Remove memory-wasting map in ssl_cert

git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@11428 e03df62e-2008-0410-955e-edbf42e46eb7
author: danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7> 2009-07-02 18:17:26 +0000
committer: danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7> 2009-07-02 18:17:26 +0000
commit: 2db8cb45f87b0406e88f6ecf6a46eb15f5238684 (patch)
tree: 86331d2a2dcfaa4be98a624c9633555a6fb6c231
parent: e1eb3b72f672401b31da8faa229dfacd50b38583 (diff)
4 files changed, 47 insertions, 139 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 8b865c559..4ff5a9062 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -749,42 +749,14 @@ class ModuleSSLGnuTLS : public Module
 
 		if (ret < 0)
 		{
-			certinfo->data.insert(std::make_pair("error",std::string(gnutls_strerror(ret))));
+			certinfo->error = std::string(gnutls_strerror(ret));
 			return;
 		}
 
-		if (status & GNUTLS_CERT_INVALID)
-		{
-			certinfo->data.insert(std::make_pair("invalid",ConvToStr(1)));
-		}
-		else
-		{
-			certinfo->data.insert(std::make_pair("invalid",ConvToStr(0)));
-		}
-		if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
-		{
-			certinfo->data.insert(std::make_pair("unknownsigner",ConvToStr(1)));
-		}
-		else
-		{
-			certinfo->data.insert(std::make_pair("unknownsigner",ConvToStr(0)));
-		}
-		if (status & GNUTLS_CERT_REVOKED)
-		{
-			certinfo->data.insert(std::make_pair("revoked",ConvToStr(1)));
-		}
-		else
-		{
-			certinfo->data.insert(std::make_pair("revoked",ConvToStr(0)));
-		}
-		if (status & GNUTLS_CERT_SIGNER_NOT_CA)
-		{
-			certinfo->data.insert(std::make_pair("trusted",ConvToStr(0)));
-		}
-		else
-		{
-			certinfo->data.insert(std::make_pair("trusted",ConvToStr(1)));
-		}
+		certinfo->invalid = (status & GNUTLS_CERT_INVALID);
+		certinfo->unknownsigner = (status & GNUTLS_CERT_SIGNER_NOT_FOUND);
+		certinfo->revoked = (status & GNUTLS_CERT_REVOKED);
+		certinfo->trusted = !(status & GNUTLS_CERT_SIGNER_NOT_CA);
 
 		/* Up to here the process is the same for X.509 certificates and
 		 * OpenPGP keys. From now on X.509 certificates are assumed. This can
@@ -792,14 +764,14 @@ class ModuleSSLGnuTLS : public Module
 		 */
 		if (gnutls_certificate_type_get(session->sess) != GNUTLS_CRT_X509)
 		{
-			certinfo->data.insert(std::make_pair("error","No X509 keys sent"));
+			certinfo->error = "No X509 keys sent";
 			return;
 		}
 
 		ret = gnutls_x509_crt_init(&cert);
 		if (ret < 0)
 		{
-			certinfo->data.insert(std::make_pair("error",gnutls_strerror(ret)));
+			certinfo->error = gnutls_strerror(ret);
 			return;
 		}
 
@@ -807,7 +779,7 @@ class ModuleSSLGnuTLS : public Module
 		cert_list = gnutls_certificate_get_peers(session->sess, &cert_list_size);
 		if (cert_list == NULL)
 		{
-			certinfo->data.insert(std::make_pair("error","No certificate was found"));
+			certinfo->error = "No certificate was found";
 			return;
 		}
 
@@ -818,32 +790,30 @@ class ModuleSSLGnuTLS : public Module
 		ret = gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER);
 		if (ret < 0)
 		{
-			certinfo->data.insert(std::make_pair("error",gnutls_strerror(ret)));
+			certinfo->error = gnutls_strerror(ret);
 			return;
 		}
 
 		gnutls_x509_crt_get_dn(cert, name, &name_size);
-
-		certinfo->data.insert(std::make_pair("dn",name));
+		certinfo->dn = name;
 
 		gnutls_x509_crt_get_issuer_dn(cert, name, &name_size);
-
-		certinfo->data.insert(std::make_pair("issuer",name));
+		certinfo->issuer = name;
 
 		if ((ret = gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_MD5, digest, &digest_size)) < 0)
 		{
-			certinfo->data.insert(std::make_pair("error",gnutls_strerror(ret)));
+			certinfo->error = gnutls_strerror(ret);
 		}
 		else
 		{
-			certinfo->data.insert(std::make_pair("fingerprint",irc::hex(digest, digest_size)));
+			certinfo->fingerprint = irc::hex(digest, digest_size);
 		}
 
 		/* Beware here we do not check for errors.
 		 */
 		if ((gnutls_x509_crt_get_expiration_time(cert) < ServerInstance->Time()) || (gnutls_x509_crt_get_activation_time(cert) > ServerInstance->Time()))
 		{
-			certinfo->data.insert(std::make_pair("error","Not activated, or expired certificate"));
+			certinfo->error = "Not activated, or expired certificate";
 		}
 
 		gnutls_x509_crt_deinit(cert);
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index f2f2801b4..6aaf8ab1f 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -839,38 +839,38 @@ class ModuleSSLOpenSSL : public Module
 
 		if (!cert)
 		{
-			certinfo->data.insert(std::make_pair("error","Could not get peer certificate: "+std::string(get_error())));
+			certinfo->error = "Could not get peer certificate: "+std::string(get_error());
 			return;
 		}
 
-		certinfo->data.insert(std::make_pair("invalid", SSL_get_verify_result(session->sess) != X509_V_OK ? ConvToStr(1) : ConvToStr(0)));
+		certinfo->invalid = (SSL_get_verify_result(session->sess) != X509_V_OK);
 
 		if (SelfSigned)
 		{
-			certinfo->data.insert(std::make_pair("unknownsigner",ConvToStr(0)));
-			certinfo->data.insert(std::make_pair("trusted",ConvToStr(1)));
+			certinfo->unknownsigner = false;
+			certinfo->trusted = true;
 		}
 		else
 		{
-			certinfo->data.insert(std::make_pair("unknownsigner",ConvToStr(1)));
-			certinfo->data.insert(std::make_pair("trusted",ConvToStr(0)));
+			certinfo->unknownsigner = true;
+			certinfo->trusted = false;
 		}
 
-		certinfo->data.insert(std::make_pair("dn",std::string(X509_NAME_oneline(X509_get_subject_name(cert),0,0))));
-		certinfo->data.insert(std::make_pair("issuer",std::string(X509_NAME_oneline(X509_get_issuer_name(cert),0,0))));
+		certinfo->dn = X509_NAME_oneline(X509_get_subject_name(cert),0,0);
+		certinfo->issuer = X509_NAME_oneline(X509_get_issuer_name(cert),0,0);
 
 		if (!X509_digest(cert, digest, md, &n))
 		{
-			certinfo->data.insert(std::make_pair("error","Out of memory generating fingerprint"));
+			certinfo->error = "Out of memory generating fingerprint";
 		}
 		else
 		{
-			certinfo->data.insert(std::make_pair("fingerprint",irc::hex(md, n)));
+			certinfo->fingerprint = irc::hex(md, n);
 		}
 
 		if ((ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(cert), ServerInstance->Time()) == -1) || (ASN1_UTCTIME_cmp_time_t(X509_get_notBefore(cert), ServerInstance->Time()) == 0))
 		{
-			certinfo->data.insert(std::make_pair("error","Not activated, or expired certificate"));
+			certinfo->error = "Not activated, or expired certificate";
 		}
 
 		X509_free(cert);
diff --git a/src/modules/m_ssl_data.cpp b/src/modules/m_ssl_data.cpp
index 0ce760971..2cc712c65 100644
--- a/src/modules/m_ssl_data.cpp
+++ b/src/modules/m_ssl_data.cpp
@@ -96,25 +96,19 @@ class ModuleSSLData : public Module
 			std::string v;
 			getline(s,v,' ');
 
-			cert->data.insert(std::make_pair("invalid", ConvToStr(v.find('v') != std::string::npos)));
-			cert->data.insert(std::make_pair("trusted", ConvToStr(v.find('T') != std::string::npos)));
-			cert->data.insert(std::make_pair("revoked", ConvToStr(v.find('R') != std::string::npos)));
-			cert->data.insert(std::make_pair("unknownsigner", ConvToStr(v.find('s') != std::string::npos)));
+			cert->invalid = (v.find('v') != std::string::npos);
+			cert->trusted = (v.find('T') != std::string::npos);
+			cert->revoked = (v.find('R') != std::string::npos);
+			cert->unknownsigner = (v.find('s') != std::string::npos);
 			if (v.find('E') != std::string::npos)
 			{
-				getline(s,v,'\n');
-				cert->data.insert(std::make_pair("error", v));
+				getline(s,cert->error,'\n');
 			}
 			else
 			{
-				getline(s,v,' ');
-				cert->data.insert(std::make_pair("fingerprint", v));
-
-				getline(s,v,' ');
-				cert->data.insert(std::make_pair("dn", v));
-
-				getline(s,v,'\n');
-				cert->data.insert(std::make_pair("issuer", v));
+				getline(s,cert->fingerprint,' ');
+				getline(s,cert->dn,' ');
+				getline(s,cert->issuer,'\n');
 			}
 		}
 	}
diff --git a/src/modules/transport.h b/src/modules/transport.h
index db2897508..f4cf3f4a5 100644
--- a/src/modules/transport.h
+++ b/src/modules/transport.h
@@ -17,14 +17,6 @@
 #include <map>
 #include <string>
 
-/** A generic container for certificate data
- */
-typedef std::map<std::string,std::string> ssl_data;
-
-/** A shorthand way of representing an iterator into ssl_data
- */
-typedef ssl_data::iterator ssl_data_iter;
-
 /** ssl_cert is a class which abstracts SSL certificate
  * and key information.
  *
@@ -34,34 +26,21 @@ typedef ssl_data::iterator ssl_data_iter;
  * connected local users using Extensible::Extend() and the
  * key 'ssl_cert'.
  */
-class ssl_cert : public Extensible
+class ssl_cert
 {
-	/** Always contains an empty string
-	 */
-	const std::string empty;
-
  public:
-	/** The data for this certificate
-	 */
-	ssl_data data;
-
-	/** Default constructor, initializes 'empty'
-	 */
-	ssl_cert() : empty("")
-	{
-	}
+	std::string dn;
+	std::string issuer;
+	std::string error;
+	std::string fingerprint;
+	bool trusted, invalid, unknownsigner, revoked;
 
 	/** Get certificate distinguished name
 	 * @return Certificate DN
 	 */
 	const std::string& GetDN()
 	{
-		ssl_data_iter ssldi = data.find("dn");
-
-		if (ssldi != data.end())
-			return ssldi->second;
-		else
-			return empty;
+		return dn;
 	}
 
 	/** Get Certificate issuer
@@ -69,12 +48,7 @@ class ssl_cert : public Extensible
 	 */
 	const std::string& GetIssuer()
 	{
-		ssl_data_iter ssldi = data.find("issuer");
-
-		if (ssldi != data.end())
-			return ssldi->second;
-		else
-			return empty;
+		return issuer;
 	}
 
 	/** Get error string if an error has occured
@@ -83,12 +57,7 @@ class ssl_cert : public Extensible
 	 */
 	const std::string& GetError()
 	{
-		ssl_data_iter ssldi = data.find("error");
-
-		if (ssldi != data.end())
-			return ssldi->second;
-		else
-			return empty;
+		return error;
 	}
 
 	/** Get key fingerprint.
@@ -96,12 +65,7 @@ class ssl_cert : public Extensible
 	 */
 	const std::string& GetFingerprint()
 	{
-		ssl_data_iter ssldi = data.find("fingerprint");
-
-		if (ssldi != data.end())
-			return ssldi->second;
-		else
-			return empty;
+		return fingerprint;
 	}
 
 	/** Get trust status
@@ -110,12 +74,7 @@ class ssl_cert : public Extensible
 	 */
 	bool IsTrusted()
 	{
-		ssl_data_iter ssldi = data.find("trusted");
-
-		if (ssldi != data.end())
-			return (ssldi->second == "1");
-		else
-			return false;
+		return trusted;
 	}
 
 	/** Get validity status
@@ -124,12 +83,7 @@ class ssl_cert : public Extensible
 	 */
 	bool IsInvalid()
 	{
-		ssl_data_iter ssldi = data.find("invalid");
-
-		if (ssldi != data.end())
-			return (ssldi->second == "1");
-		else
-			return false;
+		return invalid;
 	}
 
 	/** Get signer status
@@ -138,12 +92,7 @@ class ssl_cert : public Extensible
 	 */
 	bool IsUnknownSigner()
 	{
-		ssl_data_iter ssldi = data.find("unknownsigner");
-
-		if (ssldi != data.end())
-			return (ssldi->second == "1");
-		else
-			return false;
+		return unknownsigner;
 	}
 
 	/** Get revokation status.
@@ -153,12 +102,7 @@ class ssl_cert : public Extensible
 	 */
 	bool IsRevoked()
 	{
-		ssl_data_iter ssldi = data.find("revoked");
-
-		if (ssldi != data.end())
-			return (ssldi->second == "1");
-		else
-			return false;
+		return revoked;
 	}
 };
author	danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>	2009-07-02 18:17:26 +0000
committer	danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>	2009-07-02 18:17:26 +0000
commit	2db8cb45f87b0406e88f6ecf6a46eb15f5238684 (patch)
tree	86331d2a2dcfaa4be98a624c9633555a6fb6c231
parent	e1eb3b72f672401b31da8faa229dfacd50b38583 (diff)