Swift
summaryrefslogtreecommitdiffstats
path: root/Swiften/TLS/ServerIdentityVerifier.cpp
diff options
context:
space:
mode:
authorTobias Markmann <tm@ayena.de>2016-11-23 07:09:39 (GMT)
committerTobias Markmann <tm@ayena.de>2016-11-23 11:30:02 (GMT)
commite405ff3561be3d3c0bd79d7d5173923a8828cf02 (patch)
tree9118ef838ebfaec1df90ec24761944b5d833774c /Swiften/TLS/ServerIdentityVerifier.cpp
parent8a71b91be885652f37c5aab5e1ecf25af4599fbc (diff)
downloadswift-e405ff3561be3d3c0bd79d7d5173923a8828cf02.zip
swift-e405ff3561be3d3c0bd79d7d5173923a8828cf02.tar.bz2
Migrate remaining Swiften/Base/foreach.h use to range-based for loop
Test-Information: Build on macOS 10.12.1 and all tests pass. Change-Id: Iedaa3fa7e7672c77909fd0568bf30e9393cb87e0
Diffstat (limited to 'Swiften/TLS/ServerIdentityVerifier.cpp')
-rw-r--r--Swiften/TLS/ServerIdentityVerifier.cpp9
1 files changed, 4 insertions, 5 deletions
diff --git a/Swiften/TLS/ServerIdentityVerifier.cpp b/Swiften/TLS/ServerIdentityVerifier.cpp
index 872717b..226e94b 100644
--- a/Swiften/TLS/ServerIdentityVerifier.cpp
+++ b/Swiften/TLS/ServerIdentityVerifier.cpp
@@ -1,93 +1,92 @@
/*
* Copyright (c) 2010-2016 Isode Limited.
* All rights reserved.
* See the COPYING file for more information.
*/
#include <Swiften/TLS/ServerIdentityVerifier.h>
#include <boost/algorithm/string.hpp>
-#include <Swiften/Base/foreach.h>
#include <Swiften/IDN/IDNConverter.h>
namespace Swift {
ServerIdentityVerifier::ServerIdentityVerifier(const JID& jid, IDNConverter* idnConverter) : domainValid(false) {
domain = jid.getDomain();
boost::optional<std::string> domainResult = idnConverter->getIDNAEncoded(domain);
if (!!domainResult) {
encodedDomain = *domainResult;
domainValid = true;
}
}
bool ServerIdentityVerifier::certificateVerifies(Certificate::ref certificate) {
bool hasSAN = false;
if (certificate == nullptr) {
return false;
}
// DNS names
std::vector<std::string> dnsNames = certificate->getDNSNames();
- foreach (const std::string& dnsName, dnsNames) {
+ for (const auto& dnsName : dnsNames) {
if (matchesDomain(dnsName)) {
return true;
}
}
hasSAN |= !dnsNames.empty();
// SRV names
std::vector<std::string> srvNames = certificate->getSRVNames();
- foreach (const std::string& srvName, srvNames) {
+ for (const auto& srvName : srvNames) {
// Only match SRV names that begin with the service; this isn't required per
// spec, but we're being purist about this.
if (boost::starts_with(srvName, "_xmpp-client.") && matchesDomain(srvName.substr(std::string("_xmpp-client.").size(), srvName.npos))) {
return true;
}
}
hasSAN |= !srvNames.empty();
// XmppAddr
std::vector<std::string> xmppAddresses = certificate->getXMPPAddresses();
- foreach (const std::string& xmppAddress, xmppAddresses) {
+ for (const auto& xmppAddress : xmppAddresses) {
if (matchesAddress(xmppAddress)) {
return true;
}
}
hasSAN |= !xmppAddresses.empty();
// CommonNames. Only check this if there was no SAN (according to spec).
if (!hasSAN) {
std::vector<std::string> commonNames = certificate->getCommonNames();
- foreach (const std::string& commonName, commonNames) {
+ for (const auto& commonName : commonNames) {
if (matchesDomain(commonName)) {
return true;
}
}
}
return false;
}
bool ServerIdentityVerifier::matchesDomain(const std::string& s) const {
if (!domainValid) {
return false;
}
if (boost::starts_with(s, "*.")) {
std::string matchString(s.substr(2, s.npos));
std::string matchDomain = encodedDomain;
size_t dotIndex = matchDomain.find('.');
if (dotIndex != matchDomain.npos) {
matchDomain = matchDomain.substr(dotIndex + 1, matchDomain.npos);
}
return matchString == matchDomain;
}
else {
return s == encodedDomain;
}
}
bool ServerIdentityVerifier::matchesAddress(const std::string& s) const {
return s == domain;
}