Maintenance: cleanup the libsecurity API

src/security/Context.h

@@ -26,18 +26,14 @@
 namespace Security {
 
 #if USE_OPENSSL
-typedef std::shared_ptr<SSL_CTX> ContextPointer;
-
+using ContextPointer = std::shared_ptr<SSL_CTX>;
 #elif HAVE_LIBGNUTLS
-typedef std::shared_ptr<struct gnutls_certificate_credentials_st> ContextPointer;
-
+using ContextPointer = std::shared_ptr<struct gnutls_certificate_credentials_st>;
 #else
 // use void* so we can check against nullptr
-typedef std::shared_ptr<void> ContextPointer;
-
+using ContextPointer = std::shared_ptr<void>;
 #endif
 
 } // namespace Security
 
 #endif /* SQUID_SRC_SECURITY_CONTEXT_H */
-

src/security/ErrorDetail.cc

@@ -31,7 +31,7 @@
 namespace Security {
 
 // we use std::map to optimize search; TODO: Use std::unordered_map instead?
-typedef std::map<ErrorCode, const char *> ErrorCodeNames;
+using ErrorCodeNames = std::map<ErrorCode, const char *>;
 static const ErrorCodeNames TheErrorCodeNames = {
     {   SQUID_TLS_ERR_ACCEPT,
         "SQUID_TLS_ERR_ACCEPT"

src/security/ErrorDetail.h

@@ -41,7 +41,7 @@ class ErrorDetail: public ::ErrorDetail
     MEMPROXY_CLASS(Security::ErrorDetail);
 
 public:
-    typedef ErrorDetailPointer Pointer;
+    using Pointer = ErrorDetailPointer;
 
     /// Details an origin or cache_peer certificate verification failure or mismatch.
     /// \param peer is an origin server or cache_peer certificate

src/security/Handshake.cc

@@ -91,7 +91,8 @@ static const uint64_t HelloRandomSize = 32;
 class Extension
 {
 public:
-    typedef uint16_t Type;
+    using Type = uint16_t;
+
     explicit Extension(Parser::BinaryTokenizer &tk);
 
     /// whether this extension is supported by Squid and, hence, may be bumped
@@ -103,7 +104,7 @@ class Extension
 };
 
 /// Extension types optimized for fast lookups.
-typedef std::unordered_set<Extension::Type> Extensions;
+using Extensions = std::unordered_set<Extension::Type>;
 static Extensions SupportedExtensions();
 
 /// parse TLS ProtocolVersion (uint16) and convert it to AnyP::ProtocolVersion

src/security/Handshake.h

@@ -22,7 +22,8 @@ namespace Security
 class TlsDetails: public RefCountable
 {
 public:
-    typedef RefCount<TlsDetails> Pointer;
+    using Ciphers = std::unordered_set<uint16_t>;
+    using Pointer = RefCount<TlsDetails>;
 
     TlsDetails();
     /// Prints to os stream a human readable form of TlsDetails object
@@ -45,8 +46,6 @@ class TlsDetails: public RefCountable
     /// The client random number
     SBuf clientRandom;
     SBuf sessionId;
-
-    typedef std::unordered_set<uint16_t> Ciphers;
     Ciphers ciphers;
 };
 

src/security/Io.cc

@@ -19,7 +19,7 @@ namespace Security {
 template <typename Fun>
 static IoResult Handshake(Comm::Connection &, ErrorCode, Fun);
 
-typedef SessionPointer::element_type *ConnectionPointer;
+using ConnectionPointer = SessionPointer::element_type *;
 
 } // namespace Security
 

src/security/Io.h

@@ -18,7 +18,7 @@ namespace Security {
 /// a summary a TLS I/O operation outcome
 class IoResult: public RefCountable {
 public:
-    typedef RefCount<IoResult> Pointer;
+    using Pointer = RefCount<IoResult>;
 
     /// all possible outcome cases
     typedef enum { ioSuccess, ioWantRead, ioWantWrite, ioError } Category;

src/security/KeyLogger.h

@@ -15,7 +15,7 @@
 #include <iosfwd>
 
 class MasterXaction;
-typedef RefCount<MasterXaction> MasterXactionPointer;
+using MasterXactionPointer = RefCount<MasterXaction>;
 
 namespace Security {
 

src/security/LockingPointer.h

@@ -34,7 +34,7 @@ namespace Security
 {
 
 inline bool nilFunction(const void *) { return false; }
-typedef HardFun<bool, const void *, nilFunction> NilFunctor;
+using NilFunctor = HardFun<bool, const void *, nilFunction>;
 
 /**
  * A shared pointer to a reference-counting Object with library-specific
@@ -51,7 +51,7 @@ class LockingPointer
 {
 public:
     /// a helper label to simplify this objects API definitions below
-    typedef Security::LockingPointer<T, UnLocker, Locker> SelfType;
+    using SelfType = Security::LockingPointer<T, UnLocker, Locker>;
 
     /// constructs a nil smart pointer
     constexpr LockingPointer(): raw(nullptr) {}

src/security/PeerConnector.cc

@@ -53,7 +53,7 @@ Security::PeerConnector::PeerConnector(const Comm::ConnectionPointer &aServerCon
     // watch for external connection closures
     Must(Comm::IsConnOpen(serverConn));
     Must(!fd_table[serverConn->fd].closing());
-    typedef CommCbMemFunT<Security::PeerConnector, CommCloseCbParams> Dialer;
+    using Dialer = CommCbMemFunT<Security::PeerConnector, CommCloseCbParams>;
     closeHandler = JobCallback(9, 5, Dialer, this, Security::PeerConnector::commCloseHandler);
     comm_add_close_handler(serverConn->fd, closeHandler);
 }
@@ -395,16 +395,15 @@ Security::PeerConnector::sslCrtvdCheckForErrors(Ssl::CertValidationResponse cons
     }
 
     Security::CertErrors *errs = nullptr;
-    typedef Ssl::CertValidationResponse::RecvdErrors::const_iterator SVCRECI;
-    for (SVCRECI i = resp.errors.begin(); i != resp.errors.end(); ++i) {
-        debugs(83, 7, "Error item: " << i->error_no << " " << i->error_reason);
+    for (const auto &itr : resp.errors) {
+        debugs(83, 7, "Error item: " << itr.error_no << " " << itr.error_reason);
 
-        assert(i->error_no != SSL_ERROR_NONE);
+        assert(itr.error_no != SSL_ERROR_NONE);
 
         if (!errDetails) {
             bool allowed = false;
             if (check) {
-                const auto sslErrors = std::make_unique<Security::CertErrors>(Security::CertError(i->error_no, i->cert, i->error_depth));
+                const auto sslErrors = std::make_unique<Security::CertErrors>(Security::CertError(itr.error_no, itr.cert, itr.error_depth));
                 check->sslErrors = sslErrors.get();
                 if (check->fastCheck().allowed())
                     allowed = true;
@@ -414,26 +413,26 @@ Security::PeerConnector::sslCrtvdCheckForErrors(Ssl::CertValidationResponse cons
             // and the first error will cause the error page
 
             if (allowed) {
-                debugs(83, 3, "bypassing SSL error " << i->error_no << " in " << "buffer");
+                debugs(83, 3, "bypassing SSL error " << itr.error_no << " in " << "buffer");
             } else {
-                debugs(83, 5, "confirming SSL error " << i->error_no);
+                debugs(83, 5, "confirming SSL error " << itr.error_no);
                 Security::CertPointer peerCert(SSL_get_peer_certificate(session.get()));
 
                 // Features/SslServerCertValidator docs do not specify whether
                 // error_cert_ID is an optional helper response field. For now,
                 // to preserve initial implementation behavior, we assume that
                 // it is optional and that it defaults to peerCert.
-                const auto &brokenCert = i->cert ? i->cert : peerCert;
+                const auto &brokenCert = itr.cert ? itr.cert : peerCert;
 
-                const char *aReason = i->error_reason.empty() ? nullptr : i->error_reason.c_str();
-                errDetails = new ErrorDetail(i->error_no, peerCert, brokenCert, aReason);
+                const char *aReason = itr.error_reason.empty() ? nullptr : itr.error_reason.c_str();
+                errDetails = new ErrorDetail(itr.error_no, peerCert, brokenCert, aReason);
             }
         }
 
         if (!errs)
-            errs = new Security::CertErrors(Security::CertError(i->error_no, i->cert, i->error_depth));
+            errs = new Security::CertErrors(Security::CertError(itr.error_no, itr.cert, itr.error_depth));
         else
-            errs->push_back_unique(Security::CertError(i->error_no, i->cert, i->error_depth));
+            errs->push_back_unique(Security::CertError(itr.error_no, itr.cert, itr.error_depth));
     }
 
     return errs;
@@ -467,9 +466,8 @@ Security::PeerConnector::noteWantRead()
     const int fd = serverConnection()->fd;
 
     // read timeout to avoid getting stuck while reading from a silent server
-    typedef CommCbMemFunT<Security::PeerConnector, CommTimeoutCbParams> TimeoutDialer;
-    AsyncCall::Pointer timeoutCall = JobCallback(83, 5,
-                                     TimeoutDialer, this, Security::PeerConnector::commTimeoutHandler);
+    using TimeoutDialer = CommCbMemFunT<Security::PeerConnector, CommTimeoutCbParams>;
+    AsyncCall::Pointer timeoutCall = JobCallback(83, 5, TimeoutDialer, this, Security::PeerConnector::commTimeoutHandler);
     const auto timeout = Comm::MortalReadTimeout(startTime, negotiationTimeout);
     commSetConnTimeout(serverConnection(), timeout, timeoutCall);
 

src/security/PeerConnector.h

@@ -29,7 +29,7 @@
 class Downloader;
 class DownloaderAnswer;
 class AccessLogEntry;
-typedef RefCount<AccessLogEntry> AccessLogEntryPointer;
+using AccessLogEntryPointer = RefCount<AccessLogEntry>;
 
 namespace Security
 {

src/security/PeerOptions.cc

@@ -601,7 +601,7 @@ Security::PeerOptions::parseFlags()
         SSL_FLAG_DONT_VERIFY_PEER|
         SSL_FLAG_DELAYED_AUTH|
         SSL_FLAG_CONDITIONAL_AUTH;
-    typedef std::bitset<sizeof(decltype(fl))> ParsedPortFlagBits;
+    using ParsedPortFlagBits = std::bitset<sizeof(decltype(fl))>;
     if (ParsedPortFlagBits(fl & mutuallyExclusive).count() > 1) {
         if (fl & SSL_FLAG_CONDITIONAL_AUTH)
             throw TextException("CONDITIONAL_AUTH is not compatible with NO_DEFAULT_CA and DELAYED_AUTH flags", Here());

src/security/ServerOptions.h

@@ -27,7 +27,7 @@ class ServerOptions : public PeerOptions
 public:
 #if USE_OPENSSL
     sk_dtor_wrapper(sk_X509_NAME, STACK_OF(X509_NAME) *, X509_NAME_free);
-    typedef std::unique_ptr<STACK_OF(X509_NAME), Security::ServerOptions::sk_X509_NAME_free_wrapper> X509_NAME_STACK_Pointer;
+    using X509_NAME_STACK_Pointer = std::unique_ptr<STACK_OF(X509_NAME), Security::ServerOptions::sk_X509_NAME_free_wrapper>;
 #endif
 
     ServerOptions() : PeerOptions() {

src/security/Session.h

@@ -46,36 +46,26 @@ class PeerOptions;
 bool CreateServerSession(const Security::ContextPointer &, const Comm::ConnectionPointer &, Security::PeerOptions &, const char *squidCtx);
 
 #if USE_OPENSSL
-typedef SSL Connection;
-
+using Connection = SSL;
 using Session = SSL_SESSION;
-
-typedef std::shared_ptr<SSL> SessionPointer;
-
-typedef std::unique_ptr<SSL_SESSION, HardFun<void, SSL_SESSION*, &SSL_SESSION_free>> SessionStatePointer;
+using SessionPointer = std::shared_ptr<Connection>;
+using SessionStatePointer = std::unique_ptr<Session, HardFun<void, Session*, &SSL_SESSION_free>>;
 
 #elif HAVE_LIBGNUTLS
-// to be finalized when it is actually needed/used
-struct Connection {};
-
-// to be finalized when it is actually needed/used
-struct Session {};
+struct Connection {}; // to be finalized when it is actually needed/used
+struct Session {}; // to be finalized when it is actually needed/used
 
-typedef std::shared_ptr<struct gnutls_session_int> SessionPointer;
+using SessionPointer = std::shared_ptr<struct gnutls_session_int>;
 
 // wrapper function to get around gnutls_free being a typedef
 inline void squid_gnutls_free(void *d) {gnutls_free(d);}
-typedef std::unique_ptr<gnutls_datum_t, HardFun<void, void*, &Security::squid_gnutls_free>> SessionStatePointer;
+using SessionStatePointer = std::unique_ptr<gnutls_datum_t, HardFun<void, void*, &Security::squid_gnutls_free>>;
 
 #else
-typedef std::nullptr_t Connection;
-
+using Connection = std::nullptr_t;
 struct Session {};
-
-typedef std::shared_ptr<void> SessionPointer;
-
-typedef std::unique_ptr<int> SessionStatePointer;
-
+using SessionPointer = std::shared_ptr<void>;
+using SessionStatePointer = std::unique_ptr<int>;
 #endif
 
 /// send the shutdown/bye notice for an active TLS session.