summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to 'Swiften/TLS')
-rw-r--r--Swiften/TLS/CAPICertificate.cpp57
1 files changed, 46 insertions, 11 deletions
diff --git a/Swiften/TLS/CAPICertificate.cpp b/Swiften/TLS/CAPICertificate.cpp
index 9a3bbc8..a6725c9 100644
--- a/Swiften/TLS/CAPICertificate.cpp
+++ b/Swiften/TLS/CAPICertificate.cpp
@@ -6,9 +6,13 @@
#pragma once
#include <Swiften/TLS/CAPICertificate.h>
+#include <Swiften/StringCodecs/Hexify.h>
#include <boost/algorithm/string/predicate.hpp>
+// Size of the SHA1 hash
+#define SHA1_HASH_LEN 20
+
namespace Swift {
CAPICertificate::CAPICertificate(const std::string& capiUri)
@@ -34,11 +38,51 @@ const std::string& CAPICertificate::getCertName() const {
return certName_;
}
+static PCCERT_CONTEXT findCertificateInStore (HCERTSTORE certStoreHandle, const std::string &certName) {
+ PCCERT_CONTEXT pCertContext = NULL;
+
+ if (!boost::iequals(certName.substr(0, 5), "sha1:")) {
+
+ // Find client certificate. Note that this sample just searches for a
+ // certificate that contains the user name somewhere in the subject name.
+ pCertContext = CertFindCertificateInStore(certStoreHandle,
+ X509_ASN_ENCODING,
+ 0, // dwFindFlags
+ CERT_FIND_SUBJECT_STR_A,
+ certName.c_str(), // *pvFindPara
+ NULL ); // pPrevCertContext
+ return pCertContext;
+ }
+
+
+ std::string hexstring = certName.substr(5);
+ ByteArray byteArray = Hexify::unhexify(hexstring);
+ CRYPT_HASH_BLOB HashBlob;
+
+ if (byteArray.size() != SHA1_HASH_LEN) {
+ return NULL;
+ }
+ HashBlob.cbData = SHA1_HASH_LEN;
+ HashBlob.pbData = static_cast<BYTE *>(vecptr(byteArray));
+
+ // Find client certificate. Note that this sample just searches for a
+ // certificate that contains the user name somewhere in the subject name.
+ pCertContext = CertFindCertificateInStore(certStoreHandle,
+ X509_ASN_ENCODING,
+ 0, // dwFindFlags
+ CERT_FIND_HASH,
+ &HashBlob,
+ NULL ); // pPrevCertContext
+
+ return pCertContext;
+}
+
+
void CAPICertificate::setUri (const std::string& capiUri) {
valid_ = false;
- /* Syntax: "certstore:" [<cert_store> ":"] <cert_id> */
+ /* Syntax: "certstore:" <cert_store> ":" <hash> ":" <hash_of_cert> */
if (!boost::iequals(capiUri.substr(0, 10), "certstore:")) {
return;
@@ -77,16 +121,7 @@ void CAPICertificate::setUri (const std::string& capiUri) {
certStore_ = new_certStore_name;
- /* NB: This might have to change, depending on how we locate certificates */
-
- // Find client certificate. Note that this sample just searches for a
- // certificate that contains the user name somewhere in the subject name.
- pCertContext = CertFindCertificateInStore(certStoreHandle_,
- X509_ASN_ENCODING,
- 0, // dwFindFlags
- CERT_FIND_SUBJECT_STR_A,
- certName_.c_str(), // *pvFindPara
- NULL ); // pPrevCertContext
+ pCertContext = findCertificateInStore (certStoreHandle_, certName_);
if (!pCertContext) {
return;