& event)
+{
+    wxCertificateClientData *cert = dynamic_cast<wxCertificateClientData*>(event.GetClientObject());
+    if (cert)
+        CryptUIDlgViewContext(CERT_STORE_CERTIFICATE_CONTEXT, cert->m_cert, this->GetHWND(), NULL, 0, NULL);
+}
+
+
+void wxTLSServerTrustPanel::OnRootCAAddStore(wxCommandEvent& event)
+{
+    UNREFERENCED_PARAMETER(event);
+
+    winstd::cert_store store;
+    if (store.create(NULL, _T("ROOT"))) {
+        winstd::cert_context cert;
+        cert.attach(CryptUIDlgSelectCertificateFromStore(store, this->GetHWND(), NULL, NULL, 0, 0, NULL));
+        if (cert)
+            AddRootCA(cert);
+    }
+}
+
+
+void wxTLSServerTrustPanel::OnRootCAAddFile(wxCommandEvent& event)
+{
+    UNREFERENCED_PARAMETER(event);
+
+    const wxString separator(wxT("|"));
+    wxFileDialog open_dialog(this, _("Add Certificate"), wxEmptyString, wxEmptyString,
+        _("Certificate Files (*.cer;*.crt;*.der;*.p7b;*.pem)") + separator + wxT("*.cer;*.crt;*.der;*.p7b;*.pem") + separator +
+        _("X.509 Certificate Files (*.cer;*.crt;*.der;*.pem)") + separator + wxT("*.cer;*.crt;*.der;*.pem") + separator +
+        _("PKCS #7 Certificate Files (*.p7b)") + separator + wxT("*.p7b") + separator +
+        _("All Files (*.*)") + separator + wxT("*.*"),
+        wxFD_OPEN|wxFD_FILE_MUST_EXIST|wxFD_MULTIPLE);
+    if (open_dialog.ShowModal() == wxID_CANCEL) {
+        event.Skip();
+        return;
+    }
+
+    wxArrayString paths;
+    open_dialog.GetPaths(paths);
+    for (size_t i = 0, i_end = paths.GetCount(); i < i_end; i++) {
+        // Load certificate(s) from file.
+        winstd::cert_store cs;
+        if (cs.create(CERT_STORE_PROV_FILENAME, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, NULL, CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG, (LPCTSTR)(paths[i]))) {
+            for (PCCERT_CONTEXT cert = NULL; (cert = CertEnumCertificatesInStore(cs, cert)) != NULL;)
+                AddRootCA(cert);
+        } else
+            wxMessageBox(wxString::Format(_("Invalid or unsupported certificate file %s"), paths[i]), _("Error"), wxOK | wxICON_EXCLAMATION, this);
+    }
+}
+
+
+void wxTLSServerTrustPanel::OnRootCARemove(wxCommandEvent& event)
+{
+    UNREFERENCED_PARAMETER(event);
+
+    wxArrayInt selections;
+    for (int i = m_root_ca->GetSelections(selections); i--; )
+        m_root_ca->Delete(selections[i]);
+}
+
+
+bool wxTLSServerTrustPanel::AddRootCA(PCCERT_CONTEXT cert)
+{
+    for (unsigned int i = 0, i_end = m_root_ca->GetCount(); i < i_end; i++) {
+        wxCertificateClientData *c = dynamic_cast<wxCertificateClientData*>(m_root_ca->GetClientObject(i));
+        if (c && c->m_cert &&
+            c->m_cert->cbCertEncoded == cert->cbCertEncoded &&
+            memcmp(c->m_cert->pbCertEncoded, cert->pbCertEncoded, cert->cbCertEncoded) == 0)
+        {
+            // This certificate is already on the list.
+            m_root_ca->SetSelection(i);
+            return false;
+        }
+    }
+
+    // Add certificate to the list.
+    int i = m_root_ca->Append(wxString(eap::get_cert_title(cert)), new wxCertificateClientData(CertDuplicateCertificateContext(cert)));
+    if (0 <= i)
+        m_root_ca->SetSelection(i);
+
+    return true;
+}
+
+
+//////////////////////////////////////////////////////////////////////
+// wxTLSConfigPanel
+//////////////////////////////////////////////////////////////////////
+
+wxTLSConfigPanel::wxTLSConfigPanel(const eap::config_provider &prov, eap::config_method_tls &cfg, LPCTSTR pszCredTarget, wxWindow* parent) :
+    m_prov(prov),
+    m_cfg(cfg),
+    wxPanel(parent)
+{
+    wxBoxSizer* sb_content;
+    sb_content = new wxBoxSizer( wxVERTICAL );
+
+    m_server_trust = new wxTLSServerTrustPanel(prov, cfg, this);
+    sb_content->Add(m_server_trust, 0, wxDOWN|wxEXPAND, 5);
+
+    m_credentials = new wxTLSCredentialsConfigPanel(prov, cfg, pszCredTarget, this);
+    sb_content->Add(m_credentials, 0, wxUP|wxEXPAND, 5);
+
+    this->SetSizer(sb_content);
+    this->Layout();
+
+    // Connect Events
+    this->Connect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxTLSConfigPanel::OnInitDialog));
+}
+
+
+wxTLSConfigPanel::~wxTLSConfigPanel()
+{
+    // Disconnect Events
+    this->Disconnect(wxEVT_INIT_DIALOG, wxInitDialogEventHandler(wxTLSConfigPanel::OnInitDialog));
+}
+
+
+void wxTLSConfigPanel::OnInitDialog(wxInitDialogEvent& event)
+{
+    // Forward the event to child panels.
+    m_server_trust->GetEventHandler()->ProcessEvent(event);
+    if (m_credentials)
+        m_credentials->GetEventHandler()->ProcessEvent(event);
+}
+
+
+#if EAP_TLS < EAP_TLS_SCHANNEL
+
+bool wxTLSConfigPanel::TransferDataFromWindow()
+{
+    wxCHECK(wxPanel::TransferDataFromWindow(), false);
+
+    if (!m_prov.m_read_only) {
+        // This is not a provider-locked configuration. The data will get saved.
+
+        // Reset session ID and master secret to force clean connect next time.
+        m_cfg.m_session_id.clear();
+        m_cfg.m_master_secret.clear();
+    }
+
+    return true;
+}
+
+#endif

lib/TTLS/build/TTLS.vcxproj

@@ -81,15 +81,15 @@
   <ItemGroup>
     <ClInclude Include="..\include\Config.h" />
     <ClInclude Include="..\include\Credentials.h" />
+    <ClInclude Include="..\include\Method.h" />
     <ClInclude Include="..\include\Module.h" />
-    <ClInclude Include="..\include\Session.h" />
     <ClInclude Include="..\src\StdAfx.h" />
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="..\src\Config.cpp" />
     <ClCompile Include="..\src\Credentials.cpp" />
+    <ClCompile Include="..\src\Method.cpp" />
     <ClCompile Include="..\src\Module.cpp" />
-    <ClCompile Include="..\src\Session.cpp" />
     <ClCompile Include="..\src\StdAfx.cpp">
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>

lib/TTLS/build/TTLS.vcxproj.filters

@@ -20,7 +20,7 @@
     <ClInclude Include="..\include\Credentials.h">
       <Filter>Header Files</Filter>
     </ClInclude>
-    <ClInclude Include="..\include\Session.h">
+    <ClInclude Include="..\include\Method.h">
       <Filter>Header Files</Filter>
     </ClInclude>
     <ClInclude Include="..\include\Module.h">
@@ -37,10 +37,10 @@
     <ClCompile Include="..\src\Credentials.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
-    <ClCompile Include="..\src\Module.cpp">
+    <ClCompile Include="..\src\Method.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
-    <ClCompile Include="..\src\Session.cpp">
+    <ClCompile Include="..\src\Module.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
   </ItemGroup>

lib/TTLS/include/Config.h

@@ -25,75 +25,46 @@ namespace eap
     ///
     /// TTLS configuration
     ///
-    class config_ttls;
-}
-
-namespace eapserial
-{
-    ///
-    /// Packs a TTLS based method configuration
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[in]    val     Configuration to pack
-    ///
-    inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::config_ttls &val);
-
-    ///
-    /// Returns packed size of a TTLS based method configuration
-    ///
-    /// \param[in] val  Configuration to pack
-    ///
-    /// \returns Size of data when packed (in bytes)
-    ///
-    inline size_t get_pk_size(const eap::config_ttls &val);
-
-    ///
-    /// Unpacks a TTLS based method configuration
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[out]   val     Configuration to unpack to
-    ///
-    inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::config_ttls &val);
+    class config_method_ttls;
 }
 
 #pragma once
 
+#include "Credentials.h"
+
 #include "../../TLS/include/Config.h"
 #include "../../PAP/include/Config.h"
 
 #include <Windows.h>
 #include <assert.h>
 
+#include <memory>
+
 
 namespace eap {
-    class config_ttls : public config_tls
+    class config_method_ttls : public config_method_tls
     {
     public:
         ///
         /// Constructs configuration
         ///
-        /// \param[in] mod  Reference of the EAP module to use for global services
+        /// \param[in] mod  EAP module to use for global services
         ///
-        config_ttls(_In_ module &mod);
+        config_method_ttls(_In_ module &mod);
 
         ///
         /// Copies configuration
         ///
         /// \param[in] other  Configuration to copy from
         ///
-        config_ttls(const _In_ config_ttls &other);
+        config_method_ttls(const _In_ config_method_ttls &other);
 
         ///
         /// Moves configuration
         ///
         /// \param[in] other  Configuration to move from
         ///
-        config_ttls(_Inout_ config_ttls &&other);
-
-        ///
-        /// Destructs configuration
-        ///
-        virtual ~config_ttls();
+        config_method_ttls(_Inout_ config_method_ttls &&other);
 
         ///
         /// Copies configuration
@@ -102,7 +73,7 @@ namespace eap {
         ///
         /// \returns Reference to this object
         ///
-        config_ttls& operator=(const _In_ config_ttls &other);
+        config_method_ttls& operator=(const _In_ config_method_ttls &other);
 
         ///
         /// Moves configuration
@@ -111,7 +82,7 @@ namespace eap {
         ///
         /// \returns Reference to this object
         ///
-        config_ttls& operator=(_Inout_ config_ttls &&other);
+        config_method_ttls& operator=(_Inout_ config_method_ttls &&other);
 
         ///
         /// Clones configuration
@@ -124,101 +95,60 @@ namespace eap {
         /// @{
 
         ///
-        /// Save configuration to XML document
+        /// Save to XML document
         ///
         /// \param[in]  pDoc         XML document
-        /// \param[in]  pConfigRoot  Suggested root element for saving configuration
-        /// \param[out] ppEapError   Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
+        /// \param[in]  pConfigRoot  Suggested root element for saving
         ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const;
+        virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
 
         ///
-        /// Load configuration from XML document
+        /// Load from XML document
         ///
-        /// \param[in]  pConfigRoot  Root element for loading configuration
-        /// \param[out] ppEapError   Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
+        /// \param[in]  pConfigRoot  Root element for loading
         ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError);
+        virtual void load(_In_ IXMLDOMNode *pConfigRoot);
 
         /// @}
 
+        /// \name BLOB management
+        /// @{
+
+        ///
+        /// Packs a configuration
+        ///
+        /// \param[inout] cursor  Memory cursor
+        ///
+        virtual void operator<<(_Inout_ cursor_out &cursor) const;
+
+        ///
+        /// Returns packed size of a configuration
+        ///
+        /// \returns Size of data when packed (in bytes)
+        ///
+        virtual size_t get_pk_size() const;
+
+        ///
+        /// Unpacks a configuration
+        ///
+        /// \param[inout] cursor  Memory cursor
+        ///
+        virtual void operator>>(_Inout_ cursor_in &cursor);
+
         ///
         /// Returns EAP method type of this configuration
         ///
         /// \returns `eap::type_ttls`
         ///
-        virtual eap::type_t get_method_id() const;
+        virtual winstd::eap_type_t get_method_id() const;
+
+        ///
+        /// Generates public identity using current configuration and given credentials
+        ///
+        std::wstring get_public_identity(const credentials_ttls &cred) const;
 
     public:
-        config *m_inner;    ///< Inner authentication configuration
+        std::unique_ptr<config_method_with_cred> m_inner;   ///< Inner authentication configuration
+        std::wstring m_anonymous_identity;                  ///< Anonymous identity
     };
 }
-
-
-namespace eapserial
-{
-    inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::config_ttls &val)
-    {
-        pack(cursor, (const eap::config_tls&)val);
-        if (val.m_inner) {
-            if (dynamic_cast<eap::config_pap*>(val.m_inner)) {
-                pack(cursor, eap::type_pap);
-                pack(cursor, (const eap::config_pap&)*val.m_inner);
-            } else {
-                assert(0); // Unsupported inner authentication method type.
-                pack(cursor, eap::type_undefined);
-            }
-        } else
-            pack(cursor, eap::type_undefined);
-    }
-
-
-    inline size_t get_pk_size(const eap::config_ttls &val)
-    {
-        size_t size_inner;
-        if (val.m_inner) {
-            if (dynamic_cast<eap::config_pap*>(val.m_inner)) {
-                size_inner =
-                    get_pk_size(eap::type_pap) +
-                    get_pk_size((const eap::config_pap&)*val.m_inner);
-            } else {
-                size_inner = get_pk_size(eap::type_undefined);
-                assert(0); // Unsupported inner authentication method type.
-            }
-        } else
-            size_inner = get_pk_size(eap::type_undefined);
-
-        return
-            get_pk_size((const eap::config_tls&)val) +
-            size_inner;
-    }
-
-
-    inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::config_ttls &val)
-    {
-        unpack(cursor, (eap::config_tls&)val);
-
-        if (val.m_inner)
-            delete val.m_inner;
-
-        eap::type_t eap_type;
-        unpack(cursor, eap_type);
-        switch (eap_type) {
-            case eap::type_pap:
-                val.m_inner = new eap::config_pap(val.m_module);
-                unpack(cursor, (eap::config_pap&)*val.m_inner);
-                break;
-            default:
-                val.m_inner = NULL;
-                assert(0); // Unsupported inner authentication method type.
-        }
-    }
-}

lib/TTLS/include/Credentials.h

@@ -26,39 +26,14 @@ namespace eap
     class credentials_ttls;
 }
 
-namespace eapserial
-{
-    ///
-    /// Packs a TTLS based method credentials
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[in]    val     Configuration to pack
-    ///
-    inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::credentials_ttls &val);
-
-    ///
-    /// Returns packed size of a TTLS based method credentials
-    ///
-    /// \param[in] val  Configuration to pack
-    ///
-    /// \returns Size of data when packed (in bytes)
-    ///
-    inline size_t get_pk_size(const eap::credentials_ttls &val);
-
-    ///
-    /// Unpacks a TTLS based method credentials
-    ///
-    /// \param[inout] cursor  Memory cursor
-    /// \param[out]   val     Configuration to unpack to
-    ///
-    inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::credentials_ttls &val);
-}
-
 #pragma once
 
 #include "../../TLS/include/Credentials.h"
 #include "../../PAP/include/Credentials.h"
 
+#include <memory>
+#include <utility>
+
 
 namespace eap
 {
@@ -68,7 +43,7 @@ namespace eap
         ///
         /// Constructs credentials
         ///
-        /// \param[in] mod  Reference of the EAP module to use for global services
+        /// \param[in] mod  EAP module to use for global services
         ///
         credentials_ttls(_In_ module &mod);
 
@@ -119,38 +94,56 @@ namespace eap
         ///
         /// Test credentials if blank
         ///
+        /// \returns
+        /// - \c true if blank
+        /// - \c false otherwise
+        ///
         virtual bool empty() const;
 
         /// \name XML credentials management
         /// @{
 
         ///
-        /// Save credentials to XML document
+        /// Save to XML document
         ///
         /// \param[in]  pDoc         XML document
-        /// \param[in]  pConfigRoot  Suggested root element for saving credentials
-        /// \param[out] ppEapError   Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
+        /// \param[in]  pConfigRoot  Suggested root element for saving
         ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const;
+        virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
 
         ///
-        /// Load credentials from XML document
+        /// Load from XML document
         ///
-        /// \param[in]  pConfigRoot  Root element for loading credentials
-        /// \param[out] ppEapError   Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
+        /// \param[in]  pConfigRoot  Root element for loading
         ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError);
+        virtual void load(_In_ IXMLDOMNode *pConfigRoot);
 
         /// @}
 
+        /// \name BLOB management
+        /// @{
+
+        ///
+        /// Packs a configuration
+        ///
+        /// \param[inout] cursor  Memory cursor
+        ///
+        virtual void operator<<(_Inout_ cursor_out &cursor) const;
+
+        ///
+        /// Returns packed size of a configuration
+        ///
+        /// \returns Size of data when packed (in bytes)
+        ///
+        virtual size_t get_pk_size() const;
+
+        ///
+        /// Unpacks a configuration
+        ///
+        /// \param[inout] cursor  Memory cursor
+        ///
+        virtual void operator>>(_Inout_ cursor_in &cursor);
+
         /// \name Storage
         /// @{
 
@@ -158,82 +151,49 @@ namespace eap
         /// Save credentials to Windows Credential Manager
         ///
         /// \param[in]  pszTargetName  The name in Windows Credential Manager to store credentials as
-        /// \param[out] ppEapError     Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
         ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool store(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError) const;
+        virtual void store(_In_z_ LPCTSTR pszTargetName) const;
 
         ///
         /// Retrieve credentials from Windows Credential Manager
         ///
         /// \param[in]  pszTargetName  The name in Windows Credential Manager to retrieve credentials from
-        /// \param[out] ppEapError     Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
         ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
+        virtual void retrieve(_In_z_ LPCTSTR pszTargetName);
+
         ///
-        virtual bool retrieve(_In_ LPCTSTR pszTargetName, _Out_ EAP_ERROR **ppEapError);
+        /// Return target suffix for Windows Credential Manager credential name
+        ///
+        virtual LPCTSTR target_suffix() const;
+
+        ///
+        /// Returns credential identity.
+        ///
+        virtual std::wstring get_identity() const;
 
         /// @}
 
+        ///
+        /// Combine credentials in the following order:
+        ///
+        /// 1. Cached credentials
+        /// 2. Pre-configured credentials
+        /// 3. Stored credentials
+        ///
+        /// \param[in] cred_cached    Cached credentials (optional, can be \c NULL)
+        /// \param[in] cfg            Method configuration
+        /// \param[in] pszTargetName  The name in Windows Credential Manager to retrieve credentials from (optional, can be \c NULL)
+        ///
+        /// \returns
+        /// - \c true  if credentials were set;
+        /// - \c false otherwise
+        ///
+        std::pair<source_t, source_t> combine(
+            _In_       const credentials_ttls   *cred_cached,
+            _In_       const config_method_ttls &cfg,
+            _In_opt_z_       LPCTSTR            pszTargetName);
+
     public:
-        credentials *m_inner;   ///< Inner credentials
+        std::unique_ptr<credentials> m_inner;   ///< Inner credentials
     };
 }
-
-
-namespace eapserial
-{
-    inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::credentials_ttls &val)
-    {
-        pack(cursor, (const eap::credentials_tls&)val);
-        if (val.m_inner) {
-            if (dynamic_cast<eap::credentials_pap*>(val.m_inner)) {
-                pack(cursor, (unsigned char)eap::type_pap);
-                pack(cursor, (const eap::credentials_pap&)*val.m_inner);
-            } else {
-                assert(0); // Unsupported inner authentication method type.
-                pack(cursor, (unsigned char)0);
-            }
-        } else
-            pack(cursor, (unsigned char)0);
-    }
-
-
-    inline size_t get_pk_size(const eap::credentials_ttls &val)
-    {
-        size_t size_inner = sizeof(unsigned char);
-        if (val.m_inner) {
-            if (dynamic_cast<eap::credentials_pap*>(val.m_inner))
-                size_inner += get_pk_size((const eap::credentials_pap&)*val.m_inner);
-            else
-                assert(0); // Unsupported inner authentication method type.
-        }
-
-        return
-            get_pk_size((const eap::credentials_tls&)val) +
-            size_inner;
-    }
-
-
-    inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::credentials_ttls &val)
-    {
-        unpack(cursor, (eap::credentials_tls&)val);
-
-        assert(!val.m_inner);
-        unsigned char eap_type;
-        unpack(cursor, eap_type);
-        switch (eap_type) {
-            case eap::type_pap:
-                val.m_inner = new eap::credentials_pap(val.m_module);
-                unpack(cursor, (eap::credentials_pap&)*val.m_inner);
-                break;
-            case 0           : break;
-            default          : assert(0); // Unsupported inner authentication method type.
-        }
-    }
-}

lib/TTLS/include/Method.h

@@ -0,0 +1,154 @@
+/*
+    Copyright 2015-2016 Amebis
+    Copyright 2016 GÉANT
+
+    This file is part of GÉANTLink.
+
+    GÉANTLink is free software: you can redistribute it and/or modify it
+    under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    GÉANTLink is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+namespace eap
+{
+    ///
+    /// EAP-TTLS method
+    ///
+    class method_ttls;
+}
+
+#pragma once
+
+#include "Config.h"
+#include "Credentials.h"
+
+#include "../../TLS/include/Method.h"
+#include "../../EAPBase/include/Method.h"
+
+
+namespace eap
+{
+    class method_ttls : public method_tls
+    {
+    public:
+        ///
+        /// EAP-TTLS packet flags
+        ///
+        /// \sa [Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0) (Chapter: 9.1 Packet Format)](https://tools.ietf.org/html/rfc5281#section-9.1)
+        ///
+        #pragma warning(suppress: 4480)
+        enum flags_t : unsigned char {
+            flags_length_incl = method_tls::flags_req_length_incl,  ///< Length included
+            flags_more_frag   = method_tls::flags_req_more_frag,    ///< More fragments
+            flags_start       = method_tls::flags_req_start,        ///< Start
+            flags_ver_mask    = 0x07,                               ///< Version mask
+        };
+
+    public:
+        ///
+        /// Constructs an EAP method
+        ///
+        /// \param[in] mod   EAP module to use for global services
+        /// \param[in] cfg   Connection configuration
+        /// \param[in] cred  User credentials
+        ///
+        method_ttls(_In_ module &module, _In_ config_connection &cfg, _In_ credentials_ttls &cred);
+
+        ///
+        /// Moves an EAP method
+        ///
+        /// \param[in] other  EAP method to move from
+        ///
+        method_ttls(_Inout_ method_ttls &&other);
+
+        ///
+        /// Moves an EAP method
+        ///
+        /// \param[in] other  EAP method to move from
+        ///
+        /// \returns Reference to this object
+        ///
+        method_ttls& operator=(_Inout_ method_ttls &&other);
+
+        /// \name Packet processing
+        /// @{
+
+        ///
+        /// Processes a packet received by EAPHost from a supplicant.
+        ///
+        /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
+        ///
+        virtual void process_request_packet(
+            _In_bytecount_(dwReceivedPacketSize) const EapPacket           *pReceivedPacket,
+            _In_                                       DWORD               dwReceivedPacketSize,
+            _Inout_                                    EapPeerMethodOutput *pEapOutput);
+
+        ///
+        /// Obtains a response packet from the EAP method.
+        ///
+        /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
+        ///
+        virtual void get_response_packet(
+            _Inout_bytecap_(*dwSendPacketSize) EapPacket *pSendPacket,
+            _Inout_                            DWORD     *pdwSendPacketSize);
+
+        ///
+        /// Obtains the result of an authentication session from the EAP method.
+        ///
+        /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
+        ///
+        virtual void get_result(
+            _In_    EapPeerMethodResultReason reason,
+            _Inout_ EapPeerMethodResult       *ppResult);
+
+        /// @}
+
+    protected:
+#if EAP_TLS < EAP_TLS_SCHANNEL
+
+        ///
+        /// Generates master session key
+        ///
+        /// \sa [The EAP-TLS Authentication Protocol (Chapter 2.3. Key Hierarchy)](https://tools.ietf.org/html/rfc5216#section-2.3)
+        ///
+        virtual void derive_msk();
+
+#else
+
+        ///
+        /// Processes an application message
+        ///
+        /// \param[in] msg       Application message data
+        /// \param[in] size_msg  Application message data size
+        ///
+        virtual void process_application_data(_In_bytecount_(size_msg) const void *msg, _In_ size_t size_msg);
+
+#endif
+
+        ///
+        /// Makes a PAP client message
+        ///
+        /// \sa [Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0) (Chapter 11.2.5. PAP)](https://tools.ietf.org/html/rfc5281#section-11.2.5)
+        ///
+        /// \returns PAP client message
+        ///
+        sanitizing_blob make_pap_client() const;
+
+    public:
+        credentials_ttls &m_cred;           ///< TTLS credentials
+
+        #pragma warning(suppress: 4480)
+        enum version_t :unsigned char {
+            version_0 = 0,                  ///< EAP-TTLS v0
+        } m_version;                        ///< EAP-TTLS version
+    };
+}

lib/TTLS/include/Module.h

@@ -30,12 +30,12 @@ namespace eap
 
 #include "Config.h"
 #include "Credentials.h"
-#include "../../EAPBase/include/Module.h"
+#include "Method.h"
 
 
 namespace eap
 {
-    class peer_ttls : public peer<config_ttls, credentials_ttls, int, int>
+    class peer_ttls : public peer
     {
     public:
         ///
@@ -43,62 +43,187 @@ namespace eap
         ///
         peer_ttls();
 
+        ///
+        /// Makes a new method config
+        ///
+        virtual config_method* make_config_method();
+
         ///
         /// Initializes an EAP peer method for EAPHost.
         ///
         /// \sa [EapPeerGetInfo function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363613.aspx)
         ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool initialize(_Out_ EAP_ERROR **ppEapError);
+        virtual void initialize();
 
         ///
         /// Shuts down the EAP method and prepares to unload its corresponding DLL.
         ///
         /// \sa [EapPeerShutdown function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363627.aspx)
         ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool shutdown(_Out_ EAP_ERROR **ppEapError);
+        virtual void shutdown();
 
         ///
         /// Returns the user data and user identity after being called by EAPHost.
         ///
         /// \sa [EapPeerGetIdentity function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363607.aspx)
         ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
-        ///
-        virtual bool get_identity(
-            _In_          DWORD         dwFlags,
-            _In_    const config_type   &cfg,
-            _Inout_       identity_type &usr,
-            _In_          HANDLE        hTokenImpersonateUser,
-            _Out_         BOOL          *pfInvokeUI,
-            _Out_         WCHAR         **ppwszIdentity,
-            _Out_         EAP_ERROR     **ppEapError);
+        virtual void get_identity(
+            _In_                                   DWORD  dwFlags,
+            _In_count_(dwConnectionDataSize) const BYTE   *pConnectionData,
+            _In_                                   DWORD  dwConnectionDataSize,
+            _In_count_(dwUserDataSize)       const BYTE   *pUserData,
+            _In_                                   DWORD  dwUserDataSize,
+            _Inout_                                BYTE   **ppUserDataOut,
+            _Inout_                                DWORD  *pdwUserDataOutSize,
+            _In_                                   HANDLE hTokenImpersonateUser,
+            _Inout_                                BOOL   *pfInvokeUI,
+            _Inout_                                WCHAR  **ppwszIdentity);
 
         ///
         /// Defines the implementation of an EAP method-specific function that retrieves the properties of an EAP method given the connection and user data.
         ///
         /// \sa [EapPeerGetMethodProperties function](https://msdn.microsoft.com/en-us/library/windows/desktop/hh706636.aspx)
         ///
-        /// \returns
-        /// - \c true if succeeded
-        /// - \c false otherwise. See \p ppEapError for details.
+        virtual void get_method_properties(
+            _In_                                   DWORD                     dwVersion,
+            _In_                                   DWORD                     dwFlags,
+            _In_                                   HANDLE                    hUserImpersonationToken,
+            _In_count_(dwConnectionDataSize) const BYTE                      *pConnectionData,
+            _In_                                   DWORD                     dwConnectionDataSize,
+            _In_count_(dwUserDataSize)       const BYTE                      *pUserData,
+            _In_                                   DWORD                     dwUserDataSize,
+            _Inout_                                EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray);
+
         ///
-        virtual bool get_method_properties(
-            _In_        DWORD                     dwVersion,
-            _In_        DWORD                     dwFlags,
-            _In_        HANDLE                    hUserImpersonationToken,
-            _In_  const config_type               &cfg,
-            _In_  const identity_type             &usr,
-            _Out_       EAP_METHOD_PROPERTY_ARRAY *pMethodPropertyArray,
-            _Out_       EAP_ERROR                 **ppEapError) const;
+        /// Converts XML into the configuration BLOB. The XML based credentials can come from group policy or from a system administrator.
+        ///
+        /// \sa [EapPeerCredentialsXml2Blob function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363603.aspx)
+        ///
+        virtual void credentials_xml2blob(
+            _In_                                   DWORD       dwFlags,
+            _In_                                   IXMLDOMNode *pConfigRoot,
+            _In_count_(dwConnectionDataSize) const BYTE        *pConnectionData,
+            _In_                                   DWORD       dwConnectionDataSize,
+            _Inout_                                BYTE        **ppCredentialsOut,
+            _Inout_                                DWORD       *pdwCredentialsOutSize);
+
+        /// \name Session management
+        /// @{
+
+        ///
+        /// Starts an EAP authentication session on the peer EAPHost using the EAP method.
+        ///
+        /// \sa [EapPeerBeginSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363600.aspx)
+        ///
+        /// \returns Session handle
+        ///
+        virtual EAP_SESSION_HANDLE begin_session(
+            _In_                                   DWORD              dwFlags,
+            _In_                           const   EapAttributes      *pAttributeArray,
+            _In_                                   HANDLE             hTokenImpersonateUser,
+            _In_count_(dwConnectionDataSize) const BYTE               *pConnectionData,
+            _In_                                   DWORD              dwConnectionDataSize,
+            _In_count_(dwUserDataSize)       const BYTE               *pUserData,
+            _In_                                   DWORD              dwUserDataSize,
+            _In_                                   DWORD              dwMaxSendPacketSize);
+
+        ///
+        /// Ends an EAP authentication session for the EAP method.
+        ///
+        /// \sa [EapPeerEndSession function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363604.aspx)
+        ///
+        virtual void end_session(_In_ EAP_SESSION_HANDLE hSession);
+
+        ///
+        /// Processes a packet received by EAPHost from a supplicant.
+        ///
+        /// \sa [EapPeerProcessRequestPacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363621.aspx)
+        ///
+        virtual void process_request_packet(
+            _In_                                       EAP_SESSION_HANDLE  hSession,
+            _In_bytecount_(dwReceivedPacketSize) const EapPacket           *pReceivedPacket,
+            _In_                                       DWORD               dwReceivedPacketSize,
+            _Inout_                                    EapPeerMethodOutput *pEapOutput);
+
+        ///
+        /// Obtains a response packet from the EAP method.
+        ///
+        /// \sa [EapPeerGetResponsePacket function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363610.aspx)
+        ///
+        virtual void get_response_packet(
+            _In_                               EAP_SESSION_HANDLE hSession,
+            _Inout_bytecap_(*dwSendPacketSize) EapPacket          *pSendPacket,
+            _Inout_                            DWORD              *pdwSendPacketSize);
+
+        ///
+        /// Obtains the result of an authentication session from the EAP method.
+        ///
+        /// \sa [EapPeerGetResult function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363611.aspx)
+        ///
+        virtual void get_result(
+            _In_    EAP_SESSION_HANDLE        hSession,
+            _In_    EapPeerMethodResultReason reason,
+            _Inout_ EapPeerMethodResult       *ppResult);
+
+        ///
+        /// Obtains the user interface context from the EAP method.
+        ///
+        /// \note This function is always followed by the `EapPeerInvokeInteractiveUI()` function, which is followed by the `EapPeerSetUIContext()` function.
+        ///
+        /// \sa [EapPeerGetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363612.aspx)
+        ///
+        virtual void get_ui_context(
+            _In_    EAP_SESSION_HANDLE hSession,
+            _Inout_ BYTE               **ppUIContextData,
+            _Inout_ DWORD              *pdwUIContextDataSize);
+
+        ///
+        /// Provides a user interface context to the EAP method.
+        ///
+        /// \note This function is called after the UI has been raised through the `EapPeerGetUIContext()` function.
+        ///
+        /// \sa [EapPeerSetUIContext function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363626.aspx)
+        ///
+        virtual void set_ui_context(
+            _In_                                  EAP_SESSION_HANDLE  hSession,
+            _In_count_(dwUIContextDataSize) const BYTE                *pUIContextData,
+            _In_                                  DWORD               dwUIContextDataSize,
+            _In_                            const EapPeerMethodOutput *pEapOutput);
+
+        ///
+        /// Obtains an array of EAP response attributes from the EAP method.
+        ///
+        /// \sa [EapPeerGetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363609.aspx)
+        ///
+        virtual void get_response_attributes(
+            _In_    EAP_SESSION_HANDLE hSession,
+            _Inout_ EapAttributes      *pAttribs);
+
+        ///
+        /// Provides an updated array of EAP response attributes to the EAP method.
+        ///
+        /// \sa [EapPeerSetResponseAttributes function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363625.aspx)
+        ///
+        virtual void set_response_attributes(
+            _In_       EAP_SESSION_HANDLE  hSession,
+            _In_ const EapAttributes       *pAttribs,
+            _Inout_    EapPeerMethodOutput *pEapOutput);
+
+        /// @}
+
+    protected:
+        class session {
+        public:
+            inline session(_In_ module &mod) :
+                m_cfg(mod),
+                m_cred(mod),
+                m_method(mod, m_cfg, m_cred)
+            {}
+
+        public:
+            config_connection m_cfg;    ///< Connection configuration
+            credentials_ttls m_cred;    ///< User credentials
+            method_ttls m_method;       ///< EAP-TTLS method
+        };
     };
 }

lib/TTLS/include/Session.h

@@ -1,78 +0,0 @@
-/*
-    Copyright 2015-2016 Amebis
-    Copyright 2016 GÉANT
-
-    This file is part of GÉANTLink.
-
-    GÉANTLink is free software: you can redistribute it and/or modify it
-    under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    GÉANTLink is distributed in the hope that it will be useful, but
-    WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with GÉANTLink. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-namespace eap
-{
-    ///
-    /// TTLS session
-    ///
-    class session_ttls;
-}
-
-#pragma once
-
-#include "../../EAPBase/include/Session.h"
-
-
-namespace eap
-{
-    class session_ttls : public session<config_ttls, credentials_ttls, int, int>
-    {
-    public:
-        ///
-        /// Constructor
-        ///
-        /// \param[in] mod  Reference of the EAP module to use for global services
-        ///
-        session_ttls(_In_ module &mod);
-
-        ///
-        /// Copies TTLS session
-        ///
-        /// \param[in] other  Session to copy from
-        ///
-        session_ttls(_In_ const session_ttls &other);
-
-        ///
-        /// Moves TTLS session
-        ///
-        /// \param[in] other  Session to move from
-        ///
-        session_ttls(_Inout_ session_ttls &&other);
-
-        ///
-        /// Copies TTLS session
-        ///
-        /// \param[in] other  Session to copy from
-        ///
-        /// \returns Reference to this object
-        ///
-        session_ttls& operator=(_In_ const session_ttls &other);
-
-        ///
-        /// Moves TTLS session
-        ///
-        /// \param[in] other  Session to move from
-        ///
-        /// \returns Reference to this object
-        ///
-        session_ttls& operator=(_Inout_ session_ttls &&other);
-    };
-}