LibTLS: Avoid unnecessary HashMap copies, improve const-correctness

Userland/Libraries/LibTLS/Certificate.cpp

@@ -794,7 +794,7 @@ ErrorOr<Certificate> Certificate::parse_certificate(ReadonlyBytes buffer, bool)
 #undef DROP_OBJECT
 #undef REWRITE_TAG
 
-ErrorOr<String> RelativeDistinguishedName::to_string()
+ErrorOr<String> RelativeDistinguishedName::to_string() const
 {
 #define ADD_IF_RECOGNIZED(identifier, shorthand_code)             \
     if (it->key == identifier) {                                  \

Userland/Libraries/LibTLS/Certificate.h

@@ -192,29 +192,29 @@ struct BasicConstraints {
 
 class RelativeDistinguishedName {
 public:
-    ErrorOr<String> to_string();
+    ErrorOr<String> to_string() const;
 
     ErrorOr<AK::HashSetResult> set(String key, String value)
     {
         return m_members.try_set(key, value);
     }
 
-    Optional<String> get(StringView key)
+    Optional<String> get(StringView key) const
     {
         return m_members.get(key);
     }
 
-    Optional<String> get(AttributeType key)
+    Optional<String> get(AttributeType key) const
     {
         return m_members.get(enum_value(key));
     }
 
-    Optional<String> get(ObjectClass key)
+    Optional<String> get(ObjectClass key) const
     {
         return m_members.get(enum_value(key));
     }
 
-    String common_name()
+    String common_name() const
     {
         auto entry = get(AttributeType::Cn);
         if (entry.has_value()) {

Userland/Libraries/LibTLS/HandshakeCertificate.cpp

@@ -78,7 +78,7 @@ ssize_t TLSv12::handle_certificate(ReadonlyBytes buffer)
 
             auto certificate = Certificate::parse_certificate(buffer.slice(res_cert, certificate_size_specific), false);
             if (!certificate.is_error()) {
-                m_context.certificates.append(certificate.value());
+                m_context.certificates.empend(certificate.value());
                 valid_certificate = true;
             } else {
                 dbgln("Failed to parse client cert: {}", certificate.error());

Userland/Libraries/LibTLS/TLSv12.cpp

@@ -231,7 +231,7 @@ static bool wildcard_matches(StringView host, StringView subject)
     return false;
 }
 
-static bool certificate_subject_matches_host(Certificate& cert, StringView host)
+static bool certificate_subject_matches_host(Certificate const& cert, StringView host)
 {
     if (wildcard_matches(host, cert.subject.common_name()))
         return true;
@@ -269,7 +269,7 @@ bool Context::verify_chain(StringView host) const
     // it in any case.
 
     if (!host.is_empty()) {
-        auto first_certificate = local_chain->first();
+        auto const& first_certificate = local_chain->first();
         auto subject_matches = certificate_subject_matches_host(first_certificate, host);
         if (!subject_matches) {
             dbgln("verify_chain: First certificate does not match the hostname");
@@ -282,7 +282,7 @@ bool Context::verify_chain(StringView host) const
     }
 
     for (size_t cert_index = 0; cert_index < local_chain->size(); ++cert_index) {
-        auto cert = local_chain->at(cert_index);
+        auto const& cert = local_chain->at(cert_index);
 
         auto subject_string = MUST(cert.subject.to_string());
         auto issuer_string = MUST(cert.issuer.to_string());
@@ -316,7 +316,7 @@ bool Context::verify_chain(StringView host) const
             return false;
         }
 
-        auto parent_certificate = local_chain->at(cert_index + 1);
+        auto const& parent_certificate = local_chain->at(cert_index + 1);
         if (issuer_string != MUST(parent_certificate.subject.to_string())) {
             dbgln("verify_chain: Next certificate in the chain is not the issuer of this certificate");
             return false;