Make digest to movable object cleanup usage (#632)

IB-8236

Signed-off-by: Raul Metsma <[email protected]>

Author: metsma

src/DataFile.cpp

@@ -23,7 +23,6 @@
 #include "util/File.h"
 #include "util/log.h"
 
-#include <array>
 #include <fstream>
 
 using namespace digidoc;
@@ -96,19 +95,18 @@ DataFilePrivate::DataFilePrivate(unique_ptr<istream> &&is, string filename, stri
     m_size = pos < 0 ? 0 : (unsigned long)pos;
 }
 
-vector<unsigned char> DataFilePrivate::calcDigest(const string &method) const
+void DataFilePrivate::digest(const Digest &digest) const
 {
-    Digest digest(method);
-    array<unsigned char, 10240> buf{};
     m_is->clear();
     m_is->seekg(0);
-    while(*m_is)
-    {
-        m_is->read((char*)buf.data(), streamsize(buf.size()));
-        if(m_is->gcount() > 0)
-            digest.update(buf.data(), size_t(m_is->gcount()));
-    }
-    return digest.result();
+    digest.update(*m_is);
+}
+
+vector<unsigned char> DataFilePrivate::calcDigest(const string &method) const
+{
+    Digest d(method);
+    digest(d);
+    return d.result();
 }
 
 void DataFilePrivate::saveAs(const string& path) const

src/DataFile_p.h

@@ -26,6 +26,7 @@
 
 namespace digidoc
 {
+class Digest;
 
 class DataFilePrivate final: public DataFile
 {
@@ -37,6 +38,7 @@ class DataFilePrivate final: public DataFile
 	unsigned long fileSize() const final { return m_size; }
 	std::string mediaType() const final { return m_mediatype; }
 
+	void digest(const Digest &method) const;
 	std::vector<unsigned char> calcDigest(const std::string &method) const final;
 	void saveAs(std::ostream &os) const final;
 	void saveAs(const std::string& path) const final;

src/SiVaContainer.cpp

@@ -112,7 +112,7 @@ void SignatureSiVa::validate(const string &policy) const
     for(const Exception &exception: _exceptions)
         e.addCause(exception);
     if(!Exception::hasWarningIgnore(Exception::SignatureDigestWeak) &&
-        (_signatureMethod == URI_RSA_SHA1 || _signatureMethod == URI_ECDSA_SHA1))
+        Digest::isWeakDigest(_signatureMethod))
     {
         Exception ex(EXCEPTION_PARAMS("Signature digest weak"));
         ex.setCode(Exception::SignatureDigestWeak);
@@ -362,7 +362,7 @@ unique_ptr<istream> SiVaContainer::parseDDoc(bool useHashCode)
             if(!useHashCode)
                 continue;
             Digest calc(URI_SHA1);
-            doc.c14n(&calc, XMLDocument::C14D_ID_1_0, dataFile);
+            doc.c14n(calc, XMLDocument::C14D_ID_1_0, dataFile);
             dataFile.setProperty("ContentType", "HASHCODE");
             dataFile.setProperty("DigestType", "sha1");
             dataFile.setProperty("DigestValue", to_base64(calc.result()));

src/SignatureTST.cpp

@@ -96,8 +96,8 @@ void SignatureTST::validate() const
         const auto *dataFile = static_cast<const DataFilePrivate*>(asicSDoc->dataFiles().front());
         timestampToken->verify(dataFile->calcDigest(digestMethod));
 
-        if(digestMethod == URI_SHA1 &&
-            !Exception::hasWarningIgnore(Exception::ReferenceDigestWeak))
+        if(!Exception::hasWarningIgnore(Exception::ReferenceDigestWeak) &&
+            Digest::isWeakDigest(digestMethod))
         {
             Exception e(EXCEPTION_PARAMS("TimeStamp '%s' digest weak", digestMethod.c_str()));
             e.setCode(Exception::ReferenceDigestWeak);

src/SignatureXAdES_B.cpp

@@ -284,7 +284,7 @@ SignatureXAdES_B::SignatureXAdES_B(unsigned int id, ASiContainer *container, Sig
     }
 
     Digest calc(digestMethod);
-    signatures->c14n(&calc, canonMethod, signedProperties);
+    signatures->c14n(calc, canonMethod, signedProperties);
     addReference("#" + nr + "-SignedProperties", calc.uri(), calc.result(), REF_TYPE, canonMethod);
 }
 
@@ -417,9 +417,8 @@ void SignatureXAdES_B::validate(const string &policy) const
     // It'll be only thrown in case we have a reason (cause).
     Exception exception(EXCEPTION_PARAMS("Signature validation"));
 
-    if(auto method = signatureMethod();
-        !Exception::hasWarningIgnore(Exception::SignatureDigestWeak) &&
-       (method == URI_RSA_SHA1 || method == URI_ECDSA_SHA1))
+    if(!Exception::hasWarningIgnore(Exception::SignatureDigestWeak) &&
+        Digest::isWeakDigest(signatureMethod()))
     {
         Exception e(EXCEPTION_PARAMS("Signature digest weak"));
         e.setCode(Exception::SignatureDigestWeak);
@@ -496,9 +495,8 @@ void SignatureXAdES_B::validate(const string &policy) const
             continue;
         }
 
-        if(auto algo = (ref/DigestMethod)["Algorithm"];
-            !Exception::hasWarningIgnore(Exception::ReferenceDigestWeak) &&
-            (algo == URI_SHA1 || algo == URI_SHA224))
+        if(!Exception::hasWarningIgnore(Exception::ReferenceDigestWeak) &&
+            Digest::isWeakDigest((ref/DigestMethod)["Algorithm"]))
         {
             Exception e(EXCEPTION_PARAMS("Reference '%.*s' digest weak", int(uri.size()), uri.data()));
             e.setCode(Exception::ReferenceDigestWeak);
@@ -566,7 +564,7 @@ vector<unsigned char> SignatureXAdES_B::dataToSign() const
 {
     Digest calc(signatureMethod());
     auto signedInfo = signature/"SignedInfo";
-    signatures->c14n(&calc, (signedInfo/CanonicalizationMethod)["Algorithm"], signedInfo);
+    signatures->c14n(calc, (signedInfo/CanonicalizationMethod)["Algorithm"], signedInfo);
     return calc.result();
 }
 

src/SignatureXAdES_LTA.cpp

@@ -29,7 +29,6 @@
 #include "util/File.h"
 
 #include <algorithm>
-#include <array>
 
 using namespace digidoc;
 using namespace digidoc::util;
@@ -40,8 +39,7 @@ namespace digidoc
 constexpr XMLName ArchiveTimeStamp {"ArchiveTimeStamp", XADESv141_NS};
 }
 
-void SignatureXAdES_LTA::calcArchiveDigest(Digest *digest,
-    string_view canonicalizationMethod) const
+void SignatureXAdES_LTA::calcArchiveDigest(const Digest &digest, string_view canonicalizationMethod) const
 {
     for(auto ref = signature/"SignedInfo"/"Reference"; ref; ref++)
     {
@@ -66,16 +64,7 @@ void SignatureXAdES_LTA::calcArchiveDigest(Digest *digest,
         if(file == files.cend())
             THROW("Filed to find reference URI in container");
 
-        std::istream *is = static_cast<const DataFilePrivate*>(*file)->m_is.get();
-        array<unsigned char, 10240> buf{};
-        is->clear();
-        is->seekg(0);
-        while(*is)
-        {
-            is->read((char*)buf.data(), streamsize(buf.size()));
-            if(is->gcount() > 0)
-                digest->update(buf.data(), size_t(is->gcount()));
-        }
+        static_cast<const DataFilePrivate*>(*file)->digest(digest);
     }
 
     for(const auto *name: {"SignedInfo", "SignatureValue", "KeyInfo"})
@@ -119,7 +108,7 @@ void SignatureXAdES_LTA::extendSignatureProfile(const string &profile)
         return;
     Digest calc;
     auto method = canonicalizationMethod();
-    calcArchiveDigest(&calc, method);
+    calcArchiveDigest(calc, method);
 
     TS tsa(CONF(TSUrl), calc);
     auto ts = unsignedSignatureProperties() + ArchiveTimeStamp;
@@ -168,7 +157,7 @@ void SignatureXAdES_LTA::validate(const string &policy) const
         auto ts = unsignedSignatureProperties()/ArchiveTimeStamp;
         if(!ts)
             THROW("Missing ArchiveTimeStamp element");
-        verifyTS(ts, exception, [this](Digest *digest, string_view canonicalizationMethod) {
+        verifyTS(ts, exception, [this](const Digest &digest, string_view canonicalizationMethod) {
             calcArchiveDigest(digest, canonicalizationMethod);
         });
     } catch(const Exception &e) {

src/SignatureXAdES_LTA.h

@@ -37,8 +37,7 @@ class SignatureXAdES_LTA final: public SignatureXAdES_LT
 private:
     DISABLE_COPY(SignatureXAdES_LTA);
 
-    void calcArchiveDigest(Digest *digest,
-        std::string_view canonicalizationMethod) const;
+    void calcArchiveDigest(const Digest &digest, std::string_view canonicalizationMethod) const;
     TS tsaFromBase64() const;
 };
 

src/SignatureXAdES_T.cpp

@@ -70,7 +70,7 @@ void SignatureXAdES_T::extendSignatureProfile(const std::string &profile)
 
     Digest calc;
     auto method = canonicalizationMethod();
-    signatures->c14n(&calc, method, signatureValue());
+    signatures->c14n(calc, method, signatureValue());
 
     TS tsa(CONF(TSUrl), calc);
     auto ts = usp + "SignatureTimeStamp";
@@ -109,7 +109,7 @@ void SignatureXAdES_T::validate(const std::string &policy) const
         if(ts + 1)
             THROW("More than one SignatureTimeStamp is not supported");
 
-        TS tsa = verifyTS(ts, exception, [this](Digest *digest, string_view canonicalizationMethod) {
+        TS tsa = verifyTS(ts, exception, [this](const Digest &digest, string_view canonicalizationMethod) {
             signatures->c14n(digest, canonicalizationMethod, signatureValue());
         });
 
@@ -163,7 +163,7 @@ void SignatureXAdES_T::validate(const std::string &policy) const
 
         for(auto sigAndRefsTS = usp/"SigAndRefsTimeStamp"; sigAndRefsTS; sigAndRefsTS++)
         {
-            verifyTS(sigAndRefsTS, exception, [this, usp](Digest *digest, string_view canonicalizationMethod) {
+            verifyTS(sigAndRefsTS, exception, [this, usp](const Digest &digest, string_view canonicalizationMethod) {
                 signatures->c14n(digest, canonicalizationMethod, signatureValue());
                 for(const auto *name: {
                        "SignatureTimeStamp",
@@ -195,7 +195,7 @@ XMLNode SignatureXAdES_T::unsignedSignatureProperties() const
 }
 
 TS SignatureXAdES_T::verifyTS(XMLNode timestamp, digidoc::Exception &exception,
-    std::function<void (Digest *, std::string_view)> &&calcDigest)
+    std::function<void (const Digest &, std::string_view)> &&calcDigest)
 {
     auto ets = timestamp/EncapsulatedTimeStamp;
     if(!ets)
@@ -205,11 +205,11 @@ TS SignatureXAdES_T::verifyTS(XMLNode timestamp, digidoc::Exception &exception,
 
     TS ts(ets);
     Digest calc(ts.digestMethod());
-    calcDigest(&calc, (timestamp/CanonicalizationMethod)["Algorithm"]);
+    calcDigest(calc, (timestamp/CanonicalizationMethod)["Algorithm"]);
     ts.verify(calc.result());
 
-    if(ts.digestMethod() == URI_SHA1 &&
-        !Exception::hasWarningIgnore(Exception::ReferenceDigestWeak))
+    if(!Exception::hasWarningIgnore(Exception::ReferenceDigestWeak) &&
+        Digest::isWeakDigest(ts.digestMethod()))
     {
         Exception e(EXCEPTION_PARAMS("TimeStamp '%s' digest weak", ts.digestMethod().c_str()));
         e.setCode(Exception::ReferenceDigestWeak);

src/SignatureXAdES_T.h

@@ -47,7 +47,7 @@ class SignatureXAdES_T: public SignatureXAdES_B
     TS TimeStamp() const;
 
     static TS verifyTS(XMLNode timestamp, Exception &exception,
-        std::function<void (Digest *, std::string_view)> &&calcDigest);
+        std::function<void (const Digest &, std::string_view)> &&calcDigest);
 
 private:
     DISABLE_COPY(SignatureXAdES_T);

src/XMLDocument.h

@@ -355,7 +355,7 @@ struct XMLDocument: public unique_xml_t<decltype(xmlFreeDoc)>, public XMLNode
         return doc;
     }
 
-    void c14n(Digest *digest, std::string_view algo, XMLNode node)
+    void c14n(const Digest &digest, std::string_view algo, XMLNode node)
     {
         xmlC14NMode mode = XML_C14N_1_0;
         int with_comments = 0;
@@ -383,7 +383,7 @@ struct XMLDocument: public unique_xml_t<decltype(xmlFreeDoc)>, public XMLNode
             auto *digest = static_cast<Digest *>(context);
             digest->update(pcxmlChar(buffer), size_t(len));
             return len;
-        }, nullptr, digest, nullptr), xmlOutputBufferClose);
+        }, nullptr, const_cast<Digest*>(&digest), nullptr), xmlOutputBufferClose);
         int size = xmlC14NExecute(get(), [](void *root, xmlNodePtr node, xmlNodePtr parent) constexpr noexcept {
             if(root == node)
                 return 1;