From: Alberto Leiva Popper <ydahhrk@gmail.com>
Date: Fri, 7 Jul 2023 16:03:34 +0000 (-0600)
Subject: Rename the cert_type enums
X-Git-Tag: 1.6.0~72^2~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=73bcc091f362e06e5bfe9abe92c9a07a8a8e395d;p=thirdparty%2FFORT-validator.git

Rename the cert_type enums

Slightly more idiomatic C, makes it a bit clearer to see what they are.

Part of a series of patches meant to manually rebase the issue58-proper
branch.
---

diff --git a/src/asn1/signed_data.c b/src/asn1/signed_data.c
index 83b5934e..7d27dff9 100644
--- a/src/asn1/signed_data.c
+++ b/src/asn1/signed_data.c
@@ -95,7 +95,7 @@ handle_sdata_certificate(ANY_t *cert_encoded, struct signed_object_args *args,
 	error = certificate_validate_chain(cert, args->crls);
 	if (error)
 		goto end2;
-	error = certificate_validate_rfc6487(cert, EE);
+	error = certificate_validate_rfc6487(cert, CERTYPE_EE);
 	if (error)
 		goto end2;
 	error = certificate_validate_extensions_ee(cert, sid, &args->refs,
@@ -110,7 +110,7 @@ handle_sdata_certificate(ANY_t *cert_encoded, struct signed_object_args *args,
 		goto end2;
 
 	resources_set_policy(args->res, policy);
-	error = certificate_get_resources(cert, args->res, EE);
+	error = certificate_get_resources(cert, args->res, CERTYPE_EE);
 	if (error)
 		goto end2;
 
diff --git a/src/cert_stack.c b/src/cert_stack.c
index 94204be3..f7a2520f 100644
--- a/src/cert_stack.c
+++ b/src/cert_stack.c
@@ -264,7 +264,7 @@ init_resources(X509 *x509, enum rpki_policy policy, enum cert_type type,
 	 * The "It MUST NOT use the "inherit" form of the INR extension(s)"
 	 * part is already handled in certificate_get_resources().
 	 */
-	if (type == TA && resources_empty(result)) {
+	if (type == CERTYPE_TA && resources_empty(result)) {
 		error = pr_val_err("Trust Anchor certificate does not define any number resources.");
 		goto fail;
 	}
diff --git a/src/object/certificate.c b/src/object/certificate.c
index 411f6e64..80d630bd 100644
--- a/src/object/certificate.c
+++ b/src/object/certificate.c
@@ -426,7 +426,7 @@ validate_public_key(X509 *cert, enum cert_type type)
 	if (!ok)
 		return val_crypto_err("X509_PUBKEY_get0_param() returned %d", ok);
 
-	if (type == BGPSEC)
+	if (type == CERTYPE_BGPSEC)
 		return validate_certificate_public_key_algorithm_bgpsec(pa);
 
 	error = validate_certificate_public_key_algorithm(pa);
@@ -449,7 +449,7 @@ validate_public_key(X509 *cert, enum cert_type type)
 	 * getting the message.
 	 */
 
-	if (type == TA) {
+	if (type == CERTYPE_TA) {
 		error = validate_spki(pubkey);
 		if (error)
 			return error;
@@ -491,7 +491,7 @@ certificate_validate_rfc6487(X509 *cert, enum cert_type type)
 		return error;
 
 	/* rfc6487#section-4.4 */
-	error = validate_issuer(cert, type == TA);
+	error = validate_issuer(cert, type == CERTYPE_TA);
 	if (error)
 		return error;
 
@@ -1125,12 +1125,12 @@ certificate_get_resources(X509 *cert, struct resources *resources,
 		return __certificate_get_resources(cert, resources,
 		    NID_sbgp_ipAddrBlock, NID_sbgp_autonomousSysNum,
 		    nid_ipAddrBlocksv2(), nid_autonomousSysIdsv2(),
-		    "6484", "8360", type != BGPSEC);
+		    "6484", "8360", type != CERTYPE_BGPSEC);
 	case RPKI_POLICY_RFC8360:
 		return __certificate_get_resources(cert, resources,
 		    nid_ipAddrBlocksv2(), nid_autonomousSysIdsv2(),
 		    NID_sbgp_ipAddrBlock, NID_sbgp_autonomousSysNum,
-		    "8360", "6484", type != BGPSEC);
+		    "8360", "6484", type != CERTYPE_BGPSEC);
 	}
 
 	pr_crit("Unknown policy: %u", policy);
@@ -1796,7 +1796,7 @@ static int
 get_certificate_type(X509 *cert, bool is_ta, enum cert_type *result)
 {
 	if (is_ta) {
-		*result = TA;
+		*result = CERTYPE_TA;
 		return 0;
 	}
 
@@ -1804,17 +1804,17 @@ get_certificate_type(X509 *cert, bool is_ta, enum cert_type *result)
 		goto err;
 
 	if (X509_check_ca(cert) == 1) {
-		*result = CA;
+		*result = CERTYPE_CA;
 		return 0;
 	}
 
 	if (has_bgpsec_router_eku(cert)) {
-		*result = BGPSEC;
+		*result = CERTYPE_BGPSEC;
 		return 0;
 	}
 
 err:
-	*result = EE; /* Shuts up nonsense gcc 8.3 warning */
+	*result = CERTYPE_EE; /* Shuts up nonsense gcc 8.3 warning */
 	return pr_val_err("Certificate is not TA, CA nor BGPsec. Ignoring...");
 }
 
@@ -2118,15 +2118,15 @@ certificate_traverse(struct rpp *rpp_parent, struct rpki_uri *cert_uri)
 
 	/* Debug cert type */
 	switch (type) {
-	case TA:
+	case CERTYPE_TA:
 		break;
-	case CA:
+	case CERTYPE_CA:
 		pr_val_debug("Type: CA");
 		break;
-	case BGPSEC:
+	case CERTYPE_BGPSEC:
 		pr_val_debug("Type: BGPsec EE. Ignoring...");
 		goto revert_cert;
-	case EE:
+	case CERTYPE_EE:
 		pr_val_debug("Type: unexpected, validated as CA");
 		break;
 	}
@@ -2139,7 +2139,7 @@ certificate_traverse(struct rpp *rpp_parent, struct rpki_uri *cert_uri)
 	memset(&refs, 0, sizeof(refs));
 
 	switch (type) {
-	case TA:
+	case CERTYPE_TA:
 		error = certificate_validate_extensions_ta(cert, &sia_uris,
 		    &policy);
 		break;
diff --git a/src/object/certificate.h b/src/object/certificate.h
index d6f2e018..5412e201 100644
--- a/src/object/certificate.h
+++ b/src/object/certificate.h
@@ -12,10 +12,10 @@
 
 /* Certificate types in the RPKI */
 enum cert_type {
-	TA,		/* Trust Anchor */
-	CA,		/* Certificate Authority */
-	BGPSEC,		/* BGPsec certificates */
-	EE,		/* End Entity certificates */
+	CERTYPE_TA,		/* Trust Anchor */
+	CERTYPE_CA,		/* Certificate Authority */
+	CERTYPE_BGPSEC,		/* BGPsec certificates */
+	CERTYPE_EE,		/* End Entity certificates */
 };
 
 /**