From: Guus Sliepen Date: Sat, 24 Jan 2009 16:31:21 +0000 (+0100) Subject: Make things const where appropriate. X-Git-Url: https://tinc-vpn.org/git/browse?a=commitdiff_plain;h=406a506e2cb5e69789aef20e145b47e36a778543;p=fides Make things const where appropriate. --- diff --git a/lib/fides.cc b/lib/fides.cc index b2ba1aa..46dcd7f 100644 --- a/lib/fides.cc +++ b/lib/fides.cc @@ -37,7 +37,6 @@ using namespace std; // Global state -Botan::LibraryInitializer libinit; Botan::AutoSeeded_RNG fides::rng; // Public key functions @@ -63,11 +62,11 @@ void fides::publickey::load(const std::string &filename) { load(in); } -void fides::publickey::save(ostream &out) { +void fides::publickey::save(ostream &out) const { out << to_string(); } -void fides::publickey::save(const std::string &filename) { +void fides::publickey::save(const std::string &filename) const { ofstream out(filename.c_str()); save(out); } @@ -81,18 +80,18 @@ void fides::publickey::from_string(const std::string &in) { } } -string fides::publickey::to_string() { +string fides::publickey::to_string() const { return Botan::X509::PEM_encode(*pub); } -string fides::publickey::fingerprint(unsigned int bits) { +string fides::publickey::fingerprint(unsigned int bits) const { // TODO: find out if there is a standard way to get a hash of an ECDSA public key Botan::SHA_256 sha256; Botan::SecureVector hash = sha256.process(Botan::X509::PEM_encode(*pub)); return string((const char *)hash.begin(), bits / 8); } -bool fides::publickey::verify(const std::string &statement, const std::string &signature) { +bool fides::publickey::verify(const std::string &statement, const std::string &signature) const { auto_ptr verifier(Botan::get_pk_verifier(*pub, "EMSA1(SHA-512)")); verifier->update((const Botan::byte *)statement.data(), statement.size()); Botan::SecureVector sig; @@ -143,16 +142,16 @@ void fides::privatekey::load_private(const std::string &filename) { load_private(in); } -void fides::privatekey::save_private(ostream &out) { +void fides::privatekey::save_private(ostream &out) const { out << Botan::PKCS8::PEM_encode(*priv); } -void fides::privatekey::save_private(const std::string &filename) { +void fides::privatekey::save_private(const std::string &filename) const { ofstream out(filename.c_str()); save_private(out); } -string fides::privatekey::sign(const std::string &statement) { +string fides::privatekey::sign(const std::string &statement) const { auto_ptr signer(Botan::get_pk_signer(*priv, "EMSA1(SHA-512)")); Botan::SecureVector sig = signer->sign_message((const Botan::byte *)statement.data(), statement.size(), rng); return string((const char *)sig.begin(), (size_t)sig.size()); @@ -186,23 +185,23 @@ string fides::b64decode(const string &in) { // Certificate functions -fides::certificate::certificate(publickey *key, struct timeval timestamp, const std::string &statement, const std::string &signature): signer(key), timestamp(timestamp), statement(statement), signature(signature) {} +fides::certificate::certificate(const publickey *key, struct timeval timestamp, const std::string &statement, const std::string &signature): signer(key), timestamp(timestamp), statement(statement), signature(signature) {} -bool fides::certificate::validate() { +bool fides::certificate::validate() const { string data = signer->fingerprint(256); data += string((const char *)×tamp, sizeof timestamp); data += statement; return signer->verify(data, signature); } -fides::certificate::certificate(privatekey *key, struct timeval timestamp, const std::string &statement): signer(key), timestamp(timestamp), statement(statement) { +fides::certificate::certificate(const privatekey *key, struct timeval timestamp, const std::string &statement): signer(key), timestamp(timestamp), statement(statement) { string data = signer->fingerprint(256); data += string((const char *)×tamp, sizeof timestamp); data += statement; signature = key->sign(data); } -string fides::certificate::fingerprint(unsigned int bits) { +string fides::certificate::fingerprint(unsigned int bits) const { return signature.substr(signature.size() - bits / 8); } @@ -250,7 +249,7 @@ static vector dirlist(const string &path) { return files; } -void fides::certificate_save(const certificate *cert, const string &filename) { +void fides::certificate_save(const certificate *cert, const string &filename) const { ofstream file(filename.c_str()); file << cert->to_string() << '\n'; } @@ -367,10 +366,10 @@ fides::~fides() { delete i->second; } -bool fides::fsck() { +bool fides::fsck() const { int errors = 0; - for(map::iterator i = certs.begin(); i != certs.end(); ++i) { + for(map::const_iterator i = certs.begin(); i != certs.end(); ++i) { if(!i->second->validate()) { cerr << "Validation of certificate failed: " << i->second->to_string() << '\n'; errors++; @@ -381,16 +380,16 @@ bool fides::fsck() { return !errors; } -string fides::get_homedir() { +string fides::get_homedir() const { return homedir; } -bool fides::is_firstrun() { +bool fides::is_firstrun() const { return firstrun; } -fides::publickey *fides::find_key(const string &fingerprint) { - map::iterator i; +fides::publickey *fides::find_key(const string &fingerprint) const { + map::const_iterator i; i = keys.find(fingerprint); if(i != keys.end()) return i->second; @@ -398,9 +397,9 @@ fides::publickey *fides::find_key(const string &fingerprint) { return 0; } -vector fides::find_certificates(publickey *signer, const string ®ex) { +vector fides::find_certificates(const publickey *signer, const string ®ex) const { vector found; - map::iterator i; + map::const_iterator i; regexp regexp(regex); for(i = certs.begin(); i != certs.end(); ++i) { if(!i->second) { @@ -414,9 +413,9 @@ vector fides::find_certificates(publickey *signer, const s return found; } -vector fides::find_certificates(const string ®ex) { +vector fides::find_certificates(const string ®ex) const { vector found; - map::iterator i; + map::const_iterator i; regexp regexp(regex); for(i = certs.begin(); i != certs.end(); ++i) if(regexp.match(i->second->statement)) @@ -424,9 +423,9 @@ vector fides::find_certificates(const string ®ex) { return found; } -vector fides::find_certificates(publickey *signer) { +vector fides::find_certificates(const publickey *signer) const { vector found; - map::iterator i; + map::const_iterator i; for(i = certs.begin(); i != certs.end(); ++i) if(i->second->signer == signer) found.push_back(i->second); @@ -461,24 +460,24 @@ void fides::import_all(istream &in) { } } -void fides::export_all(ostream &out) { - for(map::iterator i = keys.begin(); i != keys.end(); ++i) +void fides::export_all(ostream &out) const { + for(map::const_iterator i = keys.begin(); i != keys.end(); ++i) out << i->second->to_string(); - for(map::iterator i = certs.begin(); i != certs.end(); ++i) + for(map::const_iterator i = certs.begin(); i != certs.end(); ++i) out << i->second->to_string() << '\n'; } -void fides::trust(publickey *key) { +void fides::trust(const publickey *key) { string full = "t+ " + hexencode(key->fingerprint()); sign(full); } -void fides::distrust(publickey *key) { +void fides::distrust(const publickey *key) { string full = "t- " + hexencode(key->fingerprint()); sign(full); } -void fides::dctrust(publickey *key) { +void fides::dctrust(const publickey *key) { string full = "t0 " + hexencode(key->fingerprint()); sign(full); } @@ -670,7 +669,7 @@ void fides::merge(certificate *cert) { certificate_save(cert, certdir + hexencode(cert->fingerprint())); } -void fides::auth_stats(const string &statement, int &self, int &trusted, int &all) { +void fides::auth_stats(const string &statement, int &self, int &trusted, int &all) const { self = trusted = all = 0; vector matches = find_certificates(string("^a[+0-] ") + statement + '$'); for(size_t i = 0; i < matches.size(); ++i) { @@ -688,15 +687,15 @@ void fides::auth_stats(const string &statement, int &self, int &trusted, int &al } } -bool fides::is_trusted(publickey *key) { +bool fides::is_trusted(const publickey *key) const { return key->trust > 0; } -bool fides::is_distrusted(publickey *key) { +bool fides::is_distrusted(const publickey *key) const { return key->trust < 0; } -bool fides::is_allowed(const string &statement, publickey *key) { +bool fides::is_allowed(const string &statement, const publickey *key) const { int self, trusted, all; if(key) @@ -712,7 +711,7 @@ bool fides::is_allowed(const string &statement, publickey *key) { return false; } -bool fides::is_denied(const string &statement, publickey *key) { +bool fides::is_denied(const string &statement, const publickey *key) const { int self, trusted, all; if(key) @@ -746,7 +745,7 @@ void fides::sign(const string &statement) { merge(new certificate(&mykey, latest, statement)); } -void fides::allow(const string &statement, publickey *key) { +void fides::allow(const string &statement, const publickey *key) { string full = "a+ "; if(key) full += hexencode(key->fingerprint()) + ' '; @@ -754,7 +753,7 @@ void fides::allow(const string &statement, publickey *key) { sign(full); } -void fides::dontcare(const string &statement, publickey *key) { +void fides::dontcare(const string &statement, const publickey *key) { string full = "a0 "; if(key) full += hexencode(key->fingerprint()) + ' '; @@ -762,7 +761,7 @@ void fides::dontcare(const string &statement, publickey *key) { sign(full); } -void fides::deny(const string &statement, publickey *key) { +void fides::deny(const string &statement, const publickey *key) { string full = "a- "; if(key) full += hexencode(key->fingerprint()) + ' '; diff --git a/lib/fides.h b/lib/fides.h index ff665af..f513769 100644 --- a/lib/fides.h +++ b/lib/fides.h @@ -89,13 +89,13 @@ class fides { int trust; void load(std::istream &in); - void save(std::ostream &out); + void save(std::ostream &out) const; void load(const std::string &filename); - void save(const std::string &filename); - bool verify(const std::string &data, const std::string &signature); - std::string to_string(); + void save(const std::string &filename) const; + bool verify(const std::string &data, const std::string &signature) const; + std::string to_string() const; void from_string(const std::string &in); - std::string fingerprint(unsigned int bits = 64); + std::string fingerprint(unsigned int bits = 64) const; }; class privatekey: public publickey { @@ -106,28 +106,28 @@ class fides { ~privatekey(); void load_private(std::istream &in); - void save_private(std::ostream &out); + void save_private(std::ostream &out) const; void load_private(const std::string &filename); - void save_private(const std::string &filename); + void save_private(const std::string &filename) const; void generate(const std::string &field); void generate(unsigned int bits = 224); - std::string sign(const std::string &data); + std::string sign(const std::string &data) const; }; class certificate { friend class fides; - publickey *signer; + const publickey *signer; struct timeval timestamp; std::string statement; std::string signature; public: - certificate(publickey *pub, struct timeval timestamp, const std::string &statement, const std::string &signature); - certificate(privatekey *priv, struct timeval timestamp, const std::string &statement); + certificate(const publickey *pub, struct timeval timestamp, const std::string &statement, const std::string &signature); + certificate(const privatekey *priv, struct timeval timestamp, const std::string &statement); std::string to_string() const; - std::string fingerprint(unsigned int bits = 64); - bool validate(); + std::string fingerprint(unsigned int bits = 64) const; + bool validate() const; }; // Fides class itself @@ -145,43 +145,43 @@ class fides { fides(const std::string &homedir = ""); ~fides(); - bool is_firstrun(); - bool fsck(); - std::string get_homedir(); + bool is_firstrun() const; + bool fsck() const; + std::string get_homedir() const; void sign(const std::string &statement); - void allow(const std::string &statement, publickey *key = 0); - void dontcare(const std::string &statement, publickey *key = 0); - void deny(const std::string &statement, publickey *key = 0); - bool is_allowed(const std::string &statement, publickey *key = 0); - bool is_denied(const std::string &statement, publickey *key = 0); - - void auth_stats(const std::string &statement, int &self, int &trusted, int &all); - void trust(publickey *key); - void dctrust(publickey *key); - void distrust(publickey *key); - bool is_trusted(publickey *key); - bool is_distrusted(publickey *key); - publickey *find_key(const std::string &fingerprint); + void allow(const std::string &statement, const publickey *key = 0); + void dontcare(const std::string &statement, const publickey *key = 0); + void deny(const std::string &statement, const publickey *key = 0); + bool is_allowed(const std::string &statement, const publickey *key = 0) const; + bool is_denied(const std::string &statement, const publickey *key = 0) const; + + void auth_stats(const std::string &statement, int &self, int &trusted, int &all) const; + void trust(const publickey *key); + void dctrust(const publickey *key); + void distrust(const publickey *key); + bool is_trusted(const publickey *key) const; + bool is_distrusted(const publickey *key) const; + publickey *find_key(const std::string &fingerprint) const; void update_trust(); - std::vector find_certificates(publickey *key, const std::string &statement); - std::vector find_certificates(const std::string &statement); - std::vector find_certificates(publickey *key); + std::vector find_certificates(const publickey *key, const std::string &statement) const; + std::vector find_certificates(const std::string &statement) const; + std::vector find_certificates(const publickey *key) const; certificate *import_certificate(const std::string &certificate); - std::string export_certificate(const certificate *); + std::string export_certificate(const certificate *) const; publickey *import_key(const std::string &key); - std::string export_key(const publickey *key); + std::string export_key(const publickey *key) const; void import_all(std::istream &in); - void export_all(std::ostream &out); + void export_all(std::ostream &out) const; certificate *certificate_from_string(const std::string &certificate); certificate *certificate_load(const std::string &filename); - void certificate_save(const certificate *cert, const std::string &filename); + void certificate_save(const certificate *cert, const std::string &filename) const; };