open-eid · kristelmerilain · Mar 1, 2024 · Feb 9, 2024
diff --git a/src/SignatureXAdES_B.cpp b/src/SignatureXAdES_B.cpp
@@ -277,14 +277,16 @@ SignatureXAdES_B::SignatureXAdES_B(unsigned int id, ASiContainer *container, Sig
     if(signer->usingENProfile())
     {
         setSigningCertificateV2(c);
-        setSignatureProductionPlaceV2(signer->city(), signer->streetAddress(), signer->stateOrProvince(), signer->postalCode(), signer->countryName());
-        setSignerRolesV2(signer->signerRoles());
+        setSignatureProductionPlace<SignatureProductionPlaceV2Type>(signer->city(), signer->streetAddress(),
+            signer->stateOrProvince(), signer->postalCode(), signer->countryName());
+        setSignerRoles<SignerRoleV2Type>(signer->signerRoles());
     }
     else
     {
         setSigningCertificate(c);
-        setSignatureProductionPlace(signer->city(), signer->stateOrProvince(), signer->postalCode(), signer->countryName());
-        setSignerRoles(signer->signerRoles());
+        setSignatureProductionPlace<SignatureProductionPlaceType>(signer->city(), signer->streetAddress(),
+            signer->stateOrProvince(), signer->postalCode(), signer->countryName());
+        setSignerRoles<SignerRoleType>(signer->signerRoles());
     }
     setSigningTime(time(nullptr));
 
@@ -879,14 +881,15 @@ void SignatureXAdES_B::setSigningCertificateV2(const X509Cert& x509)
  *
  * @param spp signature production place.
  */
-void SignatureXAdES_B::setSignatureProductionPlace(const string &city,
+template<class T>
+void SignatureXAdES_B::setSignatureProductionPlace(const string &city, const string &streetAddress,
     const string &stateOrProvince, const string &postalCode, const string &countryName)
 {
-    if(city.empty() && stateOrProvince.empty() &&
+    if(city.empty() && streetAddress.empty() && stateOrProvince.empty() &&
         postalCode.empty() && countryName.empty())
         return;
 
-    auto signatureProductionPlace = make_unique<SignatureProductionPlaceType>();
+    auto signatureProductionPlace = make_unique<T>();
     if(!city.empty())
         signatureProductionPlace->city(city);
     if(!stateOrProvince.empty())
@@ -896,71 +899,40 @@ void SignatureXAdES_B::setSignatureProductionPlace(const string &city,
     if(!countryName.empty())
         signatureProductionPlace->countryName(countryName);
 
-    getSignedSignatureProperties().signatureProductionPlace(std::move(signatureProductionPlace));
+    if constexpr (is_same_v<T, SignatureProductionPlaceV2Type>)
+    {
+        if(!streetAddress.empty())
+            signatureProductionPlace->streetAddress(streetAddress);
+        getSignedSignatureProperties().signatureProductionPlaceV2(std::move(signatureProductionPlace));
+    }
+    else
+        getSignedSignatureProperties().signatureProductionPlace(std::move(signatureProductionPlace));
 }
 
 /**
- * Sets signature production place.
+ * Sets signer claimed roles to the signature.
+ * NB! Only ClaimedRoles are supported. CerifiedRoles are not supported.
  *
- * @param spp signature production place.
+ * @param roles signer roles.
  */
-void SignatureXAdES_B::setSignatureProductionPlaceV2(const string &city, const string &streetAddress,
-    const string &stateOrProvince, const string &postalCode, const string &countryName)
+template<class T>
+void SignatureXAdES_B::setSignerRoles(const vector<string> &roles)
 {
-    if(city.empty() && streetAddress.empty() && stateOrProvince.empty() &&
-        postalCode.empty() && countryName.empty())
+    if(roles.empty())
         return;
 
-    auto signatureProductionPlace = make_unique<SignatureProductionPlaceV2Type>();
-    if(!city.empty())
-        signatureProductionPlace->city(city);
-    if(!streetAddress.empty())
-        signatureProductionPlace->streetAddress(streetAddress);
-    if(!stateOrProvince.empty())
-        signatureProductionPlace->stateOrProvince(stateOrProvince);
-    if(!postalCode.empty())
-        signatureProductionPlace->postalCode(postalCode);
-    if(!countryName.empty())
-        signatureProductionPlace->countryName(countryName);
-
-    getSignedSignatureProperties().signatureProductionPlaceV2(std::move(signatureProductionPlace));
-}
-
-template<class T>
-auto SignatureXAdES_B::signerRoles(const vector<string> &roles)
-{
     auto claimedRoles = make_unique<ClaimedRolesListType>();
     claimedRoles->claimedRole().reserve(roles.size());
     for(const string &role: roles)
         claimedRoles->claimedRole().push_back(role);
 
     auto signerRole = make_unique<T>();
     signerRole->claimedRoles(std::move(claimedRoles));
-    return signerRole;
-}
-
-/**
- * Sets signer claimed roles to the signature.
- * NB! Only ClaimedRoles are supported. CerifiedRoles are not supported.
- *
- * @param roles signer roles.
- */
-void SignatureXAdES_B::setSignerRoles(const vector<string> &roles)
-{
-    if(!roles.empty())
-        getSignedSignatureProperties().signerRole(signerRoles<SignerRoleType>(roles));
-}
 
-/**
- * Sets signer claimed roles to the signature.
- * NB! Only ClaimedRoles are supported. CerifiedRoles are not supported.
- *
- * @param roles signer roles.
- */
-void SignatureXAdES_B::setSignerRolesV2(const vector<string> &roles)
-{
-    if(!roles.empty())
-        getSignedSignatureProperties().signerRoleV2(signerRoles<SignerRoleV2Type>(roles));
+    if constexpr (is_same_v<T, SignerRoleV2Type>)
+        getSignedSignatureProperties().signerRoleV2(std::move(signerRole));
+    else
+        getSignedSignatureProperties().signerRole(std::move(signerRole));
 }
 
 /**
@@ -1104,21 +1076,21 @@ string SignatureXAdES_B::countryName() const
 
 vector<string> SignatureXAdES_B::signerRoles() const
 {
-    const ClaimedRolesListType::ClaimedRoleSequence &claimedRoleSequence = [&] {
-        // return elements from SignerRole element or SignerRoleV2 when available
-        if(const auto &role = getSignedSignatureProperties().signerRole();
-            role && role->claimedRoles())
-            return role->claimedRoles()->claimedRole();
-        if(const auto &roleV2 = getSignedSignatureProperties().signerRoleV2();
-            roleV2 && roleV2->claimedRoles())
-            return roleV2->claimedRoles()->claimedRole();
-        return ClaimedRolesListType::ClaimedRoleSequence{};
-    }();
-    vector<string> roles;
-    roles.reserve(claimedRoleSequence.size());
-    for(const ClaimedRolesListType::ClaimedRoleType &type: claimedRoleSequence)
-        roles.emplace_back(type.text());
-    return roles;
+    auto toRoles = [](const ClaimedRolesListType::ClaimedRoleSequence &claimedRoleSequence) -> vector<string> {
+        vector<string> roles;
+        roles.reserve(claimedRoleSequence.size());
+        for(const auto &type: claimedRoleSequence)
+            roles.emplace_back(type.text());
+        return roles;
+    };
+    // return elements from SignerRole element or SignerRoleV2 when available
+    if(const auto &role = getSignedSignatureProperties().signerRole();
+        role && role->claimedRoles())
+        return toRoles(role->claimedRoles()->claimedRole());
+    if(const auto &roleV2 = getSignedSignatureProperties().signerRoleV2();
+        roleV2 && roleV2->claimedRoles())
+        return toRoles(roleV2->claimedRoles()->claimedRole());
+    return {};
 }
 
 string SignatureXAdES_B::claimedSigningTime() const

diff --git a/src/SignatureXAdES_B.h b/src/SignatureXAdES_B.h
@@ -120,14 +120,11 @@ namespace digidoc
           void setKeyInfo(const X509Cert& cert);
           void setSigningCertificate(const X509Cert& cert);
           void setSigningCertificateV2(const X509Cert& cert);
-          void setSignatureProductionPlace(const std::string &city,
-              const std::string &stateOrProvince, const std::string &postalCode, const std::string &countryName);
-          void setSignatureProductionPlaceV2(const std::string &city, const std::string &streetAddress,
+          template<class T>
+          void setSignatureProductionPlace(const std::string &city, const std::string &streetAddress,
               const std::string &stateOrProvince, const std::string &postalCode, const std::string &countryName);
           template<class T>
-          inline auto signerRoles(const std::vector<std::string> &signerRoles);
-          void setSignerRoles(const std::vector<std::string>& signerRoles);
-          void setSignerRolesV2(const std::vector<std::string>& signerRoles);
+          void setSignerRoles(const std::vector<std::string> &signerRoles);
           void setSigningTime(time_t signingTime);
 
           // offline checks

diff --git a/src/SignatureXAdES_LT.cpp b/src/SignatureXAdES_LT.cpp
@@ -42,6 +42,11 @@ using namespace digidoc::xades;
 using namespace std;
 using namespace xml_schema;
 
+static Base64Binary toBase64(const vector<unsigned char> &v)
+{
+    return {const_cast<unsigned char*>(v.data()), v.size(), v.size(), false};
+}
+
 SignatureXAdES_LT::SignatureXAdES_LT(unsigned int id, ASiContainer *bdoc, Signer *signer)
 : SignatureXAdES_T(id, bdoc, signer)
 {}
@@ -92,7 +97,7 @@ string SignatureXAdES_LT::OCSPProducedAt() const
 string SignatureXAdES_LT::trustedSigningTime() const
 {
     string time = OCSPProducedAt();
-    return time.empty() || profile().find(ASiC_E::ASIC_TM_PROFILE) == string::npos ? SignatureXAdES_T::trustedSigningTime() : time;
+    return time.empty() || profile().find(ASiC_E::ASIC_TM_PROFILE) == string::npos ? SignatureXAdES_T::trustedSigningTime() : std::move(time);
 }
 
 /**
@@ -248,16 +253,15 @@ void SignatureXAdES_LT::addCertificateValue(const string& certId, const X509Cert
             unsignedSignatureProperties().certificateValues();
     if(values.empty())
     {
-        values.push_back(CertificateValuesType());
+        values.push_back(make_unique<CertificateValuesType>());
         unsignedSignatureProperties().contentOrder().push_back(
             UnsignedSignaturePropertiesType::ContentOrderType(
                 UnsignedSignaturePropertiesType::certificateValuesId, values.size() - 1));
     }
 
-    vector<unsigned char> der = x509;
-    CertificateValuesType::EncapsulatedX509CertificateType certData({der.data(), der.size(), der.size(), false});
-    certData.id(certId);
-    values[0].encapsulatedX509Certificate().push_back(certData);
+    auto certData = make_unique<CertificateValuesType::EncapsulatedX509CertificateType>(toBase64(x509));
+    certData->id(certId);
+    values[0].encapsulatedX509Certificate().push_back(std::move(certData));
 }
 
 void SignatureXAdES_LT::addOCSPValue(const string &id, const OCSP &ocsp)
@@ -266,17 +270,16 @@ void SignatureXAdES_LT::addOCSPValue(const string &id, const OCSP &ocsp)
 
     createUnsignedSignatureProperties();
 
-    vector<unsigned char> der = ocsp;
-    OCSPValuesType::EncapsulatedOCSPValueType ocspValueData({der.data(), der.size(), der.size(), false});
-    ocspValueData.id(id);
+    auto ocspValueData = make_unique<OCSPValuesType::EncapsulatedOCSPValueType>(toBase64(ocsp));
+    ocspValueData->id(id);
 
-    OCSPValuesType ocspValue;
-    ocspValue.encapsulatedOCSPValue().push_back(ocspValueData);
+    auto ocspValue = make_unique<OCSPValuesType>();
+    ocspValue->encapsulatedOCSPValue().push_back(std::move(ocspValueData));
 
-    RevocationValuesType revocationValues;
-    revocationValues.oCSPValues(ocspValue);
+    auto revocationValues = make_unique<RevocationValuesType>();
+    revocationValues->oCSPValues(std::move(ocspValue));
 
-    unsignedSignatureProperties().revocationValues().push_back(revocationValues);
+    unsignedSignatureProperties().revocationValues().push_back(std::move(revocationValues));
     unsignedSignatureProperties().contentOrder().push_back(
         UnsignedSignaturePropertiesType::ContentOrderType(
             UnsignedSignaturePropertiesType::revocationValuesId,

diff --git a/src/SignatureXAdES_T.cpp b/src/SignatureXAdES_T.cpp
@@ -66,7 +66,7 @@ string SignatureXAdES_T::TimeStampTime() const
 string SignatureXAdES_T::trustedSigningTime() const
 {
     string time = TimeStampTime();
-    return time.empty() ? SignatureXAdES_B::trustedSigningTime() : time;
+    return time.empty() ? SignatureXAdES_B::trustedSigningTime() : std::move(time);
 }
 
 void SignatureXAdES_T::extendSignatureProfile(const std::string &profile)

diff --git a/src/crypto/Connect.cpp b/src/crypto/Connect.cpp
@@ -89,7 +89,7 @@ Connect::Connect(const string &_url, const string &method, int timeout, const ve
     {
         hostname = c->proxyHost() + ":" + c->proxyPort();
         if(usessl == 0 || (CONF(proxyForceSSL)))
-            path = url;
+            path = std::move(url);
     }
 
     DEBUG("Connecting to Host: %s timeout: %i", hostname.c_str(), _timeout);

diff --git a/src/crypto/PKCS11Signer.cpp b/src/crypto/PKCS11Signer.cpp
@@ -221,7 +221,7 @@ X509Cert PKCS11Signer::cert() const
             vector<CK_BYTE> id = d->attribute(session, obj, CKA_ID);
             if(d->findObject(session, CKO_PUBLIC_KEY, id).empty())
                 continue;
-            certSlotMapping.push_back({x509, slot, id});
+            certSlotMapping.push_back({x509, slot, std::move(id)});
             certificates.push_back(std::move(x509));
         }
     }