aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/cert/x509
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2015-12-11 09:42:06 -0500
committerJack Lloyd <[email protected]>2015-12-11 09:42:06 -0500
commit6b9a3a534071ef84c121c406559f8fc7ad546104 (patch)
treec11480ad1f07e443ba4e992fefcd618b532c2e93 /src/lib/cert/x509
parent79a51627ee11f4d7f55d589751b30463d1f02a76 (diff)
Reroot the exception hierarchy into a toplevel Exception class
As the alternatives are unfortunate for applications trying to catch all library errors, and it seems deriving from std::runtime_error causes problems with MSVC DLLs (GH #340) Effectively reverts 2837e915d82e43
Diffstat (limited to 'src/lib/cert/x509')
-rw-r--r--src/lib/cert/x509/ocsp.cpp18
-rw-r--r--src/lib/cert/x509/ocsp_types.cpp2
-rw-r--r--src/lib/cert/x509/x509_ext.cpp4
-rw-r--r--src/lib/cert/x509/x509_obj.cpp2
-rw-r--r--src/lib/cert/x509/x509path.cpp6
5 files changed, 16 insertions, 16 deletions
diff --git a/src/lib/cert/x509/ocsp.cpp b/src/lib/cert/x509/ocsp.cpp
index feda10676..75475fe55 100644
--- a/src/lib/cert/x509/ocsp.cpp
+++ b/src/lib/cert/x509/ocsp.cpp
@@ -55,7 +55,7 @@ void check_signature(const std::vector<byte>& tbs_response,
split_on(OIDS::lookup(sig_algo.oid), '/');
if(sig_info.size() != 2 || sig_info[0] != pub_key->algo_name())
- throw std::runtime_error("Information in OCSP response does not match cert");
+ throw Exception("Information in OCSP response does not match cert");
std::string padding = sig_info[1];
Signature_Format format =
@@ -64,7 +64,7 @@ void check_signature(const std::vector<byte>& tbs_response,
PK_Verifier verifier(*pub_key, padding, format);
if(!verifier.verify_message(ASN1::put_in_sequence(tbs_response), signature))
- throw std::runtime_error("Signature on OCSP response does not verify");
+ throw Exception("Signature on OCSP response does not verify");
}
void check_signature(const std::vector<byte>& tbs_response,
@@ -74,7 +74,7 @@ void check_signature(const std::vector<byte>& tbs_response,
const std::vector<X509_Certificate>& certs)
{
if(certs.size() < 1)
- throw std::invalid_argument("Short cert chain for check_signature");
+ throw Invalid_Argument("Short cert chain for check_signature");
if(trusted_roots.certificate_known(certs[0]))
return check_signature(tbs_response, sig_algo, signature, certs[0]);
@@ -82,15 +82,15 @@ void check_signature(const std::vector<byte>& tbs_response,
// Otherwise attempt to chain the signing cert to a trust root
if(!certs[0].allowed_usage("PKIX.OCSPSigning"))
- throw std::runtime_error("OCSP response cert does not allow OCSP signing");
+ throw Exception("OCSP response cert does not allow OCSP signing");
auto result = x509_path_validate(certs, Path_Validation_Restrictions(), trusted_roots);
if(!result.successful_validation())
- throw std::runtime_error("Certificate validation failure: " + result.result_string());
+ throw Exception("Certificate validation failure: " + result.result_string());
if(!trusted_roots.certificate_known(result.trust_root())) // not needed anymore?
- throw std::runtime_error("Certificate chain roots in unknown/untrusted CA");
+ throw Exception("Certificate chain roots in unknown/untrusted CA");
const std::vector<X509_Certificate>& cert_path = result.cert_path();
@@ -132,7 +132,7 @@ Response::Response(const Certificate_Store& trusted_roots,
response_outer.decode(resp_status, ENUMERATED, UNIVERSAL);
if(resp_status != 0)
- throw std::runtime_error("OCSP response status " + std::to_string(resp_status));
+ throw Exception("OCSP response status " + std::to_string(resp_status));
if(response_outer.more_items())
{
@@ -185,7 +185,7 @@ Response::Response(const Certificate_Store& trusted_roots,
if(auto cert = trusted_roots.find_cert(name, std::vector<byte>()))
certs.push_back(*cert);
else
- throw std::runtime_error("Could not find certificate that signed OCSP response");
+ throw Exception("Could not find certificate that signed OCSP response");
}
check_signature(tbs_bits, sig_algo, signature, trusted_roots, certs);
@@ -229,7 +229,7 @@ Response online_check(const X509_Certificate& issuer,
const std::string responder_url = subject.ocsp_responder();
if(responder_url == "")
- throw std::runtime_error("No OCSP responder specified");
+ throw Exception("No OCSP responder specified");
OCSP::Request req(issuer, subject);
diff --git a/src/lib/cert/x509/ocsp_types.cpp b/src/lib/cert/x509/ocsp_types.cpp
index 04ab1ea03..ba5b825f7 100644
--- a/src/lib/cert/x509/ocsp_types.cpp
+++ b/src/lib/cert/x509/ocsp_types.cpp
@@ -92,7 +92,7 @@ void CertID::decode_from(class BER_Decoder& from)
void SingleResponse::encode_into(class DER_Encoder&) const
{
- throw std::runtime_error("Not implemented (SingleResponse::encode_into)");
+ throw Exception("Not implemented (SingleResponse::encode_into)");
}
void SingleResponse::decode_from(class BER_Decoder& from)
diff --git a/src/lib/cert/x509/x509_ext.cpp b/src/lib/cert/x509/x509_ext.cpp
index 4da7467c3..f752500c0 100644
--- a/src/lib/cert/x509/x509_ext.cpp
+++ b/src/lib/cert/x509/x509_ext.cpp
@@ -627,7 +627,7 @@ void CRL_ReasonCode::contents_to(Data_Store& info, Data_Store&) const
std::vector<byte> CRL_Distribution_Points::encode_inner() const
{
- throw std::runtime_error("CRL_Distribution_Points encoding not implemented");
+ throw Exception("CRL_Distribution_Points encoding not implemented");
}
void CRL_Distribution_Points::decode_inner(const std::vector<byte>& buf)
@@ -650,7 +650,7 @@ void CRL_Distribution_Points::contents_to(Data_Store& info, Data_Store&) const
void CRL_Distribution_Points::Distribution_Point::encode_into(class DER_Encoder&) const
{
- throw std::runtime_error("CRL_Distribution_Points encoding not implemented");
+ throw Exception("CRL_Distribution_Points encoding not implemented");
}
void CRL_Distribution_Points::Distribution_Point::decode_from(class BER_Decoder& ber)
diff --git a/src/lib/cert/x509/x509_obj.cpp b/src/lib/cert/x509/x509_obj.cpp
index 0f5999b5b..4dae68607 100644
--- a/src/lib/cert/x509/x509_obj.cpp
+++ b/src/lib/cert/x509/x509_obj.cpp
@@ -176,7 +176,7 @@ std::string X509_Object::hash_used_for_signature() const
bool X509_Object::check_signature(const Public_Key* pub_key) const
{
if(!pub_key)
- throw std::runtime_error("No key provided for " + PEM_label_pref + " signature check");
+ throw Exception("No key provided for " + PEM_label_pref + " signature check");
std::unique_ptr<const Public_Key> key(pub_key);
return check_signature(*key);
}
diff --git a/src/lib/cert/x509/x509path.cpp b/src/lib/cert/x509/x509path.cpp
index b5345c272..7e54ad9f9 100644
--- a/src/lib/cert/x509/x509path.cpp
+++ b/src/lib/cert/x509/x509path.cpp
@@ -219,7 +219,7 @@ Path_Validation_Result x509_path_validate(
Usage_Type usage)
{
if(end_certs.empty())
- throw std::invalid_argument("x509_path_validate called with no subjects");
+ throw Invalid_Argument("x509_path_validate called with no subjects");
std::vector<X509_Certificate> cert_path;
cert_path.push_back(end_certs[0]);
@@ -337,9 +337,9 @@ Path_Validation_Result::Path_Validation_Result(std::vector<std::set<Certificate_
const X509_Certificate& Path_Validation_Result::trust_root() const
{
if(m_cert_path.empty())
- throw std::runtime_error("Path_Validation_Result::trust_root no path set");
+ throw Exception("Path_Validation_Result::trust_root no path set");
if(result() != Certificate_Status_Code::VERIFIED)
- throw std::runtime_error("Path_Validation_Result::trust_root meaningless with invalid status");
+ throw Exception("Path_Validation_Result::trust_root meaningless with invalid status");
return m_cert_path[m_cert_path.size()-1];
}