From 6b9a3a534071ef84c121c406559f8fc7ad546104 Mon Sep 17 00:00:00 2001 From: Jack Lloyd <lloyd@randombit.net> Date: Fri, 11 Dec 2015 09:42:06 -0500 Subject: Reroot the exception hierarchy into a toplevel Exception class As the alternatives are unfortunate for applications trying to catch all library errors, and it seems deriving from std::runtime_error causes problems with MSVC DLLs (GH #340) Effectively reverts 2837e915d82e43 --- src/lib/cert/x509/ocsp.cpp | 18 +++++++++--------- src/lib/cert/x509/ocsp_types.cpp | 2 +- src/lib/cert/x509/x509_ext.cpp | 4 ++-- src/lib/cert/x509/x509_obj.cpp | 2 +- src/lib/cert/x509/x509path.cpp | 6 +++--- 5 files changed, 16 insertions(+), 16 deletions(-) (limited to 'src/lib/cert') diff --git a/src/lib/cert/x509/ocsp.cpp b/src/lib/cert/x509/ocsp.cpp index feda10676..75475fe55 100644 --- a/src/lib/cert/x509/ocsp.cpp +++ b/src/lib/cert/x509/ocsp.cpp @@ -55,7 +55,7 @@ void check_signature(const std::vector<byte>& tbs_response, split_on(OIDS::lookup(sig_algo.oid), '/'); if(sig_info.size() != 2 || sig_info[0] != pub_key->algo_name()) - throw std::runtime_error("Information in OCSP response does not match cert"); + throw Exception("Information in OCSP response does not match cert"); std::string padding = sig_info[1]; Signature_Format format = @@ -64,7 +64,7 @@ void check_signature(const std::vector<byte>& tbs_response, PK_Verifier verifier(*pub_key, padding, format); if(!verifier.verify_message(ASN1::put_in_sequence(tbs_response), signature)) - throw std::runtime_error("Signature on OCSP response does not verify"); + throw Exception("Signature on OCSP response does not verify"); } void check_signature(const std::vector<byte>& tbs_response, @@ -74,7 +74,7 @@ void check_signature(const std::vector<byte>& tbs_response, const std::vector<X509_Certificate>& certs) { if(certs.size() < 1) - throw std::invalid_argument("Short cert chain for check_signature"); + throw Invalid_Argument("Short cert chain for check_signature"); if(trusted_roots.certificate_known(certs[0])) return check_signature(tbs_response, sig_algo, signature, certs[0]); @@ -82,15 +82,15 @@ void check_signature(const std::vector<byte>& tbs_response, // Otherwise attempt to chain the signing cert to a trust root if(!certs[0].allowed_usage("PKIX.OCSPSigning")) - throw std::runtime_error("OCSP response cert does not allow OCSP signing"); + throw Exception("OCSP response cert does not allow OCSP signing"); auto result = x509_path_validate(certs, Path_Validation_Restrictions(), trusted_roots); if(!result.successful_validation()) - throw std::runtime_error("Certificate validation failure: " + result.result_string()); + throw Exception("Certificate validation failure: " + result.result_string()); if(!trusted_roots.certificate_known(result.trust_root())) // not needed anymore? - throw std::runtime_error("Certificate chain roots in unknown/untrusted CA"); + throw Exception("Certificate chain roots in unknown/untrusted CA"); const std::vector<X509_Certificate>& cert_path = result.cert_path(); @@ -132,7 +132,7 @@ Response::Response(const Certificate_Store& trusted_roots, response_outer.decode(resp_status, ENUMERATED, UNIVERSAL); if(resp_status != 0) - throw std::runtime_error("OCSP response status " + std::to_string(resp_status)); + throw Exception("OCSP response status " + std::to_string(resp_status)); if(response_outer.more_items()) { @@ -185,7 +185,7 @@ Response::Response(const Certificate_Store& trusted_roots, if(auto cert = trusted_roots.find_cert(name, std::vector<byte>())) certs.push_back(*cert); else - throw std::runtime_error("Could not find certificate that signed OCSP response"); + throw Exception("Could not find certificate that signed OCSP response"); } check_signature(tbs_bits, sig_algo, signature, trusted_roots, certs); @@ -229,7 +229,7 @@ Response online_check(const X509_Certificate& issuer, const std::string responder_url = subject.ocsp_responder(); if(responder_url == "") - throw std::runtime_error("No OCSP responder specified"); + throw Exception("No OCSP responder specified"); OCSP::Request req(issuer, subject); diff --git a/src/lib/cert/x509/ocsp_types.cpp b/src/lib/cert/x509/ocsp_types.cpp index 04ab1ea03..ba5b825f7 100644 --- a/src/lib/cert/x509/ocsp_types.cpp +++ b/src/lib/cert/x509/ocsp_types.cpp @@ -92,7 +92,7 @@ void CertID::decode_from(class BER_Decoder& from) void SingleResponse::encode_into(class DER_Encoder&) const { - throw std::runtime_error("Not implemented (SingleResponse::encode_into)"); + throw Exception("Not implemented (SingleResponse::encode_into)"); } void SingleResponse::decode_from(class BER_Decoder& from) diff --git a/src/lib/cert/x509/x509_ext.cpp b/src/lib/cert/x509/x509_ext.cpp index 4da7467c3..f752500c0 100644 --- a/src/lib/cert/x509/x509_ext.cpp +++ b/src/lib/cert/x509/x509_ext.cpp @@ -627,7 +627,7 @@ void CRL_ReasonCode::contents_to(Data_Store& info, Data_Store&) const std::vector<byte> CRL_Distribution_Points::encode_inner() const { - throw std::runtime_error("CRL_Distribution_Points encoding not implemented"); + throw Exception("CRL_Distribution_Points encoding not implemented"); } void CRL_Distribution_Points::decode_inner(const std::vector<byte>& buf) @@ -650,7 +650,7 @@ void CRL_Distribution_Points::contents_to(Data_Store& info, Data_Store&) const void CRL_Distribution_Points::Distribution_Point::encode_into(class DER_Encoder&) const { - throw std::runtime_error("CRL_Distribution_Points encoding not implemented"); + throw Exception("CRL_Distribution_Points encoding not implemented"); } void CRL_Distribution_Points::Distribution_Point::decode_from(class BER_Decoder& ber) diff --git a/src/lib/cert/x509/x509_obj.cpp b/src/lib/cert/x509/x509_obj.cpp index 0f5999b5b..4dae68607 100644 --- a/src/lib/cert/x509/x509_obj.cpp +++ b/src/lib/cert/x509/x509_obj.cpp @@ -176,7 +176,7 @@ std::string X509_Object::hash_used_for_signature() const bool X509_Object::check_signature(const Public_Key* pub_key) const { if(!pub_key) - throw std::runtime_error("No key provided for " + PEM_label_pref + " signature check"); + throw Exception("No key provided for " + PEM_label_pref + " signature check"); std::unique_ptr<const Public_Key> key(pub_key); return check_signature(*key); } diff --git a/src/lib/cert/x509/x509path.cpp b/src/lib/cert/x509/x509path.cpp index b5345c272..7e54ad9f9 100644 --- a/src/lib/cert/x509/x509path.cpp +++ b/src/lib/cert/x509/x509path.cpp @@ -219,7 +219,7 @@ Path_Validation_Result x509_path_validate( Usage_Type usage) { if(end_certs.empty()) - throw std::invalid_argument("x509_path_validate called with no subjects"); + throw Invalid_Argument("x509_path_validate called with no subjects"); std::vector<X509_Certificate> cert_path; cert_path.push_back(end_certs[0]); @@ -337,9 +337,9 @@ Path_Validation_Result::Path_Validation_Result(std::vector<std::set<Certificate_ const X509_Certificate& Path_Validation_Result::trust_root() const { if(m_cert_path.empty()) - throw std::runtime_error("Path_Validation_Result::trust_root no path set"); + throw Exception("Path_Validation_Result::trust_root no path set"); if(result() != Certificate_Status_Code::VERIFIED) - throw std::runtime_error("Path_Validation_Result::trust_root meaningless with invalid status"); + throw Exception("Path_Validation_Result::trust_root meaningless with invalid status"); return m_cert_path[m_cert_path.size()-1]; } -- cgit v1.2.3