private static Interop.SspiCli.SCHANNEL_CRED CreateSecureCredential(
int version,
X509Certificate certificate,
Interop.SspiCli.SCHANNEL_CRED.Flags flags,
int protocols, EncryptionPolicy policy)
{
var credential = new Interop.SspiCli.SCHANNEL_CRED()
{
hRootStore = IntPtr.Zero,
aphMappers = IntPtr.Zero,
palgSupportedAlgs = IntPtr.Zero,
paCred = IntPtr.Zero,
cCreds = 0,
cMappers = 0,
cSupportedAlgs = 0,
dwSessionLifespan = 0,
reserved = 0
};
if (policy == EncryptionPolicy.RequireEncryption)
{
// Prohibit null encryption cipher.
credential.dwMinimumCipherStrength = 0;
credential.dwMaximumCipherStrength = 0;
}
else if (policy == EncryptionPolicy.AllowNoEncryption)
{
// Allow null encryption cipher in addition to other ciphers.
credential.dwMinimumCipherStrength = -1;
credential.dwMaximumCipherStrength = 0;
}
else if (policy == EncryptionPolicy.NoEncryption)
{
// Suppress all encryption and require null encryption cipher only
credential.dwMinimumCipherStrength = -1;
credential.dwMaximumCipherStrength = -1;
}
else
{
throw new ArgumentException(SR.Format(SR.net_invalid_enum, "EncryptionPolicy"), nameof(policy));
}
credential.dwVersion = version;
credential.dwFlags = flags;
credential.grbitEnabledProtocols = protocols;
if (certificate != null)
{
credential.paCred = certificate.Handle;
credential.cCreds = 1;
}
return credential;
}
