open-eid
diff --git a/‎.github/workflows/build.yml‎
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/build.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Signature.cpp‎
Lines changed: 1 addition & 5 deletions b/‎src/Signature.cpp‎
Lines changed: 1 addition & 5 deletions
diff --git a/‎src/SignatureTST.cpp‎
Lines changed: 2 additions & 2 deletions b/‎src/SignatureTST.cpp‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/SignatureXAdES_B.cpp‎
Lines changed: 4 additions & 10 deletions b/‎src/SignatureXAdES_B.cpp‎
Lines changed: 4 additions & 10 deletions
diff --git a/‎src/SignatureXAdES_B.h‎
Lines changed: 1 addition & 1 deletion b/‎src/SignatureXAdES_B.h‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/SignatureXAdES_LT.cpp‎
Lines changed: 11 additions & 8 deletions b/‎src/SignatureXAdES_LT.cpp‎
Lines changed: 11 additions & 8 deletions
diff --git a/‎src/SignatureXAdES_LTA.cpp‎
Lines changed: 2 additions & 8 deletions b/‎src/SignatureXAdES_LTA.cpp‎
Lines changed: 2 additions & 8 deletions
diff --git a/‎src/SignatureXAdES_T.cpp‎
Lines changed: 6 additions & 5 deletions b/‎src/SignatureXAdES_T.cpp‎
Lines changed: 6 additions & 5 deletions
diff --git a/‎src/SignatureXAdES_T.h‎
Lines changed: 1 addition & 3 deletions b/‎src/SignatureXAdES_T.h‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎src/crypto/OCSP.cpp‎
Lines changed: 7 additions & 7 deletions b/‎src/crypto/OCSP.cpp‎
Lines changed: 7 additions & 7 deletions
@@ -289,6 +289,7 @@ jobs:
           -src/minizip/*
           -build/src/xml/*
           -**:cpp/poorly-documented-function
+          -**:cpp/loop-variable-changed
         input: sarif-results/cpp.sarif
         output: sarif-results/cpp.sarif
     - name: Upload results
 
@@ -232,9 +232,8 @@ Signature::Validator::Validator(const Signature *s)
     {
         parseException(e);
     }
-    switch(d->result)
+    if(d->result == Unknown)
     {
-    case Unknown:
         try
         {
             s->validate(POLv1);
@@ -244,9 +243,6 @@ Signature::Validator::Validator(const Signature *s)
         {
             parseException(e);
         }
-        break;
-    default:
-        break;
     }
 }
 
 
@@ -53,7 +53,7 @@ X509Cert SignatureTST::TimeStampCertificate() const
 
 string SignatureTST::TimeStampTime() const
 {
-    return util::date::ASN1TimeToXSD(timestampToken->time());
+    return util::date::to_string(timestampToken->time());
 }
 
 string SignatureTST::trustedSigningTime() const
@@ -86,7 +86,7 @@ void SignatureTST::validate() const
 {
     Exception exception(EXCEPTION_PARAMS("Timestamp validation."));
 
-    if (timestampToken->time().empty())
+    if(!timestampToken)
     {
         EXCEPTION_ADD(exception, "Failed to parse timestamp token.");
         throw exception;
 
@@ -54,12 +54,6 @@ DIGIDOCPP_WARNING_POP
 #define HAVE_WORKING_REGEX
 #endif
 
-#if XSEC_VERSION_MAJOR < 2
-#define XSEC_CONST
-#else
-#define XSEC_CONST const
-#endif
-
 using namespace digidoc;
 using namespace digidoc::asic;
 using namespace digidoc::dsig;
@@ -219,7 +213,7 @@ SignatureXAdES_B::SignatureXAdES_B(unsigned int id, ASiContainer *bdoc, Signer *
     }
     signature->signedInfo().signatureMethod(make_unique<SignatureMethodType>(X509Crypto(c).isRSAKey() ?
         Digest::toRsaUri(signer->method()) : Digest::toEcUri(signer->method()) ));
-    setSigningTime(date::gmtime(time(nullptr)));
+    setSigningTime(time(nullptr));
 
     string digestMethod = Conf::instance()->digestUri();
     for(const DataFile *f: bdoc->dataFiles())
@@ -529,7 +523,7 @@ void SignatureXAdES_B::validate(const string &policy) const
         s << e;
         EXCEPTION_ADD(exception, "Failed to validate signature: %s", s.str().c_str());
     }
-    catch(XSEC_CONST XSECException &e)
+    catch(const XSECException &e)
     {
         string s = xml::transcode<char>(e.getMsg());
         EXCEPTION_ADD(exception, "Failed to validate signature: %s", s.c_str());
@@ -934,7 +928,7 @@ void SignatureXAdES_B::setSignerRolesV2(const vector<string> &roles)
  *
  * @param signingTime signing time.
  */
-void SignatureXAdES_B::setSigningTime(const struct tm &signingTime)
+void SignatureXAdES_B::setSigningTime(time_t signingTime)
 {
     getSignedSignatureProperties().signingTime(date::makeDateTime(signingTime));
 }
@@ -1156,7 +1150,7 @@ vector<string> SignatureXAdES_B::signerRoles() const
 string SignatureXAdES_B::claimedSigningTime() const
 {
     if(const auto &signingTime = getSignedSignatureProperties().signingTime())
-        return date::xsd2string(signingTime.get());
+        return date::to_string(signingTime.get());
     return {};
 }
 
 
@@ -109,7 +109,7 @@ namespace digidoc
           inline auto signerRoles(const std::vector<std::string> &signerRoles);
           void setSignerRoles(const std::vector<std::string>& signerRoles);
           void setSignerRolesV2(const std::vector<std::string>& signerRoles);
-          void setSigningTime(const struct tm &signingTime);
+          void setSigningTime(time_t signingTime);
 
           // offline checks
           void checkSignatureValue() const;
 
@@ -23,6 +23,7 @@
 #include "Conf.h"
 #include "crypto/Digest.h"
 #include "crypto/OCSP.h"
+#include "crypto/TS.h"
 #include "crypto/X509Cert.h"
 #include "crypto/X509CertStore.h"
 #include "util/DateTime.h"
@@ -86,7 +87,7 @@ X509Cert SignatureXAdES_LT::OCSPCertificate() const
  */
 string SignatureXAdES_LT::OCSPProducedAt() const
 {
-    return util::date::ASN1TimeToXSD(getOCSPResponseValue().producedAt());
+    return util::date::to_string(getOCSPResponseValue().producedAt());
 }
 
 string SignatureXAdES_LT::trustedSigningTime() const
@@ -167,24 +168,26 @@ void SignatureXAdES_LT::validate(const std::string &policy) const
             }
             else
             {
-                struct tm producedAt = util::date::ASN1TimeToTM(ocsp.producedAt());
+                tm producedAt = ocsp.producedAt();
+                string producedAt_s = util::date::to_string(producedAt);
                 time_t producedAt_t = util::date::mkgmtime(producedAt);
-                time_t timeT = util::date::string2time_t(TimeStampTime());
-                if(timeT > producedAt_t)
+                tm timeStampTime = TimeStamp().time();
+                time_t timeStampTime_t = util::date::mkgmtime(timeStampTime);
+                if(timeStampTime_t > producedAt_t)
                 {
                     /*
                      * ETSI TS 103 171 V2.1.1 (2012-03)
                      * 8 Requirements for LT-Level Conformance
                      * This clause defines those requirements that XAdES signatures conformant to T-Level, have to fulfil to also be
                      * conformant to LT-Level.
                      */
-                    Exception e(EXCEPTION_PARAMS("TimeStamp time is greater than OCSP producedAt TS: %s OCSP: %s", TimeStampTime().c_str(), ocsp.producedAt().c_str()));
+                    Exception e(EXCEPTION_PARAMS("TimeStamp time is greater than OCSP producedAt TS: %s OCSP: %s", TimeStampTime().c_str(), producedAt_s.c_str()));
                     e.setCode(Exception::OCSPBeforeTimeStamp);
                     exception.addCause(e);
                 }
-                if((producedAt_t - timeT > 15 * 60) && !Exception::hasWarningIgnore(Exception::ProducedATLateWarning))
+                if((producedAt_t - timeStampTime_t > 15 * 60) && !Exception::hasWarningIgnore(Exception::ProducedATLateWarning))
                 {
-                    Exception e(EXCEPTION_PARAMS("TimeStamp time and OCSP producedAt are over 15m off TS: %s OCSP: %s", TimeStampTime().c_str(), ocsp.producedAt().c_str()));
+                    Exception e(EXCEPTION_PARAMS("TimeStamp time and OCSP producedAt are over 15m off TS: %s OCSP: %s", TimeStampTime().c_str(), producedAt_s.c_str()));
                     e.setCode(Exception::ProducedATLateWarning);
                     exception.addCause(e);
                 }
@@ -267,7 +270,7 @@ void SignatureXAdES_LT::addCertificateValue(const string& certId, const X509Cert
 
 void SignatureXAdES_LT::addOCSPValue(const string &id, const OCSP &ocsp)
 {
-    DEBUG("SignatureXAdES_LT::addOCSPValue(%s, %s)", id.c_str(), ocsp.producedAt().c_str());
+    DEBUG("SignatureXAdES_LT::addOCSPValue(%s, %s)", id.c_str(), util::date::to_string(ocsp.producedAt()).c_str());
 
     createUnsignedSignatureProperties();
 
 
@@ -41,12 +41,6 @@ DIGIDOCPP_WARNING_DISABLE_MSVC(4005)
 #include <xsec/utils/XSECBinTXFMInputStream.hpp>
 DIGIDOCPP_WARNING_POP
 
-#if XSEC_VERSION_MAJOR < 2
-#define XSEC_CONST
-#else
-#define XSEC_CONST const
-#endif
-
 using namespace digidoc;
 using namespace digidoc::dsig;
 using namespace digidoc::util;
@@ -96,7 +90,7 @@ void SignatureXAdES_LTA::calcArchiveDigest(Digest *digest,
     catch(const xsd::cxx::xml::invalid_utf16_string & /* ex */) {
         THROW("Failed to calculate digest");
     }
-    catch(XSEC_CONST XSECException &e)
+    catch(const XSECException &e)
     {
         try {
             string result = xsd::cxx::xml::transcode<char>(e.getMsg());
@@ -200,7 +194,7 @@ X509Cert SignatureXAdES_LTA::ArchiveTimeStampCertificate() const
 
 string SignatureXAdES_LTA::ArchiveTimeStampTime() const
 {
-    return date::ASN1TimeToXSD(tsaFromBase64().time());
+    return date::to_string(tsaFromBase64().time());
 }
 
 void SignatureXAdES_LTA::validate(const string &policy) const
 
@@ -50,17 +50,17 @@ void SignatureXAdES_T::createUnsignedSignatureProperties()
 
 vector<unsigned char> SignatureXAdES_T::messageImprint() const
 {
-    return tsFromBase64().messageImprint();
+    return TimeStamp().messageImprint();
 }
 
 X509Cert SignatureXAdES_T::TimeStampCertificate() const
 {
-    return tsFromBase64().cert();
+    return TimeStamp().cert();
 }
 
 string SignatureXAdES_T::TimeStampTime() const
 {
-    return util::date::ASN1TimeToXSD(tsFromBase64().time());
+    return util::date::to_string(TimeStamp().time());
 }
 
 string SignatureXAdES_T::trustedSigningTime() const
@@ -95,7 +95,7 @@ void SignatureXAdES_T::extendSignatureProfile(const std::string &profile)
     sigdata_.clear();
 }
 
-TS SignatureXAdES_T::tsFromBase64() const
+TS SignatureXAdES_T::TimeStamp() const
 {
     try {
         if(unsignedSignatureProperties().signatureTimeStamp().empty())
@@ -143,7 +143,8 @@ void SignatureXAdES_T::validate(const std::string &policy) const
             calcDigestOnNode(digest, URI_ID_DSIG, u"SignatureValue", canonicalizationMethod);
         });
 
-        time_t validateTime = util::date::ASN1TimeToTime_t(tsa.time());
+        tm tm = tsa.time();
+        time_t validateTime = util::date::mkgmtime(tm);
         if(!signingCertificate().isValid(&validateTime))
             THROW("Signing certificate was not valid on signing time");
 
 
@@ -45,15 +45,13 @@ class SignatureXAdES_T: public SignatureXAdES_B
 protected:
     void createUnsignedSignatureProperties();
     xades::UnsignedSignaturePropertiesType& unsignedSignatureProperties() const;
+    TS TimeStamp() const;
 
     TS verifyTS(const xades::XAdESTimeStampType &timestamp, Exception &exception,
         std::function<void (Digest *, std::string_view)> &&calcDigest) const;
 
 private:
     DISABLE_COPY(SignatureXAdES_T);
-
-    TS tsFromBase64() const;
-
 };
 
 }
@@ -113,7 +113,7 @@ OCSP::OCSP(const X509Cert &cert, const X509Cert &issuer, const vector<unsigned c
     if(OCSP_resp_find_status(basic.get(), certId, nullptr, nullptr, nullptr, &thisUpdate, &nextUpdate) != 1)
         THROW("Failed to find CERT_ID from OCSP response.");
 
-    DEBUG("OCSP producedAt: %s", producedAt().c_str());
+    DEBUG("OCSP producedAt: %s", util::date::to_string(producedAt()).c_str());
     if(!OCSP_check_validity(thisUpdate, nextUpdate, 15*60, 2*60))
     {
         Exception e(EXCEPTION_PARAMS("OCSP response not in valid time slot."));
@@ -272,7 +272,8 @@ void OCSP::verifyResponse(const X509Cert &cert) const
     if(!resp)
         THROW("Failed to verify OCSP response.");
 
-    time_t t = util::date::ASN1TimeToTime_t(producedAt());
+    tm tm = producedAt();
+    time_t t = util::date::mkgmtime(tm);
     SCOPE(X509_STORE, store, X509CertStore::createStore(X509CertStore::OCSP, &t));
     STACK_OF(X509) *stack = sk_X509_new_null();
     for(const X509Cert &i: X509CertStore::instance()->certs(X509CertStore::OCSP))
@@ -364,12 +365,11 @@ vector<unsigned char> OCSP::nonce() const
     return nonce;
 }
 
-string OCSP::producedAt() const
+tm OCSP::producedAt() const
 {
     if(!basic)
         return {};
-    const ASN1_GENERALIZEDTIME *time = OCSP_resp_get0_produced_at(basic.get());
-    if(!time)
-        return {};
-    return { time->data, time->data + time->length };
+    tm tm {};
+    ASN1_TIME_to_tm(OCSP_resp_get0_produced_at(basic.get()), &tm);
+    return tm;
 }
Original file line number	Diff line number	Diff line change
`@@ -232,9 +232,8 @@ Signature::Validator::Validator(const Signature *s)`
`232`	`232`	`{`
`233`	`233`	`parseException(e);`
`234`	`234`	`}`
`235`		`- switch(d->result)`
	`235`	`+ if(d->result == Unknown)`
`236`	`236`	`{`
`237`		`- case Unknown:`
`238`	`237`	`try`
`239`	`238`	`{`
`240`	`239`	`s->validate(POLv1);`
`@@ -244,9 +243,6 @@ Signature::Validator::Validator(const Signature *s)`
`244`	`243`	`{`
`245`	`244`	`parseException(e);`
`246`	`245`	`}`
`247`		`- break;`
`248`		`- default:`
`249`		`- break;`
`250`	`246`	`}`
`251`	`247`	`}`
`252`	`248`
Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ X509Cert SignatureTST::TimeStampCertificate() const`
`53`	`53`
`54`	`54`	`string SignatureTST::TimeStampTime() const`
`55`	`55`	`{`
`56`		`- return util::date::ASN1TimeToXSD(timestampToken->time());`
	`56`	`+ return util::date::to_string(timestampToken->time());`
`57`	`57`	`}`
`58`	`58`
`59`	`59`	`string SignatureTST::trustedSigningTime() const`
`@@ -86,7 +86,7 @@ void SignatureTST::validate() const`
`86`	`86`	`{`
`87`	`87`	`Exception exception(EXCEPTION_PARAMS("Timestamp validation."));`
`88`	`88`
`89`		`- if (timestampToken->time().empty())`
	`89`	`+ if(!timestampToken)`
`90`	`90`	`{`
`91`	`91`	`EXCEPTION_ADD(exception, "Failed to parse timestamp token.");`
`92`	`92`	`throw exception;`
Original file line number	Diff line number	Diff line change
`@@ -54,12 +54,6 @@ DIGIDOCPP_WARNING_POP`
`54`	`54`	`#define HAVE_WORKING_REGEX`
`55`	`55`	`#endif`
`56`	`56`
`57`		`-#if XSEC_VERSION_MAJOR < 2`
`58`		`-#define XSEC_CONST`
`59`		`-#else`
`60`		`-#define XSEC_CONST const`
`61`		`-#endif`
`62`		`-`
`63`	`57`	`using namespace digidoc;`
`64`	`58`	`using namespace digidoc::asic;`
`65`	`59`	`using namespace digidoc::dsig;`
`@@ -219,7 +213,7 @@ SignatureXAdES_B::SignatureXAdES_B(unsigned int id, ASiContainer bdoc, Signer `
`219`	`213`	`}`
`220`	`214`	`signature->signedInfo().signatureMethod(make_unique<SignatureMethodType>(X509Crypto(c).isRSAKey() ?`
`221`	`215`	`Digest::toRsaUri(signer->method()) : Digest::toEcUri(signer->method()) ));`
`222`		`- setSigningTime(date::gmtime(time(nullptr)));`
	`216`	`+ setSigningTime(time(nullptr));`
`223`	`217`
`224`	`218`	`string digestMethod = Conf::instance()->digestUri();`
`225`	`219`	`for(const DataFile *f: bdoc->dataFiles())`
`@@ -529,7 +523,7 @@ void SignatureXAdES_B::validate(const string &policy) const`
`529`	`523`	`s << e;`
`530`	`524`	`EXCEPTION_ADD(exception, "Failed to validate signature: %s", s.str().c_str());`
`531`	`525`	`}`
`532`		`- catch(XSEC_CONST XSECException &e)`
	`526`	`+ catch(const XSECException &e)`
`533`	`527`	`{`
`534`	`528`	`string s = xml::transcode<char>(e.getMsg());`
`535`	`529`	`EXCEPTION_ADD(exception, "Failed to validate signature: %s", s.c_str());`
`@@ -934,7 +928,7 @@ void SignatureXAdES_B::setSignerRolesV2(const vector<string> &roles)`
`934`	`928`	`*`
`935`	`929`	`* @param signingTime signing time.`
`936`	`930`	`*/`
`937`		`-void SignatureXAdES_B::setSigningTime(const struct tm &signingTime)`
	`931`	`+void SignatureXAdES_B::setSigningTime(time_t signingTime)`
`938`	`932`	`{`
`939`	`933`	`getSignedSignatureProperties().signingTime(date::makeDateTime(signingTime));`
`940`	`934`	`}`
`@@ -1156,7 +1150,7 @@ vector<string> SignatureXAdES_B::signerRoles() const`
`1156`	`1150`	`string SignatureXAdES_B::claimedSigningTime() const`
`1157`	`1151`	`{`
`1158`	`1152`	`if(const auto &signingTime = getSignedSignatureProperties().signingTime())`
`1159`		`- return date::xsd2string(signingTime.get());`
	`1153`	`+ return date::to_string(signingTime.get());`
`1160`	`1154`	`return {};`
`1161`	`1155`	`}`
`1162`	`1156`
Original file line number	Diff line number	Diff line change
`@@ -50,17 +50,17 @@ void SignatureXAdES_T::createUnsignedSignatureProperties()`
`50`	`50`
`51`	`51`	`vector<unsigned char> SignatureXAdES_T::messageImprint() const`
`52`	`52`	`{`
`53`		`- return tsFromBase64().messageImprint();`
	`53`	`+ return TimeStamp().messageImprint();`
`54`	`54`	`}`
`55`	`55`
`56`	`56`	`X509Cert SignatureXAdES_T::TimeStampCertificate() const`
`57`	`57`	`{`
`58`		`- return tsFromBase64().cert();`
	`58`	`+ return TimeStamp().cert();`
`59`	`59`	`}`
`60`	`60`
`61`	`61`	`string SignatureXAdES_T::TimeStampTime() const`
`62`	`62`	`{`
`63`		`- return util::date::ASN1TimeToXSD(tsFromBase64().time());`
	`63`	`+ return util::date::to_string(TimeStamp().time());`
`64`	`64`	`}`
`65`	`65`
`66`	`66`	`string SignatureXAdES_T::trustedSigningTime() const`
`@@ -95,7 +95,7 @@ void SignatureXAdES_T::extendSignatureProfile(const std::string &profile)`
`95`	`95`	`sigdata_.clear();`
`96`	`96`	`}`
`97`	`97`
`98`		`-TS SignatureXAdES_T::tsFromBase64() const`
	`98`	`+TS SignatureXAdES_T::TimeStamp() const`
`99`	`99`	`{`
`100`	`100`	`try {`
`101`	`101`	`if(unsignedSignatureProperties().signatureTimeStamp().empty())`
`@@ -143,7 +143,8 @@ void SignatureXAdES_T::validate(const std::string &policy) const`
`143`	`143`	`calcDigestOnNode(digest, URI_ID_DSIG, u"SignatureValue", canonicalizationMethod);`
`144`	`144`	`});`
`145`	`145`
`146`		`- time_t validateTime = util::date::ASN1TimeToTime_t(tsa.time());`
	`146`	`+ tm tm = tsa.time();`
	`147`	`+ time_t validateTime = util::date::mkgmtime(tm);`
`147`	`148`	`if(!signingCertificate().isValid(&validateTime))`
`148`	`149`	`THROW("Signing certificate was not valid on signing time");`
`149`	`150`