diff options
author | danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7> | 2009-07-02 18:17:26 +0000 |
---|---|---|
committer | danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7> | 2009-07-02 18:17:26 +0000 |
commit | 2db8cb45f87b0406e88f6ecf6a46eb15f5238684 (patch) | |
tree | 86331d2a2dcfaa4be98a624c9633555a6fb6c231 /src | |
parent | e1eb3b72f672401b31da8faa229dfacd50b38583 (diff) |
Remove memory-wasting map in ssl_cert
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@11428 e03df62e-2008-0410-955e-edbf42e46eb7
Diffstat (limited to 'src')
-rw-r--r-- | src/modules/extra/m_ssl_gnutls.cpp | 58 | ||||
-rw-r--r-- | src/modules/extra/m_ssl_openssl.cpp | 22 | ||||
-rw-r--r-- | src/modules/m_ssl_data.cpp | 22 | ||||
-rw-r--r-- | src/modules/transport.h | 84 |
4 files changed, 47 insertions, 139 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 8b865c559..4ff5a9062 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -749,42 +749,14 @@ class ModuleSSLGnuTLS : public Module if (ret < 0) { - certinfo->data.insert(std::make_pair("error",std::string(gnutls_strerror(ret)))); + certinfo->error = std::string(gnutls_strerror(ret)); return; } - if (status & GNUTLS_CERT_INVALID) - { - certinfo->data.insert(std::make_pair("invalid",ConvToStr(1))); - } - else - { - certinfo->data.insert(std::make_pair("invalid",ConvToStr(0))); - } - if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) - { - certinfo->data.insert(std::make_pair("unknownsigner",ConvToStr(1))); - } - else - { - certinfo->data.insert(std::make_pair("unknownsigner",ConvToStr(0))); - } - if (status & GNUTLS_CERT_REVOKED) - { - certinfo->data.insert(std::make_pair("revoked",ConvToStr(1))); - } - else - { - certinfo->data.insert(std::make_pair("revoked",ConvToStr(0))); - } - if (status & GNUTLS_CERT_SIGNER_NOT_CA) - { - certinfo->data.insert(std::make_pair("trusted",ConvToStr(0))); - } - else - { - certinfo->data.insert(std::make_pair("trusted",ConvToStr(1))); - } + certinfo->invalid = (status & GNUTLS_CERT_INVALID); + certinfo->unknownsigner = (status & GNUTLS_CERT_SIGNER_NOT_FOUND); + certinfo->revoked = (status & GNUTLS_CERT_REVOKED); + certinfo->trusted = !(status & GNUTLS_CERT_SIGNER_NOT_CA); /* Up to here the process is the same for X.509 certificates and * OpenPGP keys. From now on X.509 certificates are assumed. This can @@ -792,14 +764,14 @@ class ModuleSSLGnuTLS : public Module */ if (gnutls_certificate_type_get(session->sess) != GNUTLS_CRT_X509) { - certinfo->data.insert(std::make_pair("error","No X509 keys sent")); + certinfo->error = "No X509 keys sent"; return; } ret = gnutls_x509_crt_init(&cert); if (ret < 0) { - certinfo->data.insert(std::make_pair("error",gnutls_strerror(ret))); + certinfo->error = gnutls_strerror(ret); return; } @@ -807,7 +779,7 @@ class ModuleSSLGnuTLS : public Module cert_list = gnutls_certificate_get_peers(session->sess, &cert_list_size); if (cert_list == NULL) { - certinfo->data.insert(std::make_pair("error","No certificate was found")); + certinfo->error = "No certificate was found"; return; } @@ -818,32 +790,30 @@ class ModuleSSLGnuTLS : public Module ret = gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER); if (ret < 0) { - certinfo->data.insert(std::make_pair("error",gnutls_strerror(ret))); + certinfo->error = gnutls_strerror(ret); return; } gnutls_x509_crt_get_dn(cert, name, &name_size); - - certinfo->data.insert(std::make_pair("dn",name)); + certinfo->dn = name; gnutls_x509_crt_get_issuer_dn(cert, name, &name_size); - - certinfo->data.insert(std::make_pair("issuer",name)); + certinfo->issuer = name; if ((ret = gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_MD5, digest, &digest_size)) < 0) { - certinfo->data.insert(std::make_pair("error",gnutls_strerror(ret))); + certinfo->error = gnutls_strerror(ret); } else { - certinfo->data.insert(std::make_pair("fingerprint",irc::hex(digest, digest_size))); + certinfo->fingerprint = irc::hex(digest, digest_size); } /* Beware here we do not check for errors. */ if ((gnutls_x509_crt_get_expiration_time(cert) < ServerInstance->Time()) || (gnutls_x509_crt_get_activation_time(cert) > ServerInstance->Time())) { - certinfo->data.insert(std::make_pair("error","Not activated, or expired certificate")); + certinfo->error = "Not activated, or expired certificate"; } gnutls_x509_crt_deinit(cert); diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index f2f2801b4..6aaf8ab1f 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -839,38 +839,38 @@ class ModuleSSLOpenSSL : public Module if (!cert) { - certinfo->data.insert(std::make_pair("error","Could not get peer certificate: "+std::string(get_error()))); + certinfo->error = "Could not get peer certificate: "+std::string(get_error()); return; } - certinfo->data.insert(std::make_pair("invalid", SSL_get_verify_result(session->sess) != X509_V_OK ? ConvToStr(1) : ConvToStr(0))); + certinfo->invalid = (SSL_get_verify_result(session->sess) != X509_V_OK); if (SelfSigned) { - certinfo->data.insert(std::make_pair("unknownsigner",ConvToStr(0))); - certinfo->data.insert(std::make_pair("trusted",ConvToStr(1))); + certinfo->unknownsigner = false; + certinfo->trusted = true; } else { - certinfo->data.insert(std::make_pair("unknownsigner",ConvToStr(1))); - certinfo->data.insert(std::make_pair("trusted",ConvToStr(0))); + certinfo->unknownsigner = true; + certinfo->trusted = false; } - certinfo->data.insert(std::make_pair("dn",std::string(X509_NAME_oneline(X509_get_subject_name(cert),0,0)))); - certinfo->data.insert(std::make_pair("issuer",std::string(X509_NAME_oneline(X509_get_issuer_name(cert),0,0)))); + certinfo->dn = X509_NAME_oneline(X509_get_subject_name(cert),0,0); + certinfo->issuer = X509_NAME_oneline(X509_get_issuer_name(cert),0,0); if (!X509_digest(cert, digest, md, &n)) { - certinfo->data.insert(std::make_pair("error","Out of memory generating fingerprint")); + certinfo->error = "Out of memory generating fingerprint"; } else { - certinfo->data.insert(std::make_pair("fingerprint",irc::hex(md, n))); + certinfo->fingerprint = irc::hex(md, n); } if ((ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(cert), ServerInstance->Time()) == -1) || (ASN1_UTCTIME_cmp_time_t(X509_get_notBefore(cert), ServerInstance->Time()) == 0)) { - certinfo->data.insert(std::make_pair("error","Not activated, or expired certificate")); + certinfo->error = "Not activated, or expired certificate"; } X509_free(cert); diff --git a/src/modules/m_ssl_data.cpp b/src/modules/m_ssl_data.cpp index 0ce760971..2cc712c65 100644 --- a/src/modules/m_ssl_data.cpp +++ b/src/modules/m_ssl_data.cpp @@ -96,25 +96,19 @@ class ModuleSSLData : public Module std::string v; getline(s,v,' '); - cert->data.insert(std::make_pair("invalid", ConvToStr(v.find('v') != std::string::npos))); - cert->data.insert(std::make_pair("trusted", ConvToStr(v.find('T') != std::string::npos))); - cert->data.insert(std::make_pair("revoked", ConvToStr(v.find('R') != std::string::npos))); - cert->data.insert(std::make_pair("unknownsigner", ConvToStr(v.find('s') != std::string::npos))); + cert->invalid = (v.find('v') != std::string::npos); + cert->trusted = (v.find('T') != std::string::npos); + cert->revoked = (v.find('R') != std::string::npos); + cert->unknownsigner = (v.find('s') != std::string::npos); if (v.find('E') != std::string::npos) { - getline(s,v,'\n'); - cert->data.insert(std::make_pair("error", v)); + getline(s,cert->error,'\n'); } else { - getline(s,v,' '); - cert->data.insert(std::make_pair("fingerprint", v)); - - getline(s,v,' '); - cert->data.insert(std::make_pair("dn", v)); - - getline(s,v,'\n'); - cert->data.insert(std::make_pair("issuer", v)); + getline(s,cert->fingerprint,' '); + getline(s,cert->dn,' '); + getline(s,cert->issuer,'\n'); } } } diff --git a/src/modules/transport.h b/src/modules/transport.h index db2897508..f4cf3f4a5 100644 --- a/src/modules/transport.h +++ b/src/modules/transport.h @@ -17,14 +17,6 @@ #include <map> #include <string> -/** A generic container for certificate data - */ -typedef std::map<std::string,std::string> ssl_data; - -/** A shorthand way of representing an iterator into ssl_data - */ -typedef ssl_data::iterator ssl_data_iter; - /** ssl_cert is a class which abstracts SSL certificate * and key information. * @@ -34,34 +26,21 @@ typedef ssl_data::iterator ssl_data_iter; * connected local users using Extensible::Extend() and the * key 'ssl_cert'. */ -class ssl_cert : public Extensible +class ssl_cert { - /** Always contains an empty string - */ - const std::string empty; - public: - /** The data for this certificate - */ - ssl_data data; - - /** Default constructor, initializes 'empty' - */ - ssl_cert() : empty("") - { - } + std::string dn; + std::string issuer; + std::string error; + std::string fingerprint; + bool trusted, invalid, unknownsigner, revoked; /** Get certificate distinguished name * @return Certificate DN */ const std::string& GetDN() { - ssl_data_iter ssldi = data.find("dn"); - - if (ssldi != data.end()) - return ssldi->second; - else - return empty; + return dn; } /** Get Certificate issuer @@ -69,12 +48,7 @@ class ssl_cert : public Extensible */ const std::string& GetIssuer() { - ssl_data_iter ssldi = data.find("issuer"); - - if (ssldi != data.end()) - return ssldi->second; - else - return empty; + return issuer; } /** Get error string if an error has occured @@ -83,12 +57,7 @@ class ssl_cert : public Extensible */ const std::string& GetError() { - ssl_data_iter ssldi = data.find("error"); - - if (ssldi != data.end()) - return ssldi->second; - else - return empty; + return error; } /** Get key fingerprint. @@ -96,12 +65,7 @@ class ssl_cert : public Extensible */ const std::string& GetFingerprint() { - ssl_data_iter ssldi = data.find("fingerprint"); - - if (ssldi != data.end()) - return ssldi->second; - else - return empty; + return fingerprint; } /** Get trust status @@ -110,12 +74,7 @@ class ssl_cert : public Extensible */ bool IsTrusted() { - ssl_data_iter ssldi = data.find("trusted"); - - if (ssldi != data.end()) - return (ssldi->second == "1"); - else - return false; + return trusted; } /** Get validity status @@ -124,12 +83,7 @@ class ssl_cert : public Extensible */ bool IsInvalid() { - ssl_data_iter ssldi = data.find("invalid"); - - if (ssldi != data.end()) - return (ssldi->second == "1"); - else - return false; + return invalid; } /** Get signer status @@ -138,12 +92,7 @@ class ssl_cert : public Extensible */ bool IsUnknownSigner() { - ssl_data_iter ssldi = data.find("unknownsigner"); - - if (ssldi != data.end()) - return (ssldi->second == "1"); - else - return false; + return unknownsigner; } /** Get revokation status. @@ -153,12 +102,7 @@ class ssl_cert : public Extensible */ bool IsRevoked() { - ssl_data_iter ssldi = data.find("revoked"); - - if (ssldi != data.end()) - return (ssldi->second == "1"); - else - return false; + return revoked; } }; |