diff --git a/src/SignatureXAdES_B.cpp b/src/SignatureXAdES_B.cpp index 99fbee19f..4a8303499 100644 --- a/src/SignatureXAdES_B.cpp +++ b/src/SignatureXAdES_B.cpp @@ -277,14 +277,16 @@ SignatureXAdES_B::SignatureXAdES_B(unsigned int id, ASiContainer *container, Sig if(signer->usingENProfile()) { setSigningCertificateV2(c); - setSignatureProductionPlaceV2(signer->city(), signer->streetAddress(), signer->stateOrProvince(), signer->postalCode(), signer->countryName()); - setSignerRolesV2(signer->signerRoles()); + setSignatureProductionPlace(signer->city(), signer->streetAddress(), + signer->stateOrProvince(), signer->postalCode(), signer->countryName()); + setSignerRoles(signer->signerRoles()); } else { setSigningCertificate(c); - setSignatureProductionPlace(signer->city(), signer->stateOrProvince(), signer->postalCode(), signer->countryName()); - setSignerRoles(signer->signerRoles()); + setSignatureProductionPlace(signer->city(), signer->streetAddress(), + signer->stateOrProvince(), signer->postalCode(), signer->countryName()); + setSignerRoles(signer->signerRoles()); } setSigningTime(time(nullptr)); @@ -879,14 +881,15 @@ void SignatureXAdES_B::setSigningCertificateV2(const X509Cert& x509) * * @param spp signature production place. */ -void SignatureXAdES_B::setSignatureProductionPlace(const string &city, +template +void SignatureXAdES_B::setSignatureProductionPlace(const string &city, const string &streetAddress, const string &stateOrProvince, const string &postalCode, const string &countryName) { - if(city.empty() && stateOrProvince.empty() && + if(city.empty() && streetAddress.empty() && stateOrProvince.empty() && postalCode.empty() && countryName.empty()) return; - auto signatureProductionPlace = make_unique(); + auto signatureProductionPlace = make_unique(); if(!city.empty()) signatureProductionPlace->city(city); if(!stateOrProvince.empty()) @@ -896,39 +899,28 @@ void SignatureXAdES_B::setSignatureProductionPlace(const string &city, if(!countryName.empty()) signatureProductionPlace->countryName(countryName); - getSignedSignatureProperties().signatureProductionPlace(std::move(signatureProductionPlace)); + if constexpr (is_same_v) + { + if(!streetAddress.empty()) + signatureProductionPlace->streetAddress(streetAddress); + getSignedSignatureProperties().signatureProductionPlaceV2(std::move(signatureProductionPlace)); + } + else + getSignedSignatureProperties().signatureProductionPlace(std::move(signatureProductionPlace)); } /** - * Sets signature production place. + * Sets signer claimed roles to the signature. + * NB! Only ClaimedRoles are supported. CerifiedRoles are not supported. * - * @param spp signature production place. + * @param roles signer roles. */ -void SignatureXAdES_B::setSignatureProductionPlaceV2(const string &city, const string &streetAddress, - const string &stateOrProvince, const string &postalCode, const string &countryName) +template +void SignatureXAdES_B::setSignerRoles(const vector &roles) { - if(city.empty() && streetAddress.empty() && stateOrProvince.empty() && - postalCode.empty() && countryName.empty()) + if(roles.empty()) return; - auto signatureProductionPlace = make_unique(); - if(!city.empty()) - signatureProductionPlace->city(city); - if(!streetAddress.empty()) - signatureProductionPlace->streetAddress(streetAddress); - if(!stateOrProvince.empty()) - signatureProductionPlace->stateOrProvince(stateOrProvince); - if(!postalCode.empty()) - signatureProductionPlace->postalCode(postalCode); - if(!countryName.empty()) - signatureProductionPlace->countryName(countryName); - - getSignedSignatureProperties().signatureProductionPlaceV2(std::move(signatureProductionPlace)); -} - -template -auto SignatureXAdES_B::signerRoles(const vector &roles) -{ auto claimedRoles = make_unique(); claimedRoles->claimedRole().reserve(roles.size()); for(const string &role: roles) @@ -936,31 +928,11 @@ auto SignatureXAdES_B::signerRoles(const vector &roles) auto signerRole = make_unique(); signerRole->claimedRoles(std::move(claimedRoles)); - return signerRole; -} - -/** - * Sets signer claimed roles to the signature. - * NB! Only ClaimedRoles are supported. CerifiedRoles are not supported. - * - * @param roles signer roles. - */ -void SignatureXAdES_B::setSignerRoles(const vector &roles) -{ - if(!roles.empty()) - getSignedSignatureProperties().signerRole(signerRoles(roles)); -} -/** - * Sets signer claimed roles to the signature. - * NB! Only ClaimedRoles are supported. CerifiedRoles are not supported. - * - * @param roles signer roles. - */ -void SignatureXAdES_B::setSignerRolesV2(const vector &roles) -{ - if(!roles.empty()) - getSignedSignatureProperties().signerRoleV2(signerRoles(roles)); + if constexpr (is_same_v) + getSignedSignatureProperties().signerRoleV2(std::move(signerRole)); + else + getSignedSignatureProperties().signerRole(std::move(signerRole)); } /** @@ -1104,21 +1076,21 @@ string SignatureXAdES_B::countryName() const vector SignatureXAdES_B::signerRoles() const { - const ClaimedRolesListType::ClaimedRoleSequence &claimedRoleSequence = [&] { - // return elements from SignerRole element or SignerRoleV2 when available - if(const auto &role = getSignedSignatureProperties().signerRole(); - role && role->claimedRoles()) - return role->claimedRoles()->claimedRole(); - if(const auto &roleV2 = getSignedSignatureProperties().signerRoleV2(); - roleV2 && roleV2->claimedRoles()) - return roleV2->claimedRoles()->claimedRole(); - return ClaimedRolesListType::ClaimedRoleSequence{}; - }(); - vector roles; - roles.reserve(claimedRoleSequence.size()); - for(const ClaimedRolesListType::ClaimedRoleType &type: claimedRoleSequence) - roles.emplace_back(type.text()); - return roles; + auto toRoles = [](const ClaimedRolesListType::ClaimedRoleSequence &claimedRoleSequence) -> vector { + vector roles; + roles.reserve(claimedRoleSequence.size()); + for(const auto &type: claimedRoleSequence) + roles.emplace_back(type.text()); + return roles; + }; + // return elements from SignerRole element or SignerRoleV2 when available + if(const auto &role = getSignedSignatureProperties().signerRole(); + role && role->claimedRoles()) + return toRoles(role->claimedRoles()->claimedRole()); + if(const auto &roleV2 = getSignedSignatureProperties().signerRoleV2(); + roleV2 && roleV2->claimedRoles()) + return toRoles(roleV2->claimedRoles()->claimedRole()); + return {}; } string SignatureXAdES_B::claimedSigningTime() const diff --git a/src/SignatureXAdES_B.h b/src/SignatureXAdES_B.h index 77f10e552..6ba4e805c 100644 --- a/src/SignatureXAdES_B.h +++ b/src/SignatureXAdES_B.h @@ -120,14 +120,11 @@ namespace digidoc void setKeyInfo(const X509Cert& cert); void setSigningCertificate(const X509Cert& cert); void setSigningCertificateV2(const X509Cert& cert); - void setSignatureProductionPlace(const std::string &city, - const std::string &stateOrProvince, const std::string &postalCode, const std::string &countryName); - void setSignatureProductionPlaceV2(const std::string &city, const std::string &streetAddress, + template + void setSignatureProductionPlace(const std::string &city, const std::string &streetAddress, const std::string &stateOrProvince, const std::string &postalCode, const std::string &countryName); template - inline auto signerRoles(const std::vector &signerRoles); - void setSignerRoles(const std::vector& signerRoles); - void setSignerRolesV2(const std::vector& signerRoles); + void setSignerRoles(const std::vector &signerRoles); void setSigningTime(time_t signingTime); // offline checks diff --git a/src/SignatureXAdES_LT.cpp b/src/SignatureXAdES_LT.cpp index a704a556d..c61a50acd 100644 --- a/src/SignatureXAdES_LT.cpp +++ b/src/SignatureXAdES_LT.cpp @@ -42,6 +42,11 @@ using namespace digidoc::xades; using namespace std; using namespace xml_schema; +static Base64Binary toBase64(const vector &v) +{ + return {const_cast(v.data()), v.size(), v.size(), false}; +} + SignatureXAdES_LT::SignatureXAdES_LT(unsigned int id, ASiContainer *bdoc, Signer *signer) : SignatureXAdES_T(id, bdoc, signer) {} @@ -92,7 +97,7 @@ string SignatureXAdES_LT::OCSPProducedAt() const string SignatureXAdES_LT::trustedSigningTime() const { string time = OCSPProducedAt(); - return time.empty() || profile().find(ASiC_E::ASIC_TM_PROFILE) == string::npos ? SignatureXAdES_T::trustedSigningTime() : time; + return time.empty() || profile().find(ASiC_E::ASIC_TM_PROFILE) == string::npos ? SignatureXAdES_T::trustedSigningTime() : std::move(time); } /** @@ -248,16 +253,15 @@ void SignatureXAdES_LT::addCertificateValue(const string& certId, const X509Cert unsignedSignatureProperties().certificateValues(); if(values.empty()) { - values.push_back(CertificateValuesType()); + values.push_back(make_unique()); unsignedSignatureProperties().contentOrder().push_back( UnsignedSignaturePropertiesType::ContentOrderType( UnsignedSignaturePropertiesType::certificateValuesId, values.size() - 1)); } - vector der = x509; - CertificateValuesType::EncapsulatedX509CertificateType certData({der.data(), der.size(), der.size(), false}); - certData.id(certId); - values[0].encapsulatedX509Certificate().push_back(certData); + auto certData = make_unique(toBase64(x509)); + certData->id(certId); + values[0].encapsulatedX509Certificate().push_back(std::move(certData)); } void SignatureXAdES_LT::addOCSPValue(const string &id, const OCSP &ocsp) @@ -266,17 +270,16 @@ void SignatureXAdES_LT::addOCSPValue(const string &id, const OCSP &ocsp) createUnsignedSignatureProperties(); - vector der = ocsp; - OCSPValuesType::EncapsulatedOCSPValueType ocspValueData({der.data(), der.size(), der.size(), false}); - ocspValueData.id(id); + auto ocspValueData = make_unique(toBase64(ocsp)); + ocspValueData->id(id); - OCSPValuesType ocspValue; - ocspValue.encapsulatedOCSPValue().push_back(ocspValueData); + auto ocspValue = make_unique(); + ocspValue->encapsulatedOCSPValue().push_back(std::move(ocspValueData)); - RevocationValuesType revocationValues; - revocationValues.oCSPValues(ocspValue); + auto revocationValues = make_unique(); + revocationValues->oCSPValues(std::move(ocspValue)); - unsignedSignatureProperties().revocationValues().push_back(revocationValues); + unsignedSignatureProperties().revocationValues().push_back(std::move(revocationValues)); unsignedSignatureProperties().contentOrder().push_back( UnsignedSignaturePropertiesType::ContentOrderType( UnsignedSignaturePropertiesType::revocationValuesId, diff --git a/src/SignatureXAdES_T.cpp b/src/SignatureXAdES_T.cpp index 8478ca943..7bdd5f676 100644 --- a/src/SignatureXAdES_T.cpp +++ b/src/SignatureXAdES_T.cpp @@ -66,7 +66,7 @@ string SignatureXAdES_T::TimeStampTime() const string SignatureXAdES_T::trustedSigningTime() const { string time = TimeStampTime(); - return time.empty() ? SignatureXAdES_B::trustedSigningTime() : time; + return time.empty() ? SignatureXAdES_B::trustedSigningTime() : std::move(time); } void SignatureXAdES_T::extendSignatureProfile(const std::string &profile) diff --git a/src/crypto/Connect.cpp b/src/crypto/Connect.cpp index 5978e6c29..77ae6c545 100644 --- a/src/crypto/Connect.cpp +++ b/src/crypto/Connect.cpp @@ -89,7 +89,7 @@ Connect::Connect(const string &_url, const string &method, int timeout, const ve { hostname = c->proxyHost() + ":" + c->proxyPort(); if(usessl == 0 || (CONF(proxyForceSSL))) - path = url; + path = std::move(url); } DEBUG("Connecting to Host: %s timeout: %i", hostname.c_str(), _timeout); diff --git a/src/crypto/PKCS11Signer.cpp b/src/crypto/PKCS11Signer.cpp index c7138943d..7a9e6f4e9 100644 --- a/src/crypto/PKCS11Signer.cpp +++ b/src/crypto/PKCS11Signer.cpp @@ -221,7 +221,7 @@ X509Cert PKCS11Signer::cert() const vector id = d->attribute(session, obj, CKA_ID); if(d->findObject(session, CKO_PUBLIC_KEY, id).empty()) continue; - certSlotMapping.push_back({x509, slot, id}); + certSlotMapping.push_back({x509, slot, std::move(id)}); certificates.push_back(std::move(x509)); } } diff --git a/src/crypto/TSL.cpp b/src/crypto/TSL.cpp index 727805486..94872557c 100644 --- a/src/crypto/TSL.cpp +++ b/src/crypto/TSL.cpp @@ -37,6 +37,7 @@ DIGIDOCPP_WARNING_DISABLE_MSVC(4005) #include DIGIDOCPP_WARNING_POP +#include #include #include #include @@ -94,10 +95,16 @@ const set TSL::SERVICES_SUPPORTED = { "http://uri.etsi.org/TrstSvc/Svctype/TSA/TSS-AdESQCandQES", //??? }; +template +constexpr bool find(const C &list, const T &value) +{ + return find(list.begin(), list.end(), value) != list.end(); +} + TSL::TSL(string file) - : path(move(file)) + : path(std::move(file)) { try { if(!File::fileExists(path)) @@ -124,7 +131,7 @@ TSL::TSL(string file) string result = xsd::cxx::xml::transcode(e.getMessage()); WARN("Failed to parse TSL %s %s: %s", territory().c_str(), path.c_str(), result.c_str()); } catch(const xsd::cxx::xml::invalid_utf16_string & /* ex */) { - WARN("Failed to parse TSL %s %s", territory().c_str(), path.c_str()); + WARN("Failed to parse TSL %s %s", territory().c_str(), path.c_str()); } } catch(const Exception &e) @@ -145,14 +152,13 @@ bool TSL::activate(const string &territory) string path = cache + "/" + territory + ".xml"; if(File::fileExists(path)) return false; - ofstream(File::encodeName(path).c_str(), ofstream::binary) << " "; + ofstream(File::encodeName(path), ofstream::binary) << " "; return true; } vector TSL::services() const { - if(GENERIC_URI.find(type()) == GENERIC_URI.cend() || - !tsl->trustServiceProviderList()) + if(!find(GENERIC_URI, type()) || !tsl->trustServiceProviderList()) return {}; vector services; @@ -161,7 +167,7 @@ vector TSL::services() const for(const TSPServiceType &service: pointer.tSPServices().tSPService()) { const TSPServiceInformationType &serviceInfo = service.serviceInformation(); - if(SERVICES_SUPPORTED.find(serviceInfo.serviceTypeIdentifier()) == SERVICES_SUPPORTED.cend()) + if(!find(SERVICES_SUPPORTED, serviceInfo.serviceTypeIdentifier())) continue; Service s; s.type = serviceInfo.serviceTypeIdentifier(); @@ -179,7 +185,7 @@ vector TSL::services() const parseInfo(history, s, previousTime); } } - services.push_back(move(s)); + services.push_back(std::move(s)); } } return services; @@ -187,7 +193,7 @@ vector TSL::services() const void TSL::debugException(const digidoc::Exception &e) { - Log::out(Log::DebugType, e.file().c_str(), e.line(), "%s", e.msg().c_str()); + Log::out(Log::DebugType, e.file().c_str(), unsigned(e.line()), "%s", e.msg().c_str()); for(const Exception &ex: e.causes()) debugException(ex); } @@ -197,9 +203,9 @@ string TSL::fetch(const string &url, const string &path) try { Connect::Result r = Connect(url, "GET", CONF(TSLTimeOut)).exec({{"Accept-Encoding", "gzip"}}); - if(!r.isOK() || r.content.empty()) + if(!r || r.content.empty()) THROW("HTTP status code is not 200 or content is empty"); - ofstream(File::encodeName(path).c_str(), fstream::binary|fstream::trunc) << r.content; + ofstream(File::encodeName(path), fstream::binary|fstream::trunc) << r.content; return r.headers["ETag"]; } catch(const Exception &) @@ -311,11 +317,12 @@ TSL TSL::parseTSL(const string &url, const vector &certs, tsl.validate(certs); valid = tsl; - ofstream(File::encodeName(path).c_str(), ofstream::binary|fstream::trunc) - << ifstream(File::encodeName(tmp).c_str(), fstream::binary).rdbuf(); - File::removeFile(tmp); + ofstream(File::encodeName(path), ofstream::binary|fstream::trunc) + << ifstream(File::encodeName(tmp), fstream::binary).rdbuf(); + error_code ec; + std::filesystem::remove(std::filesystem::u8path(tmp), ec); - ofstream(File::encodeName(path + ".etag").c_str(), ofstream::trunc) << etag; + ofstream(File::encodeName(path + ".etag"), ofstream::trunc) << etag; DEBUG("TSL %s (%llu) signature is valid", territory.c_str(), tsl.sequenceNumber()); } catch(const Exception &) { ERR("TSL %s signature is invalid", territory.c_str()); @@ -353,7 +360,7 @@ bool TSL::parseInfo(const Info &info, Service &s, time_t &previousTime) { for(const QualificationElementType &element: extension.qualificationsType()->qualificationElement()) { - Qualifier q; + Qualifier &q = qualifiers.emplace_back(); for(const QualifierType &qualifier: element.qualifiers().qualifier()) { if(qualifier.uri()) @@ -364,7 +371,7 @@ bool TSL::parseInfo(const Info &info, Service &s, time_t &previousTime) q.assert_ = criteria.assert_().get(); for(const KeyUsageType &keyUsage: criteria.keyUsage()) { - map usage; + map &usage = q.keyUsage.emplace_back(); for(const KeyUsageBitType &bit: keyUsage.keyUsageBit()) { if(!bit.name()) @@ -388,16 +395,14 @@ bool TSL::parseInfo(const Info &info, Service &s, time_t &previousTime) if(bit.name().get() == "decipherOnly") usage[X509Cert::DecipherOnly] = bit; } - q.keyUsage.push_back(move(usage)); } for(const PoliciesListType &policySet: criteria.policySet()) { - vector policies; + vector &policies = q.policySet.emplace_back(); + policies.reserve(policySet.policyIdentifier().size()); for(const xades::ObjectIdentifierType &policy: policySet.policyIdentifier()) policies.push_back(policy.identifier()); - q.policySet.push_back(move(policies)); } - qualifiers.push_back(move(q)); } } } @@ -411,9 +416,9 @@ bool TSL::parseInfo(const Info &info, Service &s, time_t &previousTime) s.certs.emplace_back((const unsigned char*)base64.data(), base64.size()); } - if(SERVICESTATUS_START.find(info.serviceStatus()) != SERVICESTATUS_START.cend()) - s.validity.push_back({date::xsd2time_t(info.statusStartingTime()), previousTime, qualifiers}); - else if(SERVICESTATUS_END.find(info.serviceStatus()) == SERVICESTATUS_END.cend()) + if(find(SERVICESTATUS_START, info.serviceStatus())) + s.validity.push_back({date::xsd2time_t(info.statusStartingTime()), previousTime, std::move(qualifiers)}); + else if(!find(SERVICESTATUS_END, info.serviceStatus())) DEBUG("Unknown service status %s", info.serviceStatus().c_str()); previousTime = date::xsd2time_t(info.statusStartingTime()); return true; @@ -438,8 +443,7 @@ vector TSL::pivotURLs() const vector TSL::pointers() const { - if(SCHEMES_URI.find(type()) == SCHEMES_URI.cend() || - !tsl->schemeInformation().pointersToOtherTSL()) + if(!find(SCHEMES_URI, type()) || !tsl->schemeInformation().pointersToOtherTSL()) return {}; vector pointer; for(const OtherTSLPointersType::OtherTSLPointerType &other: @@ -453,7 +457,7 @@ vector TSL::pointers() const p.location = string(other.tSLLocation()); p.certs = serviceDigitalIdentities(other, p.territory); if(!p.certs.empty()) - pointer.push_back(move(p)); + pointer.push_back(std::move(p)); } return pointer; } @@ -615,8 +619,8 @@ void TSL::validate(const vector &certs, int recursion) const if(!pivot.tsl) { string etag = fetch(urls[0], path); - ofstream(File::encodeName(path + ".etag").c_str(), ofstream::trunc) << etag; - pivot = TSL(path); + ofstream(File::encodeName(path + ".etag"), ofstream::trunc) << etag; + pivot = TSL(std::move(path)); } pivot.validate(certs, recursion + 1); validate(pivot.signingCerts(), recursion); @@ -633,7 +637,7 @@ bool TSL::validateETag(const string &url) Connect::Result r; try { r = Connect(url, "HEAD", CONF(TSLTimeOut)).exec({{"Accept-Encoding", "gzip"}}); - if(!r.isOK()) + if(!r) return false; } catch(const Exception &e) { debugException(e); @@ -641,7 +645,7 @@ bool TSL::validateETag(const string &url) return false; } - map::const_iterator it = r.headers.find("ETag"); + auto it = r.headers.find("ETag"); if(it == r.headers.cend()) return validateRemoteDigest(url); @@ -666,8 +670,8 @@ bool TSL::validateRemoteDigest(const string &url) Connect::Result r; try { - r= Connect(url.substr(0, pos) + ".sha2", "GET", CONF(TSLTimeOut)).exec(); - if(!r.isOK()) + r = Connect(url.substr(0, pos) + ".sha2", "GET", CONF(TSLTimeOut)).exec(); + if(!r) return false; } catch(const Exception &e) { debugException(e); @@ -687,7 +691,7 @@ bool TSL::validateRemoteDigest(const string &url) } Digest sha(URI_RSA_SHA256); - vector buf(10240, 0); + array buf{}; ifstream is(path, ifstream::binary); while(is) { diff --git a/src/digidoc-tool.cpp b/src/digidoc-tool.cpp index ede0d69bc..f2eb87d43 100644 --- a/src/digidoc-tool.cpp +++ b/src/digidoc-tool.cpp @@ -564,7 +564,7 @@ static int open(int argc, char* argv[]) if(auto pos = arg.find('='); pos != string::npos) { fs::path newPath = fs::u8path(arg.substr(pos + 1)); - extractPath = newPath.is_relative() ? extractPath / newPath : newPath; + extractPath = newPath.is_relative() ? extractPath / newPath : std::move(newPath); } if(!fs::is_directory(extractPath)) THROW("Path is not directory"); @@ -576,7 +576,7 @@ static int open(int argc, char* argv[]) else if(arg.find("--offline") == 0) cb.online = false; else - path = arg; + path = std::move(arg); } if(path.empty()) @@ -689,11 +689,11 @@ static int remove(int argc, char *argv[]) { string arg(ToolConfig::toUTF8(argv[i])); if(arg.find("--document=") == 0) - documents.push_back(stoi(arg.substr(11))); + documents.push_back(unsigned(stoi(arg.substr(11)))); else if(arg.find("--signature=") == 0) - signatures.push_back(stoi(arg.substr(12))); + signatures.push_back(unsigned(stoi(arg.substr(12)))); else - path = arg; + path = std::move(arg); } if(path.empty()) @@ -953,7 +953,7 @@ static int tslcmd(int /*argc*/, char* /*argv*/[]) cout << " TSL: missing" << endl; continue; } - TSL tp(path); + TSL tp(std::move(path)); cout << " TSL: " << p.location << endl << " Type: " << tp.type() << endl << " Territory: " << tp.territory() << endl diff --git a/src/util/File.cpp b/src/util/File.cpp index bf5c93682..3a094562f 100644 --- a/src/util/File.cpp +++ b/src/util/File.cpp @@ -326,12 +326,6 @@ void File::deleteTempFiles() } } -bool File::removeFile(const string &path) -{ - error_code ec; - return fs::remove(fs::u8path(path), ec); -} - /** * Helper method for converting strings with non-ascii characters to the URI format (%HH for each non-ascii character). * diff --git a/src/util/File.h b/src/util/File.h index 3861ef395..f731b729a 100644 --- a/src/util/File.h +++ b/src/util/File.h @@ -50,7 +50,6 @@ namespace digidoc static std::filesystem::path tempFileName(); static void createDirectory(std::string path); static void deleteTempFiles(); - static bool removeFile(const std::string &path); static std::string toUri(const std::string &path); static std::string toUriPath(const std::string &path); static std::string fromUriPath(const std::string &path);