Changeset 60343 in vbox for trunk

Timestamp:

Apr 6, 2016 12:05:54 AM (9 years ago)

Author:

vboxsync

Message:

Certificate: The data need not be backupable as the object is immutable (see, no setters). So, drop the extra indirection (s/mData->m->/m->/g).

Location:

trunk/src/VBox/Main

Files:

• include/CertificateImpl.h (modified) (2 diffs)
• src-server/CertificateImpl.cpp (modified) (26 diffs)

trunk/src/VBox/Main/include/CertificateImpl.h

@@ -28 +28 @@
 using namespace std;
 
-class ATL_NO_VTABLE Certificate :
-    public CertificateWrap
+/**
+ * Implemenation of ICertificate.
+ *
+ * This implemenation is a very thin wrapper around an immutable
+ * RTCRX509CERTIFICATE and a few caller stated views.
+ *
+ * The views are whether the caller thinks the certificate is trustworthly, and
+ * whether the caller thinks it's expired or not.  The caller could be sitting
+ * on more information, like timestamp and intermediate certificates, that helps
+ * inform the caller's view on these two topics.
+ *
+ * @remarks It could be helpful to let the caller also add certificate paths
+ *          showing how this certificate ends up being trusted.  However, that's
+ *          possibly quite some work and will have to wait till required...
+ */
+class ATL_NO_VTABLE Certificate
+    : public CertificateWrap
 {
 
@@ -78 +93 @@
     /** @} */
 
-    //data
     struct Data;
-    Data *mData;
-
+    /** Pointer to the private instance data   */
+    Data *m;
 };
 

trunk/src/VBox/Main/src-server/CertificateImpl.cpp

@@ -29 +29 @@
 using namespace std;
 
-struct CertificateData
-{
-    CertificateData()
+
+/**
+ * Private instance data for the #Certificate class.
+ * @see Certificate::m
+ */
+struct Certificate::Data
+{
+    Data()
         : fTrusted(false)
         , fExpired(false)
@@ -39 +44 @@
     }
 
-    ~CertificateData()
+    ~Data()
     {
         if (fValidX509)
@@ -59 +64 @@
 
 private:
-    CertificateData(const CertificateData &rTodo) { AssertFailed(); NOREF(rTodo); }
-    CertificateData &operator=(const CertificateData &rTodo) { AssertFailed(); NOREF(rTodo); return *this; }
+    Data(const Certificate::Data &rTodo) { AssertFailed(); NOREF(rTodo); }
+    Data &operator=(const Certificate::Data &rTodo) { AssertFailed(); NOREF(rTodo); return *this; }
 };
 
-struct Certificate::Data
-{
-    Backupable<CertificateData> m;
-};
 
 ///////////////////////////////////////////////////////////////////////////////////
@@ -104 +105 @@
     AssertReturn(autoInitSpan.isOk(), E_FAIL);
 
-    mData = new Data();
-    mData->m.allocate();
-
-    int vrc = RTCrX509Certificate_Clone(&mData->m->X509, a_pCert, &g_RTAsn1DefaultAllocator);
+    m = new Data();
+
+    int vrc = RTCrX509Certificate_Clone(&m->X509, a_pCert, &g_RTAsn1DefaultAllocator);
     if (RT_SUCCESS(vrc))
     {
-        mData->m->fValidX509 = true;
-        mData->m->fTrusted   = a_fTrusted;
-        mData->m->fExpired   = a_fExpired;
+        m->fValidX509 = true;
+        m->fTrusted   = a_fTrusted;
+        m->fExpired   = a_fExpired;
         autoInitSpan.setSucceeded();
     }
@@ -129 +129 @@
         return;
 
-    mData->m.free();
-    delete mData;
-    mData = NULL;
+    delete m;
+    m = NULL;
 }
 
@@ -143 +142 @@
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
 
-    Assert(mData->m->fValidX509);
-    switch (mData->m->X509.TbsCertificate.T0.Version.uValue.u)
+    Assert(m->fValidX509);
+    switch (m->X509.TbsCertificate.T0.Version.uValue.u)
     {
         case RTCRX509TBSCERTIFICATE_V1: *aVersionNumber = (CertificateVersion_T)CertificateVersion_V1; break;
@@ -158 +157 @@
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
 
-    Assert(mData->m->fValidX509);
+    Assert(m->fValidX509);
 
     char szTmp[_2K];
-    int vrc = RTAsn1Integer_ToString(&mData->m->X509.TbsCertificate.SerialNumber, szTmp, sizeof(szTmp), 0, NULL);
+    int vrc = RTAsn1Integer_ToString(&m->X509.TbsCertificate.SerialNumber, szTmp, sizeof(szTmp), 0, NULL);
     if (RT_SUCCESS(vrc))
         aSerialNumber = szTmp;
@@ -174 +173 @@
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
 
-    Assert(mData->m->fValidX509);
-    aSignatureAlgorithmOID = mData->m->X509.TbsCertificate.Signature.Algorithm.szObjId;
+    Assert(m->fValidX509);
+    aSignatureAlgorithmOID = m->X509.TbsCertificate.Signature.Algorithm.szObjId;
 
     return S_OK;
@@ -184 +183 @@
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
 
-    Assert(mData->m->fValidX509);
-    return i_getAlgorithmName(&mData->m->X509.TbsCertificate.Signature, aSignatureAlgorithmName);
+    Assert(m->fValidX509);
+    return i_getAlgorithmName(&m->X509.TbsCertificate.Signature, aSignatureAlgorithmName);
 }
 
@@ -192 +191 @@
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
 
-    Assert(mData->m->fValidX509);
-    return i_getX509Name(&mData->m->X509.TbsCertificate.Issuer, aIssuerName);
+    Assert(m->fValidX509);
+    return i_getX509Name(&m->X509.TbsCertificate.Issuer, aIssuerName);
 }
 
@@ -200 +199 @@
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
 
-    Assert(mData->m->fValidX509);
-    return i_getX509Name(&mData->m->X509.TbsCertificate.Subject, aSubjectName);
+    Assert(m->fValidX509);
+    return i_getX509Name(&m->X509.TbsCertificate.Subject, aSubjectName);
 }
 
@@ -208 +207 @@
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
 
-    Assert(mData->m->fValidX509);
-
-    PCRTCRX509NAME pName = &mData->m->X509.TbsCertificate.Subject;
+    Assert(m->fValidX509);
+
+    PCRTCRX509NAME pName = &m->X509.TbsCertificate.Subject;
 
     /*
@@ -288 +287 @@
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
 
-    Assert(mData->m->fValidX509);
-    return i_getTime(&mData->m->X509.TbsCertificate.Validity.NotBefore, aValidityPeriodNotBefore);
+    Assert(m->fValidX509);
+    return i_getTime(&m->X509.TbsCertificate.Validity.NotBefore, aValidityPeriodNotBefore);
 }
 
@@ -296 +295 @@
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
 
-    Assert(mData->m->fValidX509);
-    return i_getTime(&mData->m->X509.TbsCertificate.Validity.NotAfter, aValidityPeriodNotAfter);
+    Assert(m->fValidX509);
+    return i_getTime(&m->X509.TbsCertificate.Validity.NotAfter, aValidityPeriodNotAfter);
 }
 
@@ -304 +303 @@
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
 
-    Assert(mData->m->fValidX509);
-    aPublicKeyAlgorithmOID = mData->m->X509.TbsCertificate.SubjectPublicKeyInfo.Algorithm.Algorithm.szObjId;
+    Assert(m->fValidX509);
+    aPublicKeyAlgorithmOID = m->X509.TbsCertificate.SubjectPublicKeyInfo.Algorithm.Algorithm.szObjId;
     return S_OK;
 }
@@ -313 +312 @@
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
 
-    Assert(mData->m->fValidX509);
-    return i_getAlgorithmName(&mData->m->X509.TbsCertificate.SubjectPublicKeyInfo.Algorithm, aPublicKeyAlgorithm);
+    Assert(m->fValidX509);
+    return i_getAlgorithmName(&m->X509.TbsCertificate.SubjectPublicKeyInfo.Algorithm, aPublicKeyAlgorithm);
 }
 
@@ -321 +320 @@
 
     AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS); /* Getting encoded ASN.1 bytes may make changes to X509. */
-    return i_getEncodedBytes(&mData->m->X509.TbsCertificate.SubjectPublicKeyInfo.SubjectPublicKey.Asn1Core, aSubjectPublicKey);
+    return i_getEncodedBytes(&m->X509.TbsCertificate.SubjectPublicKeyInfo.SubjectPublicKey.Asn1Core, aSubjectPublicKey);
 }
 
@@ -328 +327 @@
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
 
-    return i_getUniqueIdentifier(&mData->m->X509.TbsCertificate.T1.IssuerUniqueId, aIssuerUniqueIdentifier);
+    return i_getUniqueIdentifier(&m->X509.TbsCertificate.T1.IssuerUniqueId, aIssuerUniqueIdentifier);
 }
 
@@ -335 +334 @@
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
 
-    return i_getUniqueIdentifier(&mData->m->X509.TbsCertificate.T2.SubjectUniqueId, aSubjectUniqueIdentifier);
+    return i_getUniqueIdentifier(&m->X509.TbsCertificate.T2.SubjectUniqueId, aSubjectUniqueIdentifier);
 }
 
@@ -342 +341 @@
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
 
-    *aCertificateAuthority = mData->m->X509.TbsCertificate.T3.pBasicConstraints
-                          && mData->m->X509.TbsCertificate.T3.pBasicConstraints->CA.fValue;
+    *aCertificateAuthority = m->X509.TbsCertificate.T3.pBasicConstraints
+                          && m->X509.TbsCertificate.T3.pBasicConstraints->CA.fValue;
 
     return S_OK;
@@ -352 +351 @@
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
 
-    *aKeyUsage = mData->m->X509.TbsCertificate.T3.fKeyUsage;
+    *aKeyUsage = m->X509.TbsCertificate.T3.fKeyUsage;
     return S_OK;
 }
@@ -366 +365 @@
 {
     AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS); /* Getting encoded ASN.1 bytes may make changes to X509. */
-    return i_getEncodedBytes(&mData->m->X509.SeqCore.Asn1Core, aRawCertData);
+    return i_getEncodedBytes(&m->X509.SeqCore.Asn1Core, aRawCertData);
 }
 
@@ -373 +372 @@
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
 
-    Assert(mData->m->fValidX509);
-    *aSelfSigned = RTCrX509Certificate_IsSelfSigned(&mData->m->X509);
+    Assert(m->fValidX509);
+    *aSelfSigned = RTCrX509Certificate_IsSelfSigned(&m->X509);
 
     return S_OK;
@@ -383 +382 @@
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
 
-    Assert(mData->m->fValidX509);
-    *aTrusted = mData->m->fTrusted;
+    Assert(m->fValidX509);
+    *aTrusted = m->fTrusted;
 
     return S_OK;
@@ -392 +391 @@
 {
     AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
-    Assert(mData->m->fValidX509);
-    *aExpired = mData->m->fExpired;
+    Assert(m->fValidX509);
+    *aExpired = m->fExpired;
     return S_OK;
 }
@@ -405 +404 @@
 HRESULT Certificate::isCurrentlyExpired(BOOL *aResult)
 {
-    AssertReturnStmt(mData->m->fValidX509, *aResult = TRUE, E_UNEXPECTED);
+    AssertReturnStmt(m->fValidX509, *aResult = TRUE, E_UNEXPECTED);
     RTTIMESPEC Now;
-    *aResult = RTCrX509Validity_IsValidAtTimeSpec(&mData->m->X509.TbsCertificate.Validity, RTTimeNow(&Now)) ? FALSE : TRUE;
+    *aResult = RTCrX509Validity_IsValidAtTimeSpec(&m->X509.TbsCertificate.Validity, RTTimeNow(&Now)) ? FALSE : TRUE;
     return S_OK;
 }