Add thumbprint support in XCertificate.

Issue number: Submitted by: Reviewed by:
2004-07-15 07:12:10 +00:00
parent 9e997f79d0
commit ff5c6eb43f
12 changed files with 136 additions and 67 deletions
--- a/xmlsecurity/inc/xmlsecurity/sigstruct.hxx
+++ b/xmlsecurity/inc/xmlsecurity/sigstruct.hxx
@@ -2,9 +2,9 @@
 *
 *  $RCSfile: sigstruct.hxx,v $
 *
- *  $Revision: 1.1.1.1 $
+ *  $Revision: 1.2 $
 *
- *  last change: $Author: mt $ $Date: 2004-07-12 13:15:20 $
+ *  last change: $Author: mmi $ $Date: 2004-07-15 08:12:08 $
 *
 *  The Contents of this file are made available subject to the terms of
 *  either of the following licenses
@@ -78,6 +78,13 @@
 #define STATUS_VERIFY_SUCCEED       3
 #define STATUS_VERIFY_FAIL      4

+/*
+ * type of reference
+ */
+#define TYPE_SAMEDOCUMENT_REFERENCE 1
+#define TYPE_BINARYSTREAM_REFERENCE 2
+#define TYPE_XMLSTREAM_REFERENCE    3
+
 struct SignatureReferenceInformation
 {
    sal_Int32       nType;
--- a/xmlsecurity/source/helper/xsecctl.cxx
+++ b/xmlsecurity/source/helper/xsecctl.cxx
@@ -2,9 +2,9 @@
 *
 *  $RCSfile: xsecctl.cxx,v $
 *
- *  $Revision: 1.1.1.1 $
+ *  $Revision: 1.2 $
 *
- *  last change: $Author: mt $ $Date: 2004-07-12 13:15:22 $
+ *  last change: $Author: mmi $ $Date: 2004-07-15 08:12:08 $
 *
 *  The Contents of this file are made available subject to the terms of
 *  either of the following licenses
@@ -1018,7 +1018,7 @@ void XSecController::exportSignature(
                const SignatureReferenceInformation& refInfor = vReferenceInfors[j];

                pAttributeList = new SvXMLAttributeList();
-                if ( refInfor.nType != 1 )
+                if ( refInfor.nType != TYPE_SAMEDOCUMENT_REFERENCE )
                /*
                 * stream reference
                 */
@@ -1040,7 +1040,7 @@ void XSecController::exportSignature(
                xDocumentHandler->startElement( tag_Reference, cssu::Reference< cssxs::XAttributeList > (pAttributeList) );
                {
                    /* Write Transforms element */
-                    if (refInfor.nType == 3)
+                    if (refInfor.nType == TYPE_XMLSTREAM_REFERENCE)
                    /*
                     * xml stream, so c14n transform is needed
                     */
--- a/xmlsecurity/source/helper/xsecsign.cxx
+++ b/xmlsecurity/source/helper/xsecsign.cxx
@@ -2,9 +2,9 @@
 *
 *  $RCSfile: xsecsign.cxx,v $
 *
- *  $Revision: 1.2 $
+ *  $Revision: 1.3 $
 *
- *  last change: $Author: mt $ $Date: 2004-07-14 11:05:46 $
+ *  last change: $Author: mmi $ $Date: 2004-07-15 08:12:09 $
 *
 *  The Contents of this file are made available subject to the terms of
 *  either of the following licenses
@@ -207,7 +207,7 @@ cssu::Reference< cssxc::sax::XReferenceResolvedListener > XSecController::prepar
    {
        internalSignatureInfor.signatureInfor.ouSignatureId = createId();
        internalSignatureInfor.signatureInfor.ouPropertyId = createId();
-        internalSignatureInfor.addReference(1, internalSignatureInfor.signatureInfor.ouPropertyId, -1 );
+        internalSignatureInfor.addReference(TYPE_SAMEDOCUMENT_REFERENCE, internalSignatureInfor.signatureInfor.ouPropertyId, -1 );
        size++;
    }

@@ -245,19 +245,19 @@ void XSecController::collectToSign( sal_Int32 securityId, const rtl::OUString& r
        if ( index == -1 )
        {
            InternalSignatureInformation isi(securityId, NULL);
-            isi.addReference(1, referenceId, nKeeperId );
+            isi.addReference(TYPE_SAMEDOCUMENT_REFERENCE, referenceId, nKeeperId );
            m_vInternalSignatureInformations.push_back( isi );
        }
        else
        {
-            m_vInternalSignatureInformations[index].addReference(1, referenceId, nKeeperId );
+            m_vInternalSignatureInformations[index].addReference(TYPE_SAMEDOCUMENT_REFERENCE, referenceId, nKeeperId );
        }
    }
 }

 void XSecController::signAStream( sal_Int32 securityId, const rtl::OUString& uri, const rtl::OUString& objectURL, sal_Bool isBinary)
 {
-        sal_Int32 type = ((isBinary==sal_True)?2:3);
+        sal_Int32 type = ((isBinary==sal_True)?TYPE_BINARYSTREAM_REFERENCE:TYPE_XMLSTREAM_REFERENCE);

    int index = findSignatureInfor( securityId );

--- a/xmlsecurity/source/helper/xsecverify.cxx
+++ b/xmlsecurity/source/helper/xsecverify.cxx
@@ -2,9 +2,9 @@
 *
 *  $RCSfile: xsecverify.cxx,v $
 *
- *  $Revision: 1.1.1.1 $
+ *  $Revision: 1.2 $
 *
- *  last change: $Author: mt $ $Date: 2004-07-12 13:15:22 $
+ *  last change: $Author: mmi $ $Date: 2004-07-15 08:12:09 $
 *
 *  The Contents of this file are made available subject to the terms of
 *  either of the following licenses
@@ -156,14 +156,14 @@ void XSecController::addSignature()
 void XSecController::addReference( const rtl::OUString& ouUri)
 {
    InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1];
-    isi.addReference(1,ouUri, -1 );
+    isi.addReference(TYPE_SAMEDOCUMENT_REFERENCE,ouUri, -1 );
 }

 void XSecController::addStreamReference(
    const rtl::OUString& ouUri,
    bool isBinary )
 {
-        sal_Int32 type = (isBinary?2:3);
+        sal_Int32 type = (isBinary?TYPE_BINARYSTREAM_REFERENCE:TYPE_XMLSTREAM_REFERENCE);

    InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1];

@@ -199,7 +199,7 @@ void XSecController::setReferenceCount() const

        for(int i=0 ; i<refNum; ++i)
        {
-            if (refInfors[i].nType == 1 )
+            if (refInfors[i].nType == TYPE_SAMEDOCUMENT_REFERENCE )
            /*
             * same-document reference
             */
--- a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx
@@ -2,9 +2,9 @@
 *
 *  $RCSfile: x509certificate_mscryptimpl.cxx,v $
 *
- *  $Revision: 1.3 $
+ *  $Revision: 1.4 $
 *
- *  last change: $Author: mmi $ $Date: 2004-07-14 10:28:28 $
+ *  last change: $Author: mmi $ $Date: 2004-07-15 08:12:09 $
 *
 *  The Contents of this file are made available subject to the terms of
 *  either of the following licenses
@@ -410,6 +410,27 @@ X509Certificate_MSCryptImpl* X509Certificate_MSCryptImpl :: getImplementation( c
    return OUString() ;
 }

+::com::sun::star::uno::Sequence< sal_Int8 > getThumbprint(const CERT_CONTEXT* pCertContext, DWORD dwPropId)
+{
+    if( pCertContext != NULL )
+    {
+        DWORD cbData;
+        unsigned char fingerprint[20];
+        if (CertGetCertificateContextProperty(pCertContext, dwPropId, (void*)fingerprint, &cbData))
+        {
+            Sequence< sal_Int8 > thumbprint( cbData ) ;
+            for( unsigned int i = 0 ; i < cbData ; i ++ )
+            {
+                thumbprint[i] = fingerprint[i];
+            }
+
+            return thumbprint;
+        }
+    }
+
+    return NULL;
+}
+
 ::rtl::OUString SAL_CALL X509Certificate_MSCryptImpl::getSubjectPublicKeyAlgorithm()
    throw ( ::com::sun::star::uno::RuntimeException)
 {
@@ -459,19 +480,16 @@ X509Certificate_MSCryptImpl* X509Certificate_MSCryptImpl :: getImplementation( c
    }
 }

-::rtl::OUString SAL_CALL X509Certificate_MSCryptImpl::getThumbprintAlgorithm()
+::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl::getSHA1Thumbprint()
    throw ( ::com::sun::star::uno::RuntimeException)
 {
-    //MM : dummy
-    return OUString();
+    return getThumbprint(m_pCertContext, CERT_SHA1_HASH_PROP_ID);
 }

-::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl::getThumbprint()
+::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl::getMD5Thumbprint()
    throw ( ::com::sun::star::uno::RuntimeException)
 {
-    //MM : dummy
-    return NULL ;
+    return getThumbprint(m_pCertContext, CERT_MD5_HASH_PROP_ID);
 }
-
 // MM : end

--- a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.hxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.hxx
@@ -2,9 +2,9 @@
 *
 *  $RCSfile: x509certificate_mscryptimpl.hxx,v $
 *
- *  $Revision: 1.2 $
+ *  $Revision: 1.3 $
 *
- *  last change: $Author: mmi $ $Date: 2004-07-14 08:12:26 $
+ *  last change: $Author: mmi $ $Date: 2004-07-15 08:12:09 $
 *
 *  The Contents of this file are made available subject to the terms of
 *  either of the following licenses
@@ -141,14 +141,13 @@ class X509Certificate_MSCryptImpl : public ::cppu::WeakImplHelper2<
        virtual ::rtl::OUString SAL_CALL getSignatureAlgorithm()
            throw ( ::com::sun::star::uno::RuntimeException) ;

-        virtual ::rtl::OUString SAL_CALL getThumbprintAlgorithm()
+        virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getSHA1Thumbprint()
            throw ( ::com::sun::star::uno::RuntimeException) ;

-        virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getThumbprint()
+        virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getMD5Thumbprint()
            throw ( ::com::sun::star::uno::RuntimeException) ;
        // MM : end

-
        //Methods from XUnoTunnel
        virtual sal_Int64 SAL_CALL getSomething( const ::com::sun::star::uno::Sequence< sal_Int8 >& aIdentifier ) throw (com::sun::star::uno::RuntimeException);

--- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
@@ -2,9 +2,9 @@
 *
 *  $RCSfile: x509certificate_nssimpl.cxx,v $
 *
- *  $Revision: 1.2 $
+ *  $Revision: 1.3 $
 *
- *  last change: $Author: mmi $ $Date: 2004-07-14 08:12:26 $
+ *  last change: $Author: mmi $ $Date: 2004-07-15 08:12:09 $
 *
 *  The Contents of this file are made available subject to the terms of
 *  either of the following licenses
@@ -80,7 +80,9 @@
 #include "secder.h"

 //MM : added by MM
+#include "hasht.h"
 #include "secoid.h"
+#include "pk11func.h"
 //MM : end


@@ -374,6 +376,36 @@ X509Certificate_NssImpl* X509Certificate_NssImpl :: getImplementation( const Ref
    return rtl::OUString::createFromAscii( pDesc ) ;
 }

+::com::sun::star::uno::Sequence< sal_Int8 > getThumbprint(CERTCertificate *pCert, SECOidTag id)
+{
+    if( pCert != NULL )
+    {
+        unsigned char fingerprint[20];
+        char *fpStr = NULL;
+        SECItem fpItem;
+        int length = ((id == SEC_OID_MD5)?MD5_LENGTH:SHA1_LENGTH);
+
+        memset(fingerprint, 0, sizeof fingerprint);
+        PK11_HashBuf(id, fingerprint, pCert->derCert.data, pCert->derCert.len);
+        fpItem.data = fingerprint;
+        fpItem.len = length;
+        fpStr = CERT_Hexify(&fpItem, 1);
+
+        Sequence< sal_Int8 > thumbprint( length ) ;
+        for( int i = 0 ; i < length ; i ++ )
+        {
+            thumbprint[i] = fingerprint[i];
+        }
+
+        PORT_Free(fpStr);
+        return thumbprint;
+    }
+    else
+    {
+        return NULL;
+    }
+}
+
 ::rtl::OUString SAL_CALL X509Certificate_NssImpl::getSubjectPublicKeyAlgorithm()
    throw ( ::com::sun::star::uno::RuntimeException)
 {
@@ -423,19 +455,16 @@ X509Certificate_NssImpl* X509Certificate_NssImpl :: getImplementation( const Ref
    }
 }

-::rtl::OUString SAL_CALL X509Certificate_NssImpl::getThumbprintAlgorithm()
+::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getSHA1Thumbprint()
    throw ( ::com::sun::star::uno::RuntimeException)
 {
-    //MM : dummy
-    return OUString();
+    return getThumbprint(m_pCert, SEC_OID_SHA1);
 }

-::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getThumbprint()
+::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getMD5Thumbprint()
    throw ( ::com::sun::star::uno::RuntimeException)
 {
-    //MM : dummy
-    return NULL ;
+    return getThumbprint(m_pCert, SEC_OID_MD5);
 }
-
 // MM : end

--- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx
+++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx
@@ -2,9 +2,9 @@
 *
 *  $RCSfile: x509certificate_nssimpl.hxx,v $
 *
- *  $Revision: 1.2 $
+ *  $Revision: 1.3 $
 *
- *  last change: $Author: mmi $ $Date: 2004-07-14 08:12:26 $
+ *  last change: $Author: mmi $ $Date: 2004-07-15 08:12:10 $
 *
 *  The Contents of this file are made available subject to the terms of
 *  either of the following licenses
@@ -140,10 +140,10 @@ class X509Certificate_NssImpl : public ::cppu::WeakImplHelper2<
        virtual ::rtl::OUString SAL_CALL getSignatureAlgorithm()
            throw ( ::com::sun::star::uno::RuntimeException) ;

-        virtual ::rtl::OUString SAL_CALL getThumbprintAlgorithm()
+        virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getSHA1Thumbprint()
            throw ( ::com::sun::star::uno::RuntimeException) ;

-        virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getThumbprint()
+        virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getMD5Thumbprint()
            throw ( ::com::sun::star::uno::RuntimeException) ;
        // MM : end

--- a/xmlsecurity/tools/demo/multisigdemo.cxx
+++ b/xmlsecurity/tools/demo/multisigdemo.cxx
@@ -2,9 +2,9 @@
 *
 *  $RCSfile: multisigdemo.cxx,v $
 *
- *  $Revision: 1.1.1.1 $
+ *  $Revision: 1.2 $
 *
- *  last change: $Author: mt $ $Date: 2004-07-12 13:15:30 $
+ *  last change: $Author: mmi $ $Date: 2004-07-15 08:12:10 $
 *
 *  The Contents of this file are made available subject to the terms of
 *  either of the following licenses
@@ -184,7 +184,7 @@ int SAL_CALL main( int argc, char **argv )
    /*
     * creates signature
     */
-    bDone = aSignatureHelper.CreateAndWriteSignatue( xOutputStream );
+    bDone = aSignatureHelper.CreateAndWriteSignature( xOutputStream );
    if ( !bDone )
    {
        fprintf( stderr, "Error creating Signature!\n" );
@@ -216,7 +216,7 @@ int SAL_CALL main( int argc, char **argv )
    xLockBytes = new SvLockBytes( pStream, TRUE );
    xInputStream = new utl::OInputStreamHelper( xLockBytes, nBytes );

-    bDone = aSignatureHelper.ReadAndVerifySignatue( xInputStream );
+    bDone = aSignatureHelper.ReadAndVerifySignature( xInputStream );
    xInputStream->closeInput();

    if ( !bDone )
@@ -269,7 +269,7 @@ int SAL_CALL main( int argc, char **argv )
    xDocumentHandler = aSignatureHelper.CreateDocumentHandlerWithHeader( xOutputStream);

    aSignatureHelper.ExportSignature( xDocumentHandler, signatureInformations[0]);
-    bDone = aSignatureHelper.CreateAndWriteSignatue( xDocumentHandler );
+    bDone = aSignatureHelper.CreateAndWriteSignature( xDocumentHandler );
    aSignatureHelper.ExportSignature( xDocumentHandler, signatureInformations[1]);
    aSignatureHelper.CloseDocumentHandler( xDocumentHandler);

@@ -297,7 +297,7 @@ int SAL_CALL main( int argc, char **argv )
    xLockBytes = new SvLockBytes( pStream, TRUE );
    xInputStream = new utl::OInputStreamHelper( xLockBytes, nBytes );

-    bDone = aSignatureHelper.ReadAndVerifySignatue( xInputStream );
+    bDone = aSignatureHelper.ReadAndVerifySignature( xInputStream );
    xInputStream->closeInput();

    if ( !bDone )
@@ -328,7 +328,7 @@ int SAL_CALL main( int argc, char **argv )
    xLockBytes = new SvLockBytes( pStream, TRUE );
    xInputStream = new utl::OInputStreamHelper( xLockBytes, nBytes );

-    bDone = aSignatureHelper.ReadAndVerifySignatue( xInputStream );
+    bDone = aSignatureHelper.ReadAndVerifySignature( xInputStream );
    xInputStream->closeInput();

    if ( !bDone )
--- a/xmlsecurity/tools/demo/signdemo.cxx
+++ b/xmlsecurity/tools/demo/signdemo.cxx
@@ -2,9 +2,9 @@
 *
 *  $RCSfile: signdemo.cxx,v $
 *
- *  $Revision: 1.1.1.1 $
+ *  $Revision: 1.2 $
 *
- *  last change: $Author: mt $ $Date: 2004-07-12 13:15:30 $
+ *  last change: $Author: mmi $ $Date: 2004-07-15 08:12:10 $
 *
 *  The Contents of this file are made available subject to the terms of
 *  either of the following licenses
@@ -199,7 +199,7 @@ int SAL_CALL main( int argc, char **argv )
    /*
     * creates signature
     */
-    bool bDone = aSignatureHelper.CreateAndWriteSignatue( xOutputStream );
+    bool bDone = aSignatureHelper.CreateAndWriteSignature( xOutputStream );

    if ( !bDone )
    {
--- a/xmlsecurity/tools/demo/util.cxx
+++ b/xmlsecurity/tools/demo/util.cxx
@@ -2,9 +2,9 @@
 *
 *  $RCSfile: util.cxx,v $
 *
- *  $Revision: 1.2 $
+ *  $Revision: 1.3 $
 *
- *  last change: $Author: mmi $ $Date: 2004-07-14 08:12:30 $
+ *  last change: $Author: mmi $ $Date: 2004-07-15 08:12:10 $
 *
 *  The Contents of this file are made available subject to the terms of
 *  either of the following licenses
@@ -67,6 +67,21 @@
 namespace cssu = com::sun::star::uno;
 namespace cssl = com::sun::star::lang;

+::rtl::OUString printHexString(cssu::Sequence< sal_Int8 > data)
+{
+    int length = data.getLength();
+    ::rtl::OUString result;
+
+    char number[4];
+    for (int j=0; j<length; j++)
+    {
+        sprintf(number, "%02X ", (unsigned char)data[j]);
+        result += rtl::OUString::createFromAscii( number );
+    }
+
+    return result;
+}
+
 cssu::Reference< cssl::XMultiServiceFactory > serviceManager(
    cssu::Reference< cssu::XComponentContext > &xContext,
    rtl::OUString sUnoUrl,
@@ -189,17 +204,18 @@ cssu::Reference< cssl::XMultiServiceFactory > serviceManager(
                    result += xCertPath[i]->getSubjectPublicKeyAlgorithm();
                    result += rtl::OUString::createFromAscii( "\n    Signature algorithm : " );
                    result += xCertPath[i]->getSignatureAlgorithm();
+
                    result += rtl::OUString::createFromAscii( "\n    Subject public key value : " );
-
                    cssu::Sequence< sal_Int8 > keyValue = xCertPath[i]->getSubjectPublicKeyValue();
-            int length = keyValue.getLength();
+                    result += printHexString(keyValue);

-            char number[64];
-                    for (int j=0; j<length; j++)
-                    {
-                        sprintf(number, "%02X ", (unsigned char)keyValue[j]);
-                        result += rtl::OUString::createFromAscii( number );
-                    }
+                    result += rtl::OUString::createFromAscii( "\n    Thumbprint (SHA1) : " );
+                    cssu::Sequence< sal_Int8 > SHA1Thumbprint = xCertPath[i]->getSHA1Thumbprint();
+                    result += printHexString(SHA1Thumbprint);
+
+                    result += rtl::OUString::createFromAscii( "\n    Thumbprint (MD5) : " );
+                    cssu::Sequence< sal_Int8 > MD5Thumbprint = xCertPath[i]->getMD5Thumbprint();
+                    result += printHexString(MD5Thumbprint);

                    result += rtl::OUString::createFromAscii( "\n  <<\n" );
        }
--- a/xmlsecurity/tools/demo/verifydemo.cxx
+++ b/xmlsecurity/tools/demo/verifydemo.cxx
@@ -2,9 +2,9 @@
 *
 *  $RCSfile: verifydemo.cxx,v $
 *
- *  $Revision: 1.1.1.1 $
+ *  $Revision: 1.2 $
 *
- *  last change: $Author: mt $ $Date: 2004-07-12 13:15:30 $
+ *  last change: $Author: mmi $ $Date: 2004-07-15 08:12:10 $
 *
 *  The Contents of this file are made available subject to the terms of
 *  either of the following licenses
@@ -151,7 +151,7 @@ int SAL_CALL main( int argc, char **argv )
    /*
     * verifies the signature
     */
-    bool bDone = aSignatureHelper.ReadAndVerifySignatue( xInputStream );
+    bool bDone = aSignatureHelper.ReadAndVerifySignature( xInputStream );

    /*
     * closes the signature stream