summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to 'Swiften/Client')
-rw-r--r--Swiften/Client/CoreClient.cpp31
-rw-r--r--Swiften/Client/CoreClient.h12
2 files changed, 12 insertions, 31 deletions
diff --git a/Swiften/Client/CoreClient.cpp b/Swiften/Client/CoreClient.cpp
index 36bfe35..e2a8e5a 100644
--- a/Swiften/Client/CoreClient.cpp
+++ b/Swiften/Client/CoreClient.cpp
@@ -126,19 +126,6 @@ void CoreClient::bindSessionToStream() {
session_->start();
}
-bool CoreClient::isCAPIURI() {
-#ifdef HAVE_SCHANNEL
- if (!boost::iequals(certificate_.substr(0, 10), "certstore:")) {
- return false;
- }
-
- return true;
-
-#else
- return false;
-#endif
-}
-
/**
* Only called for TCP sessions. BOSH is handled inside the BOSHSessionStream.
*/
@@ -156,20 +143,8 @@ void CoreClient::handleConnectorFinished(boost::shared_ptr<Connection> connectio
assert(!sessionStream_);
sessionStream_ = boost::make_shared<BasicSessionStream>(ClientStreamType, connection_, getPayloadParserFactories(), getPayloadSerializers(), networkFactories->getTLSContextFactory(), networkFactories->getTimerFactory(), networkFactories->getXMLParserFactory());
- if (!certificate_.empty()) {
- CertificateWithKey* cert;
-
-#if defined(SWIFTEN_PLATFORM_WIN32)
- if (isCAPIURI()) {
- cert = new CAPICertificate(certificate_);
- } else {
- cert = new PKCS12Certificate(certificate_, password_);
- }
-#else
- cert = new PKCS12Certificate(certificate_, password_);
-#endif
-
- sessionStream_->setTLSCertificate(cert);
+ if (certificate_ && !certificate_->isNull()) {
+ sessionStream_->setTLSCertificate(certificate_);
}
sessionStream_->onDataRead.connect(boost::bind(&CoreClient::handleDataRead, this, _1));
sessionStream_->onDataWritten.connect(boost::bind(&CoreClient::handleDataWritten, this, _1));
@@ -190,7 +165,7 @@ void CoreClient::disconnect() {
}
}
-void CoreClient::setCertificate(const std::string& certificate) {
+void CoreClient::setCertificate(CertificateWithKey::ref certificate) {
certificate_ = certificate;
}
diff --git a/Swiften/Client/CoreClient.h b/Swiften/Client/CoreClient.h
index 6712e03..1b875d2 100644
--- a/Swiften/Client/CoreClient.h
+++ b/Swiften/Client/CoreClient.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010 Remko Tronçon
+ * Copyright (c) 2010-2012 Remko Tronçon
* Licensed under the GNU General Public License v3.
* See Documentation/Licenses/GPLv3.txt for more information.
*/
@@ -15,6 +15,7 @@
#include <Swiften/Client/ClientError.h>
#include <Swiften/Client/ClientOptions.h>
#include <Swiften/Base/SafeByteArray.h>
+#include <Swiften/TLS/CertificateWithKey.h>
namespace Swift {
class ChainedConnector;
@@ -53,7 +54,12 @@ namespace Swift {
CoreClient(const JID& jid, const SafeByteArray& password, NetworkFactories* networkFactories);
~CoreClient();
- void setCertificate(const std::string& certificate);
+ /**
+ * Set a client certificate to use for strong authentication with the server.
+ * Ensure that it is of the correct type for the TLS engine in use.
+ * This means, largely, PKCS12Certificate for OpenSSL and CAPICertificate for CAPI.
+ */
+ void setCertificate(CertificateWithKey::ref certificate);
/**
* Connects the client to the server.
@@ -227,7 +233,7 @@ namespace Swift {
boost::shared_ptr<Connection> connection_;
boost::shared_ptr<SessionStream> sessionStream_;
boost::shared_ptr<ClientSession> session_;
- std::string certificate_;
+ CertificateWithKey::ref certificate_;
bool disconnectRequested_;
CertificateTrustChecker* certificateTrustChecker;
};