#
#
# patch "cert.cc"
#  from [45be1c684bf6e80c36e984f15d0878ab0a0c6b07]
#    to [04f0ac834fe7b9f37cad403179372049bb60abf8]
# 
# patch "cert.hh"
#  from [1c586eeb49d9897d1433babc355a6e771dfbcd9a]
#    to [b49be5a67073dafca0c1311ae4361d9ad9097e56]
# 
# patch "database.cc"
#  from [fdcf5835f73d6f9a7a94fd3da4db9c9555a15ff2]
#    to [901116b8a8dcc0743ea5c1318089be1a181eeb30]
# 
# patch "database.hh"
#  from [ea278da7a22de0dc196bd7ae8285d2de3dc4b1c7]
#    to [deb173f296a5e4c7908f32ea40de2a985a7a8d78]
# 
# patch "database_check.cc"
#  from [ac24fbc342afb2b6d3b9f69bc3da2d3ce054c56e]
#    to [c3594aac68156411edfe0779e28f14655a198bf7]
# 
# patch "netsync.cc"
#  from [ecd3ca4123c4fdeaad74b808975209224fda1c00]
#    to [a9f111f42f151d3c382caec6e1384ebe35ca6991]
# 
# patch "project.cc"
#  from [3d508847354c1ab041a70ad04a994d8492f4c6a1]
#    to [a849cb079e798aecd8cf5620dcf21fb8ea1aa076]
#
============================================================
--- cert.cc	45be1c684bf6e80c36e984f15d0878ab0a0c6b07
+++ cert.cc	04f0ac834fe7b9f37cad403179372049bb60abf8
@@ -29,18 +29,6 @@ template class manifest<cert>;
 template class revision<cert>;
 template class manifest<cert>;
 
-// cert-managing routines
-cert::cert(std::string const & s)
-{
-  read_cert(s, *this);
-}
-
-cert::cert(std::string const & s, origin::type m)
-  : origin_aware(m)
-{
-  read_cert(s, *this);
-}
-
 bool
 cert::operator<(cert const & other) const
 {
@@ -67,7 +55,7 @@ cert::operator==(cert const & other) con
 
 // netio support
 
-void
+static void
 read_cert(string const & in, cert & t)
 {
   size_t pos = 0;
@@ -92,42 +80,53 @@ read_cert(string const & in, cert & t)
            rsa_sha1_signature(sig, origin::network));
 
   id check;
-  cert_hash_code(tmp, check);
+  tmp.hash_code(check);
   if (!(check == hash))
     throw bad_decode(F("calculated cert hash '%s' does not match '%s'")
                      % check % hash);
   t = tmp;
 }
 
+cert::cert(std::string const & s)
+{
+  read_cert(s, *this);
+}
+
+cert::cert(std::string const & s, origin::type m)
+  : origin_aware(m)
+{
+  read_cert(s, *this);
+}
+
 void
-write_cert(cert const & t, string & out)
+cert::marshal_for_netio(string & out) const
 {
   string name, key;
   id hash;
 
-  cert_hash_code(t, hash);
+  hash_code(hash);
 
   out.append(hash());
-  out.append(t.ident.inner()());
-  insert_variable_length_string(t.name(), out);
-  insert_variable_length_string(t.value(), out);
-  insert_variable_length_string(t.key(), out);
-  insert_variable_length_string(t.sig(), out);
+  out.append(this->ident.inner()());
+  insert_variable_length_string(this->name(), out);
+  insert_variable_length_string(this->value(), out);
+  insert_variable_length_string(this->key(), out);
+  insert_variable_length_string(this->sig(), out);
 }
 
 void
-cert_signable_text(cert const & t, string & out)
+cert::signable_text(string & out) const
 {
-  base64<cert_value> val_encoded(encode_base64(t.value));
-  string ident_encoded(encode_hexenc(t.ident.inner()(),
-                                     t.ident.inner().made_from));
+  base64<cert_value> val_encoded(encode_base64(this->value));
+  string ident_encoded(encode_hexenc(this->ident.inner()(),
+                                     this->ident.inner().made_from));
 
   out.clear();
-  out.reserve(4 + t.name().size() + ident_encoded.size()
+  out.reserve(4 + this->name().size() + ident_encoded.size()
               + val_encoded().size());
 
   out += '[';
-  out.append(t.name());
+  out.append(this->name());
   out += '@';
   out.append(ident_encoded);
   out += ':';
@@ -138,23 +137,23 @@ void
 }
 
 void
-cert_hash_code(cert const & t, id & out)
+cert::hash_code(id & out) const
 {
-  base64<rsa_sha1_signature> sig_encoded(encode_base64(t.sig));
-  base64<cert_value> val_encoded(encode_base64(t.value));
-  string ident_encoded(encode_hexenc(t.ident.inner()(),
-                                     t.ident.inner().made_from));
+  base64<rsa_sha1_signature> sig_encoded(encode_base64(this->sig));
+  base64<cert_value> val_encoded(encode_base64(this->value));
+  string ident_encoded(encode_hexenc(this->ident.inner()(),
+                                     this->ident.inner().made_from));
   string tmp;
   tmp.reserve(4 + ident_encoded.size()
-              + t.name().size() + val_encoded().size()
-              + t.key().size() + sig_encoded().size());
+              + this->name().size() + val_encoded().size()
+              + this->key().size() + sig_encoded().size());
   tmp.append(ident_encoded);
   tmp += ':';
-  tmp.append(t.name());
+  tmp.append(this->name());
   tmp += ':';
   append_without_ws(tmp, val_encoded());
   tmp += ':';
-  tmp.append(t.key());
+  tmp.append(this->key());
   tmp += ':';
   append_without_ws(tmp, sig_encoded());
 
============================================================
--- cert.hh	1c586eeb49d9897d1433babc355a6e771dfbcd9a
+++ cert.hh	b49be5a67073dafca0c1311ae4361d9ad9097e56
@@ -47,23 +47,18 @@ struct cert : public origin_aware
   cert_value value;
   rsa_keypair_id key;
   rsa_sha1_signature sig;
+
   bool operator<(cert const & other) const;
   bool operator==(cert const & other) const;
+
+  void hash_code(id & out) const;
+  void signable_text(std::string & out) const;
+  void marshal_for_netio(std::string & out) const;
 };
 
 EXTERN template class revision<cert>;
 EXTERN template class manifest<cert>;
 
-
-// These 3 are for netio support.
-void read_cert(std::string const & in, cert & t);
-void write_cert(cert const & t, std::string & out);
-void cert_hash_code(cert const & t, id & out);
-
-typedef enum {cert_ok, cert_bad, cert_unknown} cert_status;
-
-void cert_signable_text(cert const & t,std::string & out);
-
 #endif // __CERT_HH__
 
 // Local Variables:
============================================================
--- database.cc	fdcf5835f73d6f9a7a94fd3da4db9c9555a15ff2
+++ database.cc	901116b8a8dcc0743ea5c1318089be1a181eeb30
@@ -3039,7 +3039,7 @@ database::check_cert(cert const & t)
 database::check_cert(cert const & t)
 {
   string signed_text;
-  cert_signable_text(t, signed_text);
+  t.signable_text(signed_text);
   return check_signature(t.key, signed_text, t.sig);
 }
 
@@ -3072,7 +3072,7 @@ database_impl::put_cert(cert const & t,
                         string const & table)
 {
   id thash;
-  cert_hash_code(t, thash);
+  t.hash_code(thash);
   rsa_sha1_signature sig;
 
   string insert = "INSERT INTO " + table + " VALUES(?, ?, ?, ?, ?, ?)";
@@ -3436,7 +3436,7 @@ namespace {
       else if (status == cert_bad)
         {
           string txt;
-          cert_signable_text(c, txt);
+          c.signable_text(txt);
           W(F("ignoring bad signature by '%s' on '%s'") % c.key() % txt);
           return true;
         }
@@ -3444,7 +3444,7 @@ namespace {
         {
           I(status == cert_unknown);
           string txt;
-          cert_signable_text(c, txt);
+          c.signable_text(txt);
           W(F("ignoring unknown signature by '%s' on '%s'") % c.key() % txt);
           return true;
         }
============================================================
--- database.hh	ea278da7a22de0dc196bd7ae8285d2de3dc4b1c7
+++ database.hh	deb173f296a5e4c7908f32ea40de2a985a7a8d78
@@ -28,6 +28,7 @@ typedef std::pair<var_domain, var_name> 
 class lazy_rng;
 
 typedef std::pair<var_domain, var_name> var_key;
+typedef enum {cert_ok, cert_bad, cert_unknown} cert_status;
 
 // this file defines a public, typed interface to the database.
 // the database class encapsulates all knowledge about sqlite,
============================================================
--- database_check.cc	ac24fbc342afb2b6d3b9f69bc3da2d3ce054c56e
+++ database_check.cc	c3594aac68156411edfe0779e28f14655a198bf7
@@ -476,7 +476,7 @@ check_certs(database & db,
       if (checked.found_key)
         {
           string signed_text;
-          cert_signable_text(i->inner(), signed_text);
+          i->inner().signable_text(signed_text);
           checked.good_sig
             = (db.check_signature(i->inner().key,
                                   signed_text, i->inner().sig) == cert_ok);
============================================================
--- netsync.cc	ecd3ca4123c4fdeaad74b808975209224fda1c00
+++ netsync.cc	a9f111f42f151d3c382caec6e1384ebe35ca6991
@@ -1070,7 +1070,7 @@ session::note_cert(id const & c)
   revision<cert> cert;
   string str;
   project.db.get_revision_cert(c, cert);
-  write_cert(cert.inner(), str);
+  cert.inner().marshal_for_netio(str);
   queue_data_cmd(cert_item, c, str);
   sent_certs.push_back(cert.inner());
 }
@@ -2209,7 +2209,7 @@ session::load_data(netcmd_item_type type
         revision<cert> c;
         project.db.get_revision_cert(item, c);
         string tmp;
-        write_cert(c.inner(), out);
+        c.inner().marshal_for_netio(out);
       }
       break;
     }
@@ -2303,10 +2303,9 @@ session::process_data_cmd(netcmd_item_ty
 
     case cert_item:
       {
-        cert c;
-        read_cert(dat, c);
+        cert c(dat);
         id tmp;
-        cert_hash_code(c, tmp);
+        c.hash_code(tmp);
         if (! (tmp == item))
           throw bad_decode(F("hash check failed for revision cert '%s'") % hitem());
         if (project.db.put_revision_cert(revision<cert>(c)))
@@ -3360,7 +3359,7 @@ session::rebuild_merkle_trees(set<branch
                                 revision_ids, revisions_ticker);
             // Branch certs go in here, others later on.
             id item;
-            cert_hash_code(j->inner(), item);
+            j->inner().hash_code(item);
             cert_refiner.note_local_item(item);
             rev_enumerator.note_cert(rid, item);
             if (inserted_keys.find(j->inner().key) == inserted_keys.end())
============================================================
--- project.cc	3d508847354c1ab041a70ad04a994d8492f4c6a1
+++ project.cc	a849cb079e798aecd8cf5620dcf21fb8ea1aa076
@@ -385,7 +385,7 @@ project_t::put_cert(key_store & keys,
 
   cert t(id, name, value, keys.signing_key);
   string signed_text;
-  cert_signable_text(t, signed_text);
+  t.signable_text(signed_text);
   load_key_pair(keys, t.key);
   keys.make_signature(db, t.key, signed_text, t.sig);