From a238b27879229407cbb08fc4201dbe8533bf64b8 Mon Sep 17 00:00:00 2001
From: Povilas Kanapickas <povilas@radix.lt>
Date: Mon, 1 Nov 2021 02:52:49 +0200
Subject: [PATCH] gui: Simplify isCertificateValid()

---
 src/gui/src/SslCertificate.cpp | 29 +++++++++--------------------
 1 file changed, 9 insertions(+), 20 deletions(-)

diff --git a/src/gui/src/SslCertificate.cpp b/src/gui/src/SslCertificate.cpp
index a96a3e30..39c63674 100644
--- a/src/gui/src/SslCertificate.cpp
+++ b/src/gui/src/SslCertificate.cpp
@@ -17,6 +17,8 @@
 
 #include "SslCertificate.h"
 #include "common/DataDirectories.h"
+#include "base/finally.h"
+#include "io/fstream.h"
 #include "net/FingerprintDatabase.h"
 #include "net/SecureUtils.h"
 
@@ -98,39 +100,32 @@ std::string SslCertificate::getCertificateDirectory()
 bool SslCertificate::isCertificateValid(const std::string& path)
 {
     OpenSSL_add_all_algorithms();
-    ERR_load_BIO_strings();
     ERR_load_crypto_strings();
 
-    BIO* bio = BIO_new(BIO_s_file());
-
-    auto ret = BIO_read_filename(bio, path.c_str());
-    if (!ret) {
+    auto fp = barrier::fopen_utf8_path(path, "r");
+    if (!fp) {
         emit info(tr("Could not read from default certificate file."));
-        BIO_free_all(bio);
         return false;
     }
+    auto file_close = barrier::finally([fp]() { std::fclose(fp); });
 
-    X509* cert = PEM_read_bio_X509(bio, NULL, 0, NULL);
+    auto* cert = PEM_read_X509(fp, nullptr, nullptr, nullptr);
     if (!cert) {
         emit info(tr("Error loading default certificate file to memory."));
-        BIO_free_all(bio);
         return false;
     }
+    auto cert_free = barrier::finally([cert]() { X509_free(cert); });
 
-    EVP_PKEY* pubkey = X509_get_pubkey(cert);
+    auto* pubkey = X509_get_pubkey(cert);
     if (!pubkey) {
         emit info(tr("Default certificate key file does not contain valid public key"));
-        X509_free(cert);
-        BIO_free_all(bio);
         return false;
     }
+    auto pubkey_free = barrier::finally([pubkey]() { EVP_PKEY_free(pubkey); });
 
     auto type = EVP_PKEY_type(EVP_PKEY_id(pubkey));
     if (type != EVP_PKEY_RSA && type != EVP_PKEY_DSA) {
         emit info(tr("Public key in default certificate key file is not RSA or DSA"));
-        EVP_PKEY_free(pubkey);
-        X509_free(cert);
-        BIO_free_all(bio);
         return false;
     }
 
@@ -138,14 +133,8 @@ bool SslCertificate::isCertificateValid(const std::string& path)
     if (bits < 2048) {
         // We could have small keys in old barrier installations
         emit info(tr("Public key in default certificate key file is too small."));
-        EVP_PKEY_free(pubkey);
-        X509_free(cert);
-        BIO_free_all(bio);
         return false;
     }
 
-    EVP_PKEY_free(pubkey);
-    X509_free(cert);
-    BIO_free_all(bio);
     return true;
 }