1 files changed, 81 insertions, 0 deletions

diff --git a/cpp/src/qpid/sys/windows/SslCredential.h b/cpp/src/qpid/sys/windows/SslCredential.h
new file mode 100644
index 0000000000..ba16dcdab5
--- /dev/null
+++ b/cpp/src/qpid/sys/windows/SslCredential.h
@@ -0,0 +1,81 @@
+#ifndef _sys_SslCredential
+#define _sys_SslCredential
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+#include "qpid/CommonImportExport.h"
+
+#include <string.h>
+// security.h needs to see this to distinguish from kernel use.
+#define SECURITY_WIN32
+#include <security.h>
+#include <Schnlsp.h>
+#undef SECURITY_WIN32
+
+namespace qpid {
+namespace sys {
+namespace windows {
+
+/*
+ * Manage certificate data structures for SChannel.
+ *
+ * Note on client certificates: The Posix/NSS implementation performs a lazy
+ * client certificate search part way through the ssl handshake if the server
+ * requests one.  Here, it is not known in advance if the server will
+ * request the certificate so the certificate is pre-loaded (even if never
+ * used).  To match the Linux behavior, client certificate load problems are
+ * remembered and reported later if appropriate, but do not prevent the
+ * connection attempt.
+ */
+
+class SslCredential {
+public:
+    QPID_COMMON_EXTERN SslCredential();
+    QPID_COMMON_EXTERN ~SslCredential();
+    QPID_COMMON_EXTERN bool load(const std::string& certName);
+    QPID_COMMON_EXTERN CredHandle handle();
+    QPID_COMMON_EXTERN std::string error();
+
+private:
+    struct SavedError {
+        std::string logMessage;
+        std::string error;
+        void set(const std::string &lm, const std::string es);
+        void set(const std::string &lm, int status);
+        void clear();
+        bool pending();
+    };
+
+    HCERTSTORE certStore;
+    PCCERT_CONTEXT cert;
+    SCHANNEL_CRED cred;
+    CredHandle credHandle;
+    TimeStamp credExpiry;
+    SavedError loadError;
+
+    PCCERT_CONTEXT findCertificate(const std::string& name);
+    void loadPrivCertStore();
+    std::string getPasswd(const std::string& filename);
+};
+
+}}}
+
+#endif // _sys_SslCredential