From 6b9a3a534071ef84c121c406559f8fc7ad546104 Mon Sep 17 00:00:00 2001
From: Jack Lloyd <lloyd@randombit.net>
Date: Fri, 11 Dec 2015 09:42:06 -0500
Subject: Reroot the exception hierarchy into a toplevel Exception class

As the alternatives are unfortunate for applications trying to catch
all library errors, and it seems deriving from std::runtime_error
causes problems with MSVC DLLs (GH #340)

Effectively reverts 2837e915d82e43
---
 src/lib/cert/x509/ocsp.cpp       | 18 +++++++++---------
 src/lib/cert/x509/ocsp_types.cpp |  2 +-
 src/lib/cert/x509/x509_ext.cpp   |  4 ++--
 src/lib/cert/x509/x509_obj.cpp   |  2 +-
 src/lib/cert/x509/x509path.cpp   |  6 +++---
 5 files changed, 16 insertions(+), 16 deletions(-)

(limited to 'src/lib/cert')

diff --git a/src/lib/cert/x509/ocsp.cpp b/src/lib/cert/x509/ocsp.cpp
index feda10676..75475fe55 100644
--- a/src/lib/cert/x509/ocsp.cpp
+++ b/src/lib/cert/x509/ocsp.cpp
@@ -55,7 +55,7 @@ void check_signature(const std::vector<byte>& tbs_response,
       split_on(OIDS::lookup(sig_algo.oid), '/');
 
    if(sig_info.size() != 2 || sig_info[0] != pub_key->algo_name())
-      throw std::runtime_error("Information in OCSP response does not match cert");
+      throw Exception("Information in OCSP response does not match cert");
 
    std::string padding = sig_info[1];
    Signature_Format format =
@@ -64,7 +64,7 @@ void check_signature(const std::vector<byte>& tbs_response,
    PK_Verifier verifier(*pub_key, padding, format);
 
    if(!verifier.verify_message(ASN1::put_in_sequence(tbs_response), signature))
-      throw std::runtime_error("Signature on OCSP response does not verify");
+      throw Exception("Signature on OCSP response does not verify");
    }
 
 void check_signature(const std::vector<byte>& tbs_response,
@@ -74,7 +74,7 @@ void check_signature(const std::vector<byte>& tbs_response,
                      const std::vector<X509_Certificate>& certs)
    {
    if(certs.size() < 1)
-      throw std::invalid_argument("Short cert chain for check_signature");
+      throw Invalid_Argument("Short cert chain for check_signature");
 
    if(trusted_roots.certificate_known(certs[0]))
       return check_signature(tbs_response, sig_algo, signature, certs[0]);
@@ -82,15 +82,15 @@ void check_signature(const std::vector<byte>& tbs_response,
    // Otherwise attempt to chain the signing cert to a trust root
 
    if(!certs[0].allowed_usage("PKIX.OCSPSigning"))
-      throw std::runtime_error("OCSP response cert does not allow OCSP signing");
+      throw Exception("OCSP response cert does not allow OCSP signing");
 
    auto result = x509_path_validate(certs, Path_Validation_Restrictions(), trusted_roots);
 
    if(!result.successful_validation())
-      throw std::runtime_error("Certificate validation failure: " + result.result_string());
+      throw Exception("Certificate validation failure: " + result.result_string());
 
    if(!trusted_roots.certificate_known(result.trust_root())) // not needed anymore?
-      throw std::runtime_error("Certificate chain roots in unknown/untrusted CA");
+      throw Exception("Certificate chain roots in unknown/untrusted CA");
 
    const std::vector<X509_Certificate>& cert_path = result.cert_path();
 
@@ -132,7 +132,7 @@ Response::Response(const Certificate_Store& trusted_roots,
    response_outer.decode(resp_status, ENUMERATED, UNIVERSAL);
 
    if(resp_status != 0)
-      throw std::runtime_error("OCSP response status " + std::to_string(resp_status));
+      throw Exception("OCSP response status " + std::to_string(resp_status));
 
    if(response_outer.more_items())
       {
@@ -185,7 +185,7 @@ Response::Response(const Certificate_Store& trusted_roots,
          if(auto cert = trusted_roots.find_cert(name, std::vector<byte>()))
             certs.push_back(*cert);
          else
-            throw std::runtime_error("Could not find certificate that signed OCSP response");
+            throw Exception("Could not find certificate that signed OCSP response");
          }
 
       check_signature(tbs_bits, sig_algo, signature, trusted_roots, certs);
@@ -229,7 +229,7 @@ Response online_check(const X509_Certificate& issuer,
    const std::string responder_url = subject.ocsp_responder();
 
    if(responder_url == "")
-      throw std::runtime_error("No OCSP responder specified");
+      throw Exception("No OCSP responder specified");
 
    OCSP::Request req(issuer, subject);
 
diff --git a/src/lib/cert/x509/ocsp_types.cpp b/src/lib/cert/x509/ocsp_types.cpp
index 04ab1ea03..ba5b825f7 100644
--- a/src/lib/cert/x509/ocsp_types.cpp
+++ b/src/lib/cert/x509/ocsp_types.cpp
@@ -92,7 +92,7 @@ void CertID::decode_from(class BER_Decoder& from)
 
 void SingleResponse::encode_into(class DER_Encoder&) const
    {
-   throw std::runtime_error("Not implemented (SingleResponse::encode_into)");
+   throw Exception("Not implemented (SingleResponse::encode_into)");
    }
 
 void SingleResponse::decode_from(class BER_Decoder& from)
diff --git a/src/lib/cert/x509/x509_ext.cpp b/src/lib/cert/x509/x509_ext.cpp
index 4da7467c3..f752500c0 100644
--- a/src/lib/cert/x509/x509_ext.cpp
+++ b/src/lib/cert/x509/x509_ext.cpp
@@ -627,7 +627,7 @@ void CRL_ReasonCode::contents_to(Data_Store& info, Data_Store&) const
 
 std::vector<byte> CRL_Distribution_Points::encode_inner() const
    {
-   throw std::runtime_error("CRL_Distribution_Points encoding not implemented");
+   throw Exception("CRL_Distribution_Points encoding not implemented");
    }
 
 void CRL_Distribution_Points::decode_inner(const std::vector<byte>& buf)
@@ -650,7 +650,7 @@ void CRL_Distribution_Points::contents_to(Data_Store& info, Data_Store&) const
 
 void CRL_Distribution_Points::Distribution_Point::encode_into(class DER_Encoder&) const
    {
-   throw std::runtime_error("CRL_Distribution_Points encoding not implemented");
+   throw Exception("CRL_Distribution_Points encoding not implemented");
    }
 
 void CRL_Distribution_Points::Distribution_Point::decode_from(class BER_Decoder& ber)
diff --git a/src/lib/cert/x509/x509_obj.cpp b/src/lib/cert/x509/x509_obj.cpp
index 0f5999b5b..4dae68607 100644
--- a/src/lib/cert/x509/x509_obj.cpp
+++ b/src/lib/cert/x509/x509_obj.cpp
@@ -176,7 +176,7 @@ std::string X509_Object::hash_used_for_signature() const
 bool X509_Object::check_signature(const Public_Key* pub_key) const
    {
    if(!pub_key)
-      throw std::runtime_error("No key provided for " + PEM_label_pref + " signature check");
+      throw Exception("No key provided for " + PEM_label_pref + " signature check");
    std::unique_ptr<const Public_Key> key(pub_key);
    return check_signature(*key);
    }
diff --git a/src/lib/cert/x509/x509path.cpp b/src/lib/cert/x509/x509path.cpp
index b5345c272..7e54ad9f9 100644
--- a/src/lib/cert/x509/x509path.cpp
+++ b/src/lib/cert/x509/x509path.cpp
@@ -219,7 +219,7 @@ Path_Validation_Result x509_path_validate(
    Usage_Type usage)
    {
    if(end_certs.empty())
-      throw std::invalid_argument("x509_path_validate called with no subjects");
+      throw Invalid_Argument("x509_path_validate called with no subjects");
 
    std::vector<X509_Certificate> cert_path;
    cert_path.push_back(end_certs[0]);
@@ -337,9 +337,9 @@ Path_Validation_Result::Path_Validation_Result(std::vector<std::set<Certificate_
 const X509_Certificate& Path_Validation_Result::trust_root() const
    {
    if(m_cert_path.empty())
-      throw std::runtime_error("Path_Validation_Result::trust_root no path set");
+      throw Exception("Path_Validation_Result::trust_root no path set");
    if(result() != Certificate_Status_Code::VERIFIED)
-      throw std::runtime_error("Path_Validation_Result::trust_root meaningless with invalid status");
+      throw Exception("Path_Validation_Result::trust_root meaningless with invalid status");
 
    return m_cert_path[m_cert_path.size()-1];
    }
-- 
cgit v1.2.3