From: Guus Sliepen <guus@sliepen.eu.org>
Date: Sat, 24 Jan 2009 16:31:21 +0000 (+0100)
Subject: Make things const where appropriate.
X-Git-Url: https://www.tinc-vpn.org/git/browse?p=fides;a=commitdiff_plain;h=406a506e2cb5e69789aef20e145b47e36a778543

Make things const where appropriate.
---

diff --git a/lib/fides.cc b/lib/fides.cc
index b2ba1aa..46dcd7f 100644
--- a/lib/fides.cc
+++ b/lib/fides.cc
@@ -37,7 +37,6 @@ using namespace std;
 
 // Global state
 
-Botan::LibraryInitializer libinit;
 Botan::AutoSeeded_RNG fides::rng;
 
 // Public key functions
@@ -63,11 +62,11 @@ void fides::publickey::load(const std::string &filename) {
 	load(in);
 }
 
-void fides::publickey::save(ostream &out) {
+void fides::publickey::save(ostream &out) const {
 	out << to_string();
 }
 
-void fides::publickey::save(const std::string &filename) {
+void fides::publickey::save(const std::string &filename) const {
 	ofstream out(filename.c_str());
 	save(out);
 }
@@ -81,18 +80,18 @@ void fides::publickey::from_string(const std::string &in) {
 	}
 }
 
-string fides::publickey::to_string() {
+string fides::publickey::to_string() const {
 	return Botan::X509::PEM_encode(*pub);
 }
 
-string fides::publickey::fingerprint(unsigned int bits) {
+string fides::publickey::fingerprint(unsigned int bits) const {
 	// TODO: find out if there is a standard way to get a hash of an ECDSA public key
 	Botan::SHA_256 sha256;
 	Botan::SecureVector<Botan::byte> hash = sha256.process(Botan::X509::PEM_encode(*pub));
 	return string((const char *)hash.begin(), bits / 8);
 }
 
-bool fides::publickey::verify(const std::string &statement, const std::string &signature) {
+bool fides::publickey::verify(const std::string &statement, const std::string &signature) const {
 	auto_ptr<Botan::PK_Verifier> verifier(Botan::get_pk_verifier(*pub, "EMSA1(SHA-512)"));
 	verifier->update((const Botan::byte *)statement.data(), statement.size());
 	Botan::SecureVector<Botan::byte> sig;
@@ -143,16 +142,16 @@ void fides::privatekey::load_private(const std::string &filename) {
 	load_private(in);
 }
 
-void fides::privatekey::save_private(ostream &out) {
+void fides::privatekey::save_private(ostream &out) const {
 	out << Botan::PKCS8::PEM_encode(*priv);
 }
 
-void fides::privatekey::save_private(const std::string &filename) {
+void fides::privatekey::save_private(const std::string &filename) const {
 	ofstream out(filename.c_str());
 	save_private(out);
 }
 
-string fides::privatekey::sign(const std::string &statement) {
+string fides::privatekey::sign(const std::string &statement) const {
 	auto_ptr<Botan::PK_Signer> signer(Botan::get_pk_signer(*priv, "EMSA1(SHA-512)"));
 	Botan::SecureVector<Botan::byte> sig = signer->sign_message((const Botan::byte *)statement.data(), statement.size(), rng);
 	return string((const char *)sig.begin(), (size_t)sig.size());
@@ -186,23 +185,23 @@ string fides::b64decode(const string &in) {
 
 // Certificate functions
 
-fides::certificate::certificate(publickey *key, struct timeval timestamp, const std::string &statement, const std::string &signature): signer(key), timestamp(timestamp), statement(statement), signature(signature) {}
+fides::certificate::certificate(const publickey *key, struct timeval timestamp, const std::string &statement, const std::string &signature): signer(key), timestamp(timestamp), statement(statement), signature(signature) {}
 
-bool fides::certificate::validate() {
+bool fides::certificate::validate() const {
 	string data = signer->fingerprint(256);
 	data += string((const char *)&timestamp, sizeof timestamp);
 	data += statement;
 	return signer->verify(data, signature);
 }
 
-fides::certificate::certificate(privatekey *key, struct timeval timestamp, const std::string &statement): signer(key), timestamp(timestamp), statement(statement) {
+fides::certificate::certificate(const privatekey *key, struct timeval timestamp, const std::string &statement): signer(key), timestamp(timestamp), statement(statement) {
 	string data = signer->fingerprint(256);
 	data += string((const char *)&timestamp, sizeof timestamp);
 	data += statement;
 	signature = key->sign(data);
 }
 
-string fides::certificate::fingerprint(unsigned int bits) {
+string fides::certificate::fingerprint(unsigned int bits) const {
 	return signature.substr(signature.size() - bits / 8);	
 }
 
@@ -250,7 +249,7 @@ static vector<string> dirlist(const string &path) {
 	return files;
 }
 
-void fides::certificate_save(const certificate *cert, const string &filename) {
+void fides::certificate_save(const certificate *cert, const string &filename) const {
 	ofstream file(filename.c_str());
 	file << cert->to_string() << '\n';
 }
@@ -367,10 +366,10 @@ fides::~fides() {
 			delete i->second;
 }
 
-bool fides::fsck() {
+bool fides::fsck() const {
 	int errors = 0;
 
-	for(map<string, certificate *>::iterator i = certs.begin(); i != certs.end(); ++i) {
+	for(map<string, certificate *>::const_iterator i = certs.begin(); i != certs.end(); ++i) {
 		if(!i->second->validate()) {
 			cerr << "Validation of certificate failed: " << i->second->to_string() << '\n';
 			errors++;
@@ -381,16 +380,16 @@ bool fides::fsck() {
 	return !errors;
 }
 
-string fides::get_homedir() {
+string fides::get_homedir() const {
 	return homedir;
 }
 
-bool fides::is_firstrun() {
+bool fides::is_firstrun() const {
 	return firstrun;
 }
 
-fides::publickey *fides::find_key(const string &fingerprint) {
-	map<string, publickey *>::iterator i;
+fides::publickey *fides::find_key(const string &fingerprint) const {
+	map<string, publickey *>::const_iterator i;
 	i = keys.find(fingerprint);
 	if(i != keys.end())
 		return i->second;
@@ -398,9 +397,9 @@ fides::publickey *fides::find_key(const string &fingerprint) {
 		return 0;
 }
 
-vector<fides::certificate *> fides::find_certificates(publickey *signer, const string &regex) {
+vector<fides::certificate *> fides::find_certificates(const publickey *signer, const string &regex) const {
 	vector<certificate *> found;
-	map<string, certificate *>::iterator i;
+	map<string, certificate *>::const_iterator i;
 	regexp regexp(regex);
 	for(i = certs.begin(); i != certs.end(); ++i) {
 		if(!i->second) {
@@ -414,9 +413,9 @@ vector<fides::certificate *> fides::find_certificates(publickey *signer, const s
 	return found;
 }
 
-vector<fides::certificate *> fides::find_certificates(const string &regex) {
+vector<fides::certificate *> fides::find_certificates(const string &regex) const {
 	vector<certificate *> found;
-	map<string, certificate *>::iterator i;
+	map<string, certificate *>::const_iterator i;
 	regexp regexp(regex);
 	for(i = certs.begin(); i != certs.end(); ++i)
 		if(regexp.match(i->second->statement))
@@ -424,9 +423,9 @@ vector<fides::certificate *> fides::find_certificates(const string &regex) {
 	return found;
 }
 
-vector<fides::certificate *> fides::find_certificates(publickey *signer) {
+vector<fides::certificate *> fides::find_certificates(const publickey *signer) const {
 	vector<certificate *> found;
-	map<string, certificate *>::iterator i;
+	map<string, certificate *>::const_iterator i;
 	for(i = certs.begin(); i != certs.end(); ++i)
 		if(i->second->signer == signer)
 			found.push_back(i->second);
@@ -461,24 +460,24 @@ void fides::import_all(istream &in) {
 	}
 }
 
-void fides::export_all(ostream &out) {
-	for(map<string, publickey *>::iterator i = keys.begin(); i != keys.end(); ++i)
+void fides::export_all(ostream &out) const {
+	for(map<string, publickey *>::const_iterator i = keys.begin(); i != keys.end(); ++i)
 		out << i->second->to_string();
-	for(map<string, certificate *>::iterator i = certs.begin(); i != certs.end(); ++i)
+	for(map<string, certificate *>::const_iterator i = certs.begin(); i != certs.end(); ++i)
 		out << i->second->to_string() << '\n';
 }
 
-void fides::trust(publickey *key) {
+void fides::trust(const publickey *key) {
 	string full = "t+ " + hexencode(key->fingerprint());
 	sign(full);
 }
 
-void fides::distrust(publickey *key) {
+void fides::distrust(const publickey *key) {
 	string full = "t- " + hexencode(key->fingerprint());
 	sign(full);
 }
 
-void fides::dctrust(publickey *key) {
+void fides::dctrust(const publickey *key) {
 	string full = "t0 " + hexencode(key->fingerprint());
 	sign(full);
 }
@@ -670,7 +669,7 @@ void fides::merge(certificate *cert) {
 	certificate_save(cert, certdir + hexencode(cert->fingerprint()));
 }
 
-void fides::auth_stats(const string &statement, int &self, int &trusted, int &all) {
+void fides::auth_stats(const string &statement, int &self, int &trusted, int &all) const {
 	self = trusted = all = 0;
 	vector<certificate *> matches = find_certificates(string("^a[+0-] ") + statement + '$');
 	for(size_t i = 0; i < matches.size(); ++i) {
@@ -688,15 +687,15 @@ void fides::auth_stats(const string &statement, int &self, int &trusted, int &al
 	}
 }
 
-bool fides::is_trusted(publickey *key) {
+bool fides::is_trusted(const publickey *key) const {
 	return key->trust > 0;
 }
 
-bool fides::is_distrusted(publickey *key) {
+bool fides::is_distrusted(const publickey *key) const {
 	return key->trust < 0;
 }
 
-bool fides::is_allowed(const string &statement, publickey *key) {
+bool fides::is_allowed(const string &statement, const publickey *key) const {
 	int self, trusted, all;
 
 	if(key)
@@ -712,7 +711,7 @@ bool fides::is_allowed(const string &statement, publickey *key) {
 		return false;
 }
 
-bool fides::is_denied(const string &statement, publickey *key) {
+bool fides::is_denied(const string &statement, const publickey *key) const {
 	int self, trusted, all;
 
 	if(key)
@@ -746,7 +745,7 @@ void fides::sign(const string &statement) {
 	merge(new certificate(&mykey, latest, statement));
 }
 
-void fides::allow(const string &statement, publickey *key) {
+void fides::allow(const string &statement, const publickey *key) {
 	string full = "a+ ";
 	if(key)
 		full += hexencode(key->fingerprint()) + ' ';
@@ -754,7 +753,7 @@ void fides::allow(const string &statement, publickey *key) {
 	sign(full);
 }
 
-void fides::dontcare(const string &statement, publickey *key) {
+void fides::dontcare(const string &statement, const publickey *key) {
 	string full = "a0 ";
 	if(key)
 		full += hexencode(key->fingerprint()) + ' ';
@@ -762,7 +761,7 @@ void fides::dontcare(const string &statement, publickey *key) {
 	sign(full);
 }
 
-void fides::deny(const string &statement, publickey *key) {
+void fides::deny(const string &statement, const publickey *key) {
 	string full = "a- ";
 	if(key)
 		full += hexencode(key->fingerprint()) + ' ';
diff --git a/lib/fides.h b/lib/fides.h
index ff665af..f513769 100644
--- a/lib/fides.h
+++ b/lib/fides.h
@@ -89,13 +89,13 @@ class fides {
 
 		int trust;
 		void load(std::istream &in);
-		void save(std::ostream &out);
+		void save(std::ostream &out) const;
 		void load(const std::string &filename);
-		void save(const std::string &filename);
-		bool verify(const std::string &data, const std::string &signature);
-		std::string to_string();
+		void save(const std::string &filename) const;
+		bool verify(const std::string &data, const std::string &signature) const;
+		std::string to_string() const;
 		void from_string(const std::string &in);
-		std::string fingerprint(unsigned int bits = 64);
+		std::string fingerprint(unsigned int bits = 64) const;
 	};
 
 	class privatekey: public publickey {
@@ -106,28 +106,28 @@ class fides {
 		~privatekey();
 
 		void load_private(std::istream &in);
-		void save_private(std::ostream &out);
+		void save_private(std::ostream &out) const;
 		void load_private(const std::string &filename);
-		void save_private(const std::string &filename);
+		void save_private(const std::string &filename) const;
 		void generate(const std::string &field);
 		void generate(unsigned int bits = 224);
-		std::string sign(const std::string &data);
+		std::string sign(const std::string &data) const;
 	};
 
 	class certificate {
 		friend class fides;
-		publickey *signer;
+		const publickey *signer;
 		struct timeval timestamp;
 		std::string statement;
 		std::string signature;
 
 		public:
-		certificate(publickey *pub, struct timeval timestamp, const std::string &statement, const std::string &signature);
-		certificate(privatekey *priv, struct timeval timestamp, const std::string &statement);
+		certificate(const publickey *pub, struct timeval timestamp, const std::string &statement, const std::string &signature);
+		certificate(const privatekey *priv, struct timeval timestamp, const std::string &statement);
 
 		std::string to_string() const;
-		std::string fingerprint(unsigned int bits = 64);
-		bool validate();
+		std::string fingerprint(unsigned int bits = 64) const;
+		bool validate() const;
 	};
 
 	// Fides class itself
@@ -145,43 +145,43 @@ class fides {
 	fides(const std::string &homedir = "");
 	~fides();
 
-	bool is_firstrun();
-	bool fsck();
-	std::string get_homedir();
+	bool is_firstrun() const;
+	bool fsck() const;
+	std::string get_homedir() const;
 
 	void sign(const std::string &statement);
 
-	void allow(const std::string &statement, publickey *key = 0);
-	void dontcare(const std::string &statement, publickey *key = 0);
-	void deny(const std::string &statement, publickey *key = 0);
-	bool is_allowed(const std::string &statement, publickey *key = 0);
-	bool is_denied(const std::string &statement, publickey *key = 0);
-
-	void auth_stats(const std::string &statement, int &self, int &trusted, int &all);
-	void trust(publickey *key);
-	void dctrust(publickey *key);
-	void distrust(publickey *key);
-	bool is_trusted(publickey *key);
-	bool is_distrusted(publickey *key);
-	publickey *find_key(const std::string &fingerprint);
+	void allow(const std::string &statement, const publickey *key = 0);
+	void dontcare(const std::string &statement, const publickey *key = 0);
+	void deny(const std::string &statement, const publickey *key = 0);
+	bool is_allowed(const std::string &statement, const publickey *key = 0) const;
+	bool is_denied(const std::string &statement, const publickey *key = 0) const;
+
+	void auth_stats(const std::string &statement, int &self, int &trusted, int &all) const;
+	void trust(const publickey *key);
+	void dctrust(const publickey *key);
+	void distrust(const publickey *key);
+	bool is_trusted(const publickey *key) const;
+	bool is_distrusted(const publickey *key) const;
+	publickey *find_key(const std::string &fingerprint) const;
 	void update_trust();
 
-	std::vector<certificate *> find_certificates(publickey *key, const std::string &statement);
-	std::vector<certificate *> find_certificates(const std::string &statement);
-	std::vector<certificate *> find_certificates(publickey *key);
+	std::vector<certificate *> find_certificates(const publickey *key, const std::string &statement) const;
+	std::vector<certificate *> find_certificates(const std::string &statement) const;
+	std::vector<certificate *> find_certificates(const publickey *key) const;
 
 	certificate *import_certificate(const std::string &certificate);
-	std::string export_certificate(const certificate *);
+	std::string export_certificate(const certificate *) const;
 
 	publickey *import_key(const std::string &key);
-	std::string export_key(const publickey *key);
+	std::string export_key(const publickey *key) const;
 
 	void import_all(std::istream &in);
-	void export_all(std::ostream &out);
+	void export_all(std::ostream &out) const;
 
 	certificate *certificate_from_string(const std::string &certificate);
 	certificate *certificate_load(const std::string &filename);
-	void certificate_save(const certificate *cert, const std::string &filename);
+	void certificate_save(const certificate *cert, const std::string &filename) const;
 
 };