1 files changed, 11 insertions, 165 deletions
diff --git a/Swiften/TLS/CAPICertificate.h b/Swiften/TLS/CAPICertificate.h
index fcdb4c2..d9e2704 100644
--- a/Swiften/TLS/CAPICertificate.h
+++ b/Swiften/TLS/CAPICertificate.h
@@ -9,188 +9,34 @@
 #include <Swiften/Base/SafeByteArray.h>
 #include <Swiften/TLS/CertificateWithKey.h>
 
-#include <boost/algorithm/string/predicate.hpp>
-
 #define SECURITY_WIN32
+#include <Windows.h>
 #include <WinCrypt.h>
 
 namespace Swift {
 	class CAPICertificate : public Swift::CertificateWithKey {
 		public:
-			CAPICertificate(const std::string& capiUri)
-			    : valid_(false), uri_(capiUri), cert_store_handle_(0), cert_store_(NULL), cert_name_(NULL) {
-				setUri(capiUri);
-			}
-
-			virtual ~CAPICertificate() {
-				if (cert_store_handle_ != NULL)
-				{
-					CertCloseStore(cert_store_handle_, 0);
-				}
-			}
-
-			virtual bool isNull() const {
-				return uri_.empty() || !valid_;
-			}
-
-			virtual bool isPrivateKeyExportable() const {
-				/* We can check with CAPI, but for now the answer is "no" */
-				return false;
-			}
-
-			virtual const std::string& getCertStoreName() const {
-			    return cert_store_;
-			}
-
-			virtual const std::string& getCertName() const {
-			    return cert_name_;
-			}
-
-			const ByteArray& getData() const {
-////Might need to throw an exception here, or really generate PKCS12 blob from CAPI data?
-				assert(0);
-			}
-
-			void setData(const ByteArray& data) {
-				assert(0);
-			}
-
-			const SafeByteArray& getPassword() const {
-/////Can't pass NULL to createSafeByteArray!
-/////Should this throw an exception instead?
-				return createSafeByteArray("");
-			}
-
-		protected:
-			void setUri (const std::string& capiUri) {
-
-				valid_ = false;
-
-				/* Syntax: "certstore:" [<cert_store> ":"] <cert_id> */
-
-				if (!boost::iequals(capiUri.substr(0, 10), "certstore:")) {
-					return;
-				}
-
-				/* Substring of subject: uses "storename" */
-				std::string capi_identity = capiUri.substr(10);
-				std::string new_cert_store_name;
-				size_t pos = capi_identity.find_first_of (':');
-
-				if (pos == std::string::npos) {
-					/* Using the default certificate store */
-					new_cert_store_name = "MY";
-					cert_name_ = capi_identity;
-				} else {
-					new_cert_store_name = capi_identity.substr(0, pos);
-					cert_name_ = capi_identity.substr(pos + 1);
-				}
+			CAPICertificate(const std::string& capiUri);
 
-				PCCERT_CONTEXT pCertContext = NULL;
+			virtual ~CAPICertificate();
 
-				if (cert_store_handle_ != NULL)
-				{
-					if (new_cert_store_name != cert_store_) {
-						CertCloseStore(cert_store_handle_, 0);
-						cert_store_handle_ = NULL;
-					}
-				}
+			virtual bool isNull() const;
 
-				if (cert_store_handle_ == NULL)
-				{
-					cert_store_handle_ = CertOpenSystemStore(0, cert_store_.c_str());
-					if (!cert_store_handle_)
-					{
-						return;
-					}
-				}
+			const std::string& getCertStoreName() const;
 
-				cert_store_ = new_cert_store_name;
+			const std::string& getCertName() const;
 
-				/* NB: This might have to change, depending on how we locate certificates */
-
-				// Find client certificate. Note that this sample just searches for a 
-				// certificate that contains the user name somewhere in the subject name.
-				pCertContext = CertFindCertificateInStore(cert_store_handle_,
-					X509_ASN_ENCODING,
-					0,				// dwFindFlags
-					CERT_FIND_SUBJECT_STR_A,
-					cert_name_.c_str(),		// *pvFindPara
-					NULL );				// pPrevCertContext
-
-				if (pCertContext == NULL)
-				{
-					return;
-				}
-
-
-				/* Now verify that we can have access to the corresponding private key */
-
-				DWORD len;
-				CRYPT_KEY_PROV_INFO *pinfo;
-				HCRYPTPROV hprov;
-				HCRYPTKEY key;
-
-				if (!CertGetCertificateContextProperty(pCertContext,
-								       CERT_KEY_PROV_INFO_PROP_ID,
-								       NULL,
-								       &len))
-				{
-					CertFreeCertificateContext(pCertContext);
-					return;
-				}
-
-				pinfo = static_cast<CRYPT_KEY_PROV_INFO *>(malloc(len));
-				if (!pinfo) {
-					CertFreeCertificateContext(pCertContext);
-					return;
-				}
-
-				if (!CertGetCertificateContextProperty(pCertContext,
-								       CERT_KEY_PROV_INFO_PROP_ID,
-								       pinfo,
-								       &len))
-				{
-					CertFreeCertificateContext(pCertContext);
-					free(pinfo);
-					return;
-				}
-
-				CertFreeCertificateContext(pCertContext);
-
-				// Now verify if we have access to the private key
-				if (!CryptAcquireContextW(&hprov,
-							  pinfo->pwszContainerName,
-							  pinfo->pwszProvName,
-							  pinfo->dwProvType,
-							  0))
-				{
-					free(pinfo);
-					return;
-				}
-
-				if (!CryptGetUserKey(hprov, pinfo->dwKeySpec, &key))
-				{
-					CryptReleaseContext(hprov, 0);
-					free(pinfo);
-					return;
-				}
-
-				CryptDestroyKey(key);
-				CryptReleaseContext(hprov, 0);
-				free(pinfo);
-
-				valid_ = true;
-			}
+		private:
+			void setUri (const std::string& capiUri);
 
 		private:
 			bool valid_;
 			std::string uri_;
 
-			HCERTSTORE cert_store_handle_;
+			HCERTSTORE certStoreHandle_;
 
 			/* Parsed components of the uri_ */
-			std::string cert_store_;
-			std::string cert_name_;
+			std::string certStore_;
+			std::string certName_;
 	};
 }