diff options
Diffstat (limited to 'cpp/src/qpid/sys/windows/SslCredential.h')
-rw-r--r-- | cpp/src/qpid/sys/windows/SslCredential.h | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/cpp/src/qpid/sys/windows/SslCredential.h b/cpp/src/qpid/sys/windows/SslCredential.h new file mode 100644 index 0000000000..ba16dcdab5 --- /dev/null +++ b/cpp/src/qpid/sys/windows/SslCredential.h @@ -0,0 +1,81 @@ +#ifndef _sys_SslCredential +#define _sys_SslCredential +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +#include "qpid/CommonImportExport.h" + +#include <string.h> +// security.h needs to see this to distinguish from kernel use. +#define SECURITY_WIN32 +#include <security.h> +#include <Schnlsp.h> +#undef SECURITY_WIN32 + +namespace qpid { +namespace sys { +namespace windows { + +/* + * Manage certificate data structures for SChannel. + * + * Note on client certificates: The Posix/NSS implementation performs a lazy + * client certificate search part way through the ssl handshake if the server + * requests one. Here, it is not known in advance if the server will + * request the certificate so the certificate is pre-loaded (even if never + * used). To match the Linux behavior, client certificate load problems are + * remembered and reported later if appropriate, but do not prevent the + * connection attempt. + */ + +class SslCredential { +public: + QPID_COMMON_EXTERN SslCredential(); + QPID_COMMON_EXTERN ~SslCredential(); + QPID_COMMON_EXTERN bool load(const std::string& certName); + QPID_COMMON_EXTERN CredHandle handle(); + QPID_COMMON_EXTERN std::string error(); + +private: + struct SavedError { + std::string logMessage; + std::string error; + void set(const std::string &lm, const std::string es); + void set(const std::string &lm, int status); + void clear(); + bool pending(); + }; + + HCERTSTORE certStore; + PCCERT_CONTEXT cert; + SCHANNEL_CRED cred; + CredHandle credHandle; + TimeStamp credExpiry; + SavedError loadError; + + PCCERT_CONTEXT findCertificate(const std::string& name); + void loadPrivCertStore(); + std::string getPasswd(const std::string& filename); +}; + +}}} + +#endif // _sys_SslCredential |