From 1bebb951f1a398038a602ea8ac1fc1cbc92959c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Remko=20Tron=C3=A7on?= <git@el-tramo.be>
Date: Sat, 12 May 2012 20:24:40 +0200
Subject: Remove peer certificate from APIs.

The peer certificate chain contains the peer certificate, so this was
redundant.

diff --git a/Swift/Controllers/Storages/CertificateStorageTrustChecker.h b/Swift/Controllers/Storages/CertificateStorageTrustChecker.h
index a73590a..df15575 100644
--- a/Swift/Controllers/Storages/CertificateStorageTrustChecker.h
+++ b/Swift/Controllers/Storages/CertificateStorageTrustChecker.h
@@ -18,7 +18,7 @@ namespace Swift {
 			CertificateStorageTrustChecker(CertificateStorage* storage) : storage(storage) {
 			}
 
-			virtual bool isCertificateTrusted(Certificate::ref, const std::vector<Certificate::ref>& certificateChain) {
+			virtual bool isCertificateTrusted(const std::vector<Certificate::ref>& certificateChain) {
 				lastCertificateChain = std::vector<Certificate::ref>(certificateChain.begin(), certificateChain.end());
 				return certificateChain.empty() ? false : storage->hasCertificate(certificateChain[0]);
 			}
diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp
index c2dc3ae..7e1f517 100644
--- a/Swiften/Client/ClientSession.cpp
+++ b/Swiften/Client/ClientSession.cpp
@@ -370,25 +370,24 @@ void ClientSession::sendCredentials(const SafeByteArray& password) {
 void ClientSession::handleTLSEncrypted() {
 	checkState(Encrypting);
 
-	Certificate::ref certificate = stream->getPeerCertificate();
 	std::vector<Certificate::ref> certificateChain = stream->getPeerCertificateChain();
 	boost::shared_ptr<CertificateVerificationError> verificationError = stream->getPeerCertificateVerificationError();
 	if (verificationError) {
-		checkTrustOrFinish(certificate, certificateChain, verificationError);
+		checkTrustOrFinish(certificateChain, verificationError);
 	}
 	else {
 		ServerIdentityVerifier identityVerifier(localJID);
-		if (identityVerifier.certificateVerifies(certificate)) {
+		if (!certificateChain.empty() && identityVerifier.certificateVerifies(certificateChain[0])) {
 			continueAfterTLSEncrypted();
 		}
 		else {
-			checkTrustOrFinish(certificate, certificateChain, boost::make_shared<CertificateVerificationError>(CertificateVerificationError::InvalidServerIdentity));
+			checkTrustOrFinish(certificateChain, boost::make_shared<CertificateVerificationError>(CertificateVerificationError::InvalidServerIdentity));
 		}
 	}
 }
 
-void ClientSession::checkTrustOrFinish(Certificate::ref certificate, const std::vector<Certificate::ref>& certificateChain, boost::shared_ptr<CertificateVerificationError> error) {
-	if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificate, certificateChain)) {
+void ClientSession::checkTrustOrFinish(const std::vector<Certificate::ref>& certificateChain, boost::shared_ptr<CertificateVerificationError> error) {
+	if (certificateTrustChecker && certificateTrustChecker->isCertificateTrusted(certificateChain)) {
 		continueAfterTLSEncrypted();
 	}
 	else {
diff --git a/Swiften/Client/ClientSession.h b/Swiften/Client/ClientSession.h
index 9c4b980..66a90ed 100644
--- a/Swiften/Client/ClientSession.h
+++ b/Swiften/Client/ClientSession.h
@@ -154,7 +154,7 @@ namespace Swift {
 			void handleStanzaAcked(boost::shared_ptr<Stanza> stanza);
 			void ack(unsigned int handledStanzasCount);
 			void continueAfterTLSEncrypted();
-			void checkTrustOrFinish(Certificate::ref certificate, const std::vector<Certificate::ref>& certificateChain, boost::shared_ptr<CertificateVerificationError> error);
+			void checkTrustOrFinish(const std::vector<Certificate::ref>& certificateChain, boost::shared_ptr<CertificateVerificationError> error);
 
 		private:
 			JID localJID;
diff --git a/Swiften/TLS/BlindCertificateTrustChecker.h b/Swiften/TLS/BlindCertificateTrustChecker.h
index 9ed7ff2..d91ec25 100644
--- a/Swiften/TLS/BlindCertificateTrustChecker.h
+++ b/Swiften/TLS/BlindCertificateTrustChecker.h
@@ -19,7 +19,7 @@ namespace Swift {
 	 */
 	class BlindCertificateTrustChecker : public CertificateTrustChecker {
 		public:
-			virtual bool isCertificateTrusted(Certificate::ref, const std::vector<Certificate::ref>&) {
+			virtual bool isCertificateTrusted(const std::vector<Certificate::ref>&) {
 				return true;
 			}
 	};
diff --git a/Swiften/TLS/CertificateTrustChecker.h b/Swiften/TLS/CertificateTrustChecker.h
index 91cc530..2ba6b40 100644
--- a/Swiften/TLS/CertificateTrustChecker.h
+++ b/Swiften/TLS/CertificateTrustChecker.h
@@ -21,13 +21,13 @@ namespace Swift {
 			virtual ~CertificateTrustChecker();
 
 			/**
-			 * This method is called to find out whether a certificate is
+			 * This method is called to find out whether a certificate (chain) is
 			 * trusted. This usually happens when a certificate's validation
 			 * fails, to check whether to proceed with the connection or not.
 			 *
-			 * certificateChain contains the chain of certificates, if available.
-			 * This chain includes certificate.
+			 * certificateChain contains the chain of certificates. The first certificate
+			 * is the subject certificate.
 			 */
-			virtual bool isCertificateTrusted(Certificate::ref certificate, const std::vector<Certificate::ref>& certificateChain) = 0;
+			virtual bool isCertificateTrusted(const std::vector<Certificate::ref>& certificateChain) = 0;
 	};
 }
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
index 58a8d05..2364c2e 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
@@ -232,16 +232,6 @@ bool OpenSSLContext::setClientCertificate(CertificateWithKey::ref certificate) {
 	return true;
 }
 
-Certificate::ref OpenSSLContext::getPeerCertificate() const {
-	boost::shared_ptr<X509> x509Cert(SSL_get_peer_certificate(handle_), X509_free);
-	if (x509Cert) {
-		return boost::make_shared<OpenSSLCertificate>(x509Cert);
-	}
-	else {
-		return Certificate::ref();
-	}
-}
-
 std::vector<Certificate::ref> OpenSSLContext::getPeerCertificateChain() const {
 	std::vector<Certificate::ref> result;
 	STACK_OF(X509)* chain = SSL_get_peer_cert_chain(handle_);
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.h b/Swiften/TLS/OpenSSL/OpenSSLContext.h
index cee4f79..d4327ca 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContext.h
+++ b/Swiften/TLS/OpenSSL/OpenSSLContext.h
@@ -27,7 +27,6 @@ namespace Swift {
 			void handleDataFromNetwork(const SafeByteArray&);
 			void handleDataFromApplication(const SafeByteArray&);
 
-			Certificate::ref getPeerCertificate() const;
 			std::vector<Certificate::ref> getPeerCertificateChain() const;
 			boost::shared_ptr<CertificateVerificationError> getPeerCertificateVerificationError() const;
 
diff --git a/Swiften/TLS/Schannel/SchannelContext.cpp b/Swiften/TLS/Schannel/SchannelContext.cpp
index 997d760..b4b2843 100644
--- a/Swiften/TLS/Schannel/SchannelContext.cpp
+++ b/Swiften/TLS/Schannel/SchannelContext.cpp
@@ -625,14 +625,6 @@ void SchannelContext::handleCertificateCardRemoved() {
 
 //------------------------------------------------------------------------
 
-Certificate::ref SchannelContext::getPeerCertificate() const {
-	ScopedCertContext pServerCert;
-	SECURITY_STATUS status = QueryContextAttributes(m_ctxtHandle, SECPKG_ATTR_REMOTE_CERT_CONTEXT, pServerCert.Reset());
-	return status == SEC_E_OK ? boost::make_shared<SchannelCertificate>(pServerCert) : SchannelCertificate::ref();
-}
-
-//------------------------------------------------------------------------
-
 std::vector<Certificate::ref> SchannelContext::getPeerCertificateChain() const {
 	std::vector<Certificate::ref> certificateChain;
 	ScopedCertContext pServerCert;
diff --git a/Swiften/TLS/Schannel/SchannelContext.h b/Swiften/TLS/Schannel/SchannelContext.h
index 2d65a8a..8603498 100644
--- a/Swiften/TLS/Schannel/SchannelContext.h
+++ b/Swiften/TLS/Schannel/SchannelContext.h
@@ -50,7 +50,6 @@ namespace Swift
 		virtual void	handleDataFromNetwork(const SafeByteArray& data);
 		virtual void	handleDataFromApplication(const SafeByteArray& data);
 
-		virtual Certificate::ref getPeerCertificate() const;
 		virtual std::vector<Certificate::ref> getPeerCertificateChain() const;
 		virtual CertificateVerificationError::ref getPeerCertificateVerificationError() const;
 
diff --git a/Swiften/TLS/TLSContext.cpp b/Swiften/TLS/TLSContext.cpp
index 026ae70..d461d91 100644
--- a/Swiften/TLS/TLSContext.cpp
+++ b/Swiften/TLS/TLSContext.cpp
@@ -11,4 +11,9 @@ namespace Swift {
 TLSContext::~TLSContext() {
 }
 
+Certificate::ref TLSContext::getPeerCertificate() const {
+	std::vector<Certificate::ref> chain = getPeerCertificateChain();
+	return chain.empty() ? Certificate::ref() : chain[0];
+}
+
 }
diff --git a/Swiften/TLS/TLSContext.h b/Swiften/TLS/TLSContext.h
index 388f8ee..5fee021 100644
--- a/Swiften/TLS/TLSContext.h
+++ b/Swiften/TLS/TLSContext.h
@@ -28,7 +28,7 @@ namespace Swift {
 			virtual void handleDataFromNetwork(const SafeByteArray&) = 0;
 			virtual void handleDataFromApplication(const SafeByteArray&) = 0;
 
-			virtual Certificate::ref getPeerCertificate() const = 0;
+			Certificate::ref getPeerCertificate() const;
 			virtual std::vector<Certificate::ref> getPeerCertificateChain() const = 0;
 			virtual CertificateVerificationError::ref getPeerCertificateVerificationError() const = 0;
 
-- 
cgit v0.10.2-6-g49f6