Allow only qualified OCSP-s

IB-8298 Signed-off-by: Raul Metsma <[email protected]>
open-eid · Nov 15, 2024 · f7006e5 · f7006e5
1 parent 16b6728
commit f7006e5
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 19 deletions.
diff --git a/src/crypto/TSL.cpp b/src/crypto/TSL.cpp
@@ -22,10 +22,10 @@
 #include "Conf.h"
 #include "XMLDocument.h"
 #include "crypto/Connect.h"
+#include "util/algorithm.h"
 #include "util/DateTime.h"
 #include "util/File.h"
 
-#include <algorithm>
 #include <array>
 #include <charconv>
 #include <fstream>
@@ -80,18 +80,10 @@ constexpr array SERVICESTATUS_END {
 
 constexpr array SERVICES_SUPPORTED {
     "http://uri.etsi.org/TrstSvc/Svctype/CA/QC",
-    "http://uri.etsi.org/TrstSvc/Svctype/Certstatus/OCSP",
     "http://uri.etsi.org/TrstSvc/Svctype/Certstatus/OCSP/QC",
     "http://uri.etsi.org/TrstSvc/Svctype/TSA/QTST",
 };
 
-template<typename C, typename T>
-[[nodiscard]]
-constexpr bool contains(const C &list, const T &value)
-{
-    return find(list.begin(), list.end(), value) != list.end();
-}
-
 }
 
 

diff --git a/src/crypto/X509CertStore.cpp b/src/crypto/X509CertStore.cpp
@@ -23,25 +23,17 @@
 #include "crypto/Connect.h"
 #include "crypto/OpenSSLHelpers.h"
 #include "crypto/TSL.h"
+#include "util/algorithm.h"
 #include "util/DateTime.h"
 #include "util/log.h"
 
 #include <openssl/conf.h>
 #include <openssl/ssl.h>
 #include <openssl/x509v3.h>
 
-#include <algorithm>
-
 using namespace digidoc;
 using namespace std;
 
-template<typename C, typename T>
-[[nodiscard]]
-constexpr bool contains(const C &list, const T &value)
-{
-    return find(list.begin(), list.end(), std::forward<decltype(value)>(value)) != list.end();
-};
-
 const X509CertStore::Type X509CertStore::CA {
     "http://uri.etsi.org/TrstSvc/Svctype/CA/QC",
 };
@@ -52,7 +44,6 @@ const X509CertStore::Type X509CertStore::TSA {
 
 const X509CertStore::Type X509CertStore::OCSP {
     "http://uri.etsi.org/TrstSvc/Svctype/CA/QC",
-    "http://uri.etsi.org/TrstSvc/Svctype/Certstatus/OCSP",
     "http://uri.etsi.org/TrstSvc/Svctype/Certstatus/OCSP/QC",
 };
 

diff --git a/src/util/algorithm.h b/src/util/algorithm.h
@@ -0,0 +1,34 @@
+/*
+ * libdigidocpp
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+#pragma once
+
+#include <algorithm>
+
+namespace digidoc
+{
+
+template<typename C, typename T>
+[[nodiscard]]
+constexpr bool contains(const C &list, T value)
+{
+    return std::find(list.begin(), list.end(), std::forward<decltype(value)>(value)) != list.end();
+};
+
+}