mir/libreoffice
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
10ab1790956131e93f58090a30417187e6624775
libreoffice/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx
Ivo Hinkelmann 10ab179095 CWS-TOOLING: integrate CWS encsig09 
2009-09-14 15:11:29 +0200 oc  r276125 : #i105049# MacroSignatur needs Macro
2009-09-09 17:09:46 +0200 jl  r276005 : #i103989# could not signe encrypted doc containing a formular object
2009-09-09 13:11:24 +0200 jl  r275985 : #i103989# could not signe encrypted doc containing a formular object
2009-09-08 15:54:02 +0200 mav  r275934 : #i103906# fix the automation test scenario ( tempfile should be writable for the user )
2009-09-07 14:01:39 +0200 mav  r275895 : #i103906# fix the problem with reload
2009-09-07 09:34:48 +0200 mav  r275871 : #i104786# do the ODF version check only for ODF documents
2009-09-07 08:19:06 +0200 mav  r275870 : #i104389# fix text
2009-09-06 22:24:21 +0200 mav  r275867 : #i104786# check the consistency of ODF version
2009-09-06 22:23:24 +0200 mav  r275866 : #i104786# check the consistency of ODF version
2009-09-06 22:23:00 +0200 mav  r275865 : #i104786# check the consistency of ODF version
2009-09-06 22:22:36 +0200 mav  r275864 : #i104786# check the consistency of ODF version
2009-09-06 22:22:03 +0200 mav  r275863 : #i104786# check the consistency of ODF version
2009-09-02 17:09:30 +0200 mav  r275722 : #i104715# let repairing mechanics use the streams correctly
2009-09-01 16:52:49 +0200 mav  r275670 : #i104389# notify user not to trust the corrupted document
2009-09-01 16:31:37 +0200 mav  r275668 : #i104389# use vnd.sun.star.zip: protocol to access zip files
2009-09-01 16:30:32 +0200 mav  r275667 : #i104389# use vnd.sun.star.zip: protocol to access zip files
2009-09-01 16:22:13 +0200 jl  r275666 : #i104339# small content change
2009-09-01 14:20:42 +0200 jl  r275660 : #i103519# remove some debug output
2009-09-01 13:51:52 +0200 jl  r275659 : #i103519# NSS uses '\' for escaping in distinguished names
2009-09-01 12:49:47 +0200 mav  r275655 : #i104389# use zip-mode to read from jar files
2009-09-01 12:40:22 +0200 mav  r275653 : #i104389# use zip-mode to read from jar files
2009-09-01 12:32:29 +0200 mav  r275652 : #i104389# use constants
2009-08-31 21:58:00 +0200 mav  r275637 : #i10000# fix warning
2009-08-31 21:11:17 +0200 mav  r275636 : #i104227# adding of scripting signature removes the document signature
2009-08-31 20:55:05 +0200 mav  r275635 : #i103905# ZipStorage supports Compressed property
2009-08-31 20:53:55 +0200 mav  r275634 : #i103905# adjust macro signature transfer to usage of ZipStorage
2009-08-31 15:30:49 +0200 jl  r275609 : #i103989# warning is shown as long the user does not click 'OK' 
2009-08-31 14:36:10 +0200 jl  r275608 : #i103989# changed warning text when signing macro and there is a document signature. This warning is only displayed once
2009-08-31 13:34:41 +0200 mav  r275603 : #i104452# disable macros in repaired documents
2009-08-31 13:33:42 +0200 mav  r275602 : #i104452# disable macros in repaired documents
2009-08-31 13:03:56 +0200 jl  r275600 : #i45212# signature dialog could not be started when using read-only documents 
2009-08-31 09:26:13 +0200 mav  r275583 : #i104578# store the additional entry as the last one to workaround parsing problem in OOo3.1 and later
2009-08-30 20:54:25 +0200 mav  r275562 : #i10000# adopt for unix
2009-08-30 10:56:00 +0200 mav  r275561 : CWS-TOOLING: rebase CWS encsig09 to trunk@275331 (milestone: DEV300:m56)
2009-08-28 16:34:00 +0200 mav  r275539 : #i104578# write necessary info in manifest.xml for ODF1.2 encrypted document
2009-08-28 14:04:22 +0200 mav  r275533 : #104587# fix handling of readonly streams
2009-08-28 13:58:10 +0200 mav  r275531 : #i104389# fix the broken document handling
2009-08-28 11:40:39 +0200 mav  r275522 : #i104389# fix the signature streams check
2009-08-27 21:48:12 +0200 mav  r275509 : #i103927# show the warning
2009-08-27 21:47:48 +0200 mav  r275508 : #i103927# show the warning
2009-08-27 16:45:59 +0200 jl  r275495 : #i45212# remove unused variable
2009-08-27 16:34:00 +0200 jl  r275494 : #i103989#
2009-08-27 13:54:28 +0200 jl  r275482 : #i103519# fixed replacement of 'S' by 'ST'
2009-08-27 12:32:21 +0200 mav  r275472 : #i10000# fix warning
2009-08-27 11:58:11 +0200 mav  r275467 : #i104389# handle the entry path correctly
2009-08-26 17:18:35 +0200 jl  r275438 : #i103519# subject and issuer distinguished names were not properly displayed. The strings were obtained by system functions (Windows, NSS), which use quotes to escape the values, when they contain special characters
2009-08-26 11:00:20 +0200 mav  r275403 : #i10000# fix warnings
2009-08-26 08:25:45 +0200 mav  r275392 : #i10000# fix warning
2009-08-26 08:02:22 +0200 mav  r275391 : #i10000# adopt for linux
2009-08-26 07:40:30 +0200 mav  r275390 : #i10000# fix warning
2009-08-26 07:35:28 +0200 mav  r275389 : #i10000# use correct include file name
2009-08-25 15:01:41 +0200 jl  r275356 : #i103989# better check for mimetype of streams
2009-08-25 09:07:09 +0200 mav  r275335 : CWS-TOOLING: rebase CWS encsig09 to trunk@274622 (milestone: DEV300:m54)
2009-08-24 18:17:02 +0200 mav  r275329 : #i103927# check the nonencrypted streams
2009-08-24 18:14:14 +0200 mav  r275328 : #i103927# check the nonencrypted streams
2009-08-24 17:59:34 +0200 mav  r275327 : #i103927#,#i104389# check the package consistency and nonencrypted streams
2009-08-24 16:18:28 +0200 jl  r275323 : #i103989# added comment
2009-08-24 13:08:47 +0200 jl  r275305 : #i45212# #i66276# only write the X509Certificate element once and allow to add remove several certificates at a time
2009-08-21 12:57:28 +0200 ufi  r275239 : 104339
2009-08-21 08:39:05 +0200 jl  r275213 : #i10398# comparing URIs of signed files with the 'element list'
2009-08-20 13:39:47 +0200 jl  r275178 : #i10398# displaying 'new partially signed' status in the status bar
2009-08-20 13:35:39 +0200 jl  r275177 : #i10398# displaying 'new partially signed' status in the status bar
2009-08-20 13:29:06 +0200 jl  r275176 : #i10398# displaying 'new partially signed' status in the status bar
2009-08-20 13:26:21 +0200 jl  r275175 : #i10398# displaying 'new partially signed' status in the status bar
2009-08-20 12:05:09 +0200 ufi  r275170 : i104339
2009-08-19 12:24:54 +0200 jl  r275146 : #i10398# displaying 'old signature' icon and status in signature dialog
2009-08-18 15:18:48 +0200 jl  r275111 : #i103989# document signatures containing manifest.xml are now validated according to the final ODF1.2 spec
2009-08-18 11:41:06 +0200 mav  r275087 : #i103927# detect if encrypted ODF1.2 document contains nonencrypted streams
2009-08-18 11:35:13 +0200 mav  r275085 : #i103927# detect if encrypted ODF1.2 document contains nonencrypted streams
2009-08-14 17:32:41 +0200 jl  r274999 : #i103989# using c14n tranformation for XML streams
2009-08-14 15:27:43 +0200 jl  r274987 : #i103989# remove special handling for encrypted document streams in UriBindingHelper::OpenInputStream, since we use zip storage this is not necessary anymore
2009-08-14 15:08:10 +0200 jl  r274983 : #i103989# Showing a message when adding or removing a macro signature, that the document signature will be removed
2009-08-14 14:57:27 +0200 jl  r274982 : #i103989# accesing Sequence at invalid index
2009-08-11 08:55:02 +0200 mav  r274846 : #i103905# let signing service know if there is already a valid document signature
2009-08-10 11:33:37 +0200 jl  r274799 : #i103905# do not truncate the stream
2009-08-10 10:43:47 +0200 mav  r274797 : #i103905# provide the storage version
2009-08-07 16:58:46 +0200 jl  r274780 : #i103989#
2009-08-07 16:56:19 +0200 jl  r274779 : #i103989# using odf version string etc.
2009-08-07 15:20:53 +0200 mav  r274771 : #i103905# provide the storage version
2009-08-07 15:19:12 +0200 mav  r274770 : #i103905# provide the storage version
2009-08-07 12:41:45 +0200 mav  r274758 : #103930# do not store thumbnail in case of encrypted document
2009-08-07 12:36:52 +0200 mav  r274757 : #i103905# provide the storage version
2009-08-07 12:15:54 +0200 mav  r274754 : #i103760# the signed state is not lost on saving
2009-08-07 12:06:19 +0200 mav  r274753 : #i103760# avoid warning regarding signature removal on export
2009-08-07 12:06:01 +0200 mav  r274752 : #i103760# avoid warning regarding signature removal on export
2009-08-06 08:47:34 +0200 mav  r274703 : #i103905# allow to transport ODF version to the signing component
2009-08-05 21:34:42 +0200 mav  r274701 : #i103905# allow to transport ODF version to the signing component
2009-08-05 15:48:17 +0200 mav  r274683 : #i103905# allow to transport ODF version to the signing component
2009-08-05 14:58:12 +0200 jl  r274673 : #i103989# documentsignature now signes all streams except documentsignatures.xml, all streams are processed as binary files
2009-08-05 12:00:32 +0200 mav  r274648 : #i103905# allow to transport ODF version to the signing component
2009-08-04 10:57:04 +0200 jl  r274612 : #i103989# added XInitialization
2009-07-31 10:32:27 +0200 mav  r274516 : #i103905# use zip storage to sign documents
2009-07-30 14:01:33 +0200 mav  r274489 : #i103906# optimize the usage of temporary medium
2009-07-30 14:00:28 +0200 mav  r274488 : #i103906# optimize the usage of temporary medium
2009-07-30 13:59:09 +0200 mav  r274487 : #i103906# optimize the usage of temporary medium
2009-07-30 13:50:44 +0200 mav  r274485 : #i103906# optimize the usage of temporary medium
2009-07-30 13:49:53 +0200 mav  r274484 : #i103906# optimize the usage of temporary medium
2009-07-30 13:49:13 +0200 mav  r274483 : #i103906# optimize the usage of temporary medium
2009-07-30 13:47:09 +0200 mav  r274482 : #i103905#,#i103906# let the signing process use zip-storage; optimize the usage of temporary medium
2009-07-21 09:10:31 +0200 mav  r274159 : CWS-TOOLING: rebase CWS encsig09 to trunk@273468 (milestone: DEV300:m51)
2009-05-05 08:39:01 +0200 mav  r271496 : #i100832# allow to sign macros only when there are any
2009-09-17 13:53:54 +00:00

665 lines
23 KiB
C++
Raw Blame History

/*************************************************************************
*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* Copyright 2008 by Sun Microsystems, Inc.
*
* OpenOffice.org - a multi-platform office productivity suite
*
* $RCSfile: x509certificate_mscryptimpl.cxx,v $
* $Revision: 1.12 $
*
* This file is part of OpenOffice.org.
*
* OpenOffice.org is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License version 3
* only, as published by the Free Software Foundation.
*
* OpenOffice.org is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License version 3 for more details
* (a copy is included in the LICENSE file that accompanied this code).
*
* You should have received a copy of the GNU Lesser General Public License
* version 3 along with OpenOffice.org. If not, see
* <http://www.openoffice.org/license.html>
* for a copy of the LGPLv3 License.
*
************************************************************************/
// MARKER(update_precomp.py): autogen include statement, do not remove
#include "precompiled_xmlsecurity.hxx"
#include <sal/config.h>
#include <rtl/uuid.h>
#include "x509certificate_mscryptimpl.hxx"
#include "certificateextension_xmlsecimpl.hxx"
//MM : added by MM
#include "oid.hxx"
//MM : end
//CP : added by CP
#include <rtl/locale.h>
#include <osl/nlsupport.h>
#include <osl/process.h>
#include <utility>
//CP : end
using namespace ::com::sun::star::uno ;
using namespace ::com::sun::star::security ;
using ::rtl::OUString ;
using ::com::sun::star::security::XCertificate ;
using ::com::sun::star::util::DateTime ;
#define OUSTR(x) ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM(x) )
/*Resturns the index withing rRawString where sTypeName starts and where it ends.
The starting index is pair.first. The ending index in pair.second points
one char after the last character of the type.
sTypeName can be
"S" or "CN" (without ""). Do not use spaces at the beginning of the type name.
If the type name is not found then pair.first and pair.second are -1.
*/
std::pair< sal_Int32, sal_Int32 >
findTypeInDN(const OUString& rRawString, const OUString& sTypeName)
{
std::pair< sal_Int32, sal_Int32 > retVal;
bool bInEscape = false;
bool bInValue = false;
bool bFound = false;
sal_Int32 nTypeNameStart = 0;
sal_Int32 length = rRawString.getLength();
for (sal_Int32 i = 0; i < length; i++)
{
sal_Unicode c = rRawString[i];
if (c == '=')
{
if (! bInValue)
{
OUString sType = rRawString.copy(nTypeNameStart, i - nTypeNameStart);
sType = sType.trim();
if (sType.equalsIgnoreAsciiCase(sTypeName))
{
bFound = true;
break;
}
}
}
else if (c == '"')
{
if (!bInEscape)
{
//If this is the quote is the first of the couple which enclose the
//whole value, because the value contains special characters
//then we just drop it. That is, this character must be followed by
//a character which is not '"'.
if ( i + 1 < length && rRawString[i+1] == '"')
bInEscape = true;
else
bInValue = !bInValue; //value is enclosed in " "
}
else
{
//This quote is escaped by a preceding quote and therefore is
//part of the value
bInEscape = false;
}
}
else if (c == ',')
{
//The comma separate the attribute value pairs.
//If the comma is not part of a value (the value would then be enclosed in '"'),
//then we have reached the end of the value
if (!bInValue)
{
//The next char is the start of the new type
nTypeNameStart = i + 1;
}
}
}
//Found the Type Name, but there can still be spaces after the last comma
//and the beginning of the type.
if (bFound)
{
while (true)
{
sal_Unicode c = rRawString[nTypeNameStart];
if (c != ' ' && c != '\t')
//found
break;
nTypeNameStart ++;
}
// search end (one after last letter)
sal_Int32 nTypeNameEnd = nTypeNameStart;
nTypeNameEnd++;
while (true)
{
sal_Unicode c = rRawString[nTypeNameEnd];
if (c == ' ' || c == '\t' || c == '=')
break;
nTypeNameEnd++;
}
retVal = std::make_pair(nTypeNameStart, nTypeNameEnd);
}
else
{
retVal = std::make_pair(-1, -1);
}
return retVal;
}
/*
MS Crypto uses the 'S' tag (equal to the 'ST' tag in NSS), but the NSS can't recognise
it, so the 'S' tag should be changed to 'ST' tag. However I am not sure if this is necessary
anymore, because we provide always the signers certificate when signing. So libmlsec can find
the private key based on the provided certificate (X509Certificate element) and does not need
the issuer name (X509IssuerName element). The issuer name in the xml signature has also no
effect for the signature nor the certificate validation.
In many RFCs, for example 4519, on speaks of 'ST'. However, the certificate does not contain
strings for type names. Instead it uses OIDs.
*/
OUString replaceTagSWithTagST(OUString oldDN)
{
std::pair<sal_Int32, sal_Int32 > pairIndex = findTypeInDN(oldDN, OUSTR("S"));
if (pairIndex.first != -1)
{
OUString newDN = oldDN.copy(0, pairIndex.first);
newDN += OUSTR("ST");
newDN += oldDN.copy(pairIndex.second);
return newDN;
}
return oldDN;
}
/* end */
X509Certificate_MSCryptImpl :: X509Certificate_MSCryptImpl() :
m_pCertContext( NULL )
{
}
X509Certificate_MSCryptImpl :: ~X509Certificate_MSCryptImpl() {
if( m_pCertContext != NULL ) {
CertFreeCertificateContext( m_pCertContext ) ;
}
}
//Methods from XCertificate
sal_Int16 SAL_CALL X509Certificate_MSCryptImpl :: getVersion() throw ( ::com::sun::star::uno::RuntimeException) {
if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) {
return ( char )m_pCertContext->pCertInfo->dwVersion ;
} else {
return -1 ;
}
}
::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl :: getSerialNumber() throw ( ::com::sun::star::uno::RuntimeException) {
if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) {
Sequence< sal_Int8 > serial( m_pCertContext->pCertInfo->SerialNumber.cbData ) ;
for( unsigned int i = 0 ; i < m_pCertContext->pCertInfo->SerialNumber.cbData ; i ++ )
serial[i] = *( m_pCertContext->pCertInfo->SerialNumber.pbData + m_pCertContext->pCertInfo->SerialNumber.cbData - i - 1 ) ;
return serial ;
} else {
return NULL ;
}
}
::rtl::OUString SAL_CALL X509Certificate_MSCryptImpl :: getIssuerName() throw ( ::com::sun::star::uno::RuntimeException) {
if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) {
char* issuer ;
DWORD cbIssuer ;
cbIssuer = CertNameToStr(
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING ,
&( m_pCertContext->pCertInfo->Issuer ),
CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG ,
NULL, 0
) ;
// Here the cbIssuer count the last 0x00 , take care.
if( cbIssuer != 0 ) {
issuer = new char[ cbIssuer ] ;
if( issuer == NULL )
throw RuntimeException() ;
cbIssuer = CertNameToStr(
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING ,
&( m_pCertContext->pCertInfo->Issuer ),
CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG ,
issuer, cbIssuer
) ;
if( cbIssuer <= 0 ) {
delete issuer ;
throw RuntimeException() ;
}
// By CP , for correct encoding
sal_uInt16 encoding ;
rtl_Locale *pLocale = NULL ;
osl_getProcessLocale( &pLocale ) ;
encoding = osl_getTextEncodingFromLocale( pLocale ) ;
// CP end
if(issuer[cbIssuer-1] == 0) cbIssuer--; //delimit the last 0x00;
OUString xIssuer(issuer , cbIssuer ,encoding ) ; //By CP
delete issuer ;
return replaceTagSWithTagST(xIssuer);
} else {
return OUString() ;
}
} else {
return OUString() ;
}
}
::rtl::OUString SAL_CALL X509Certificate_MSCryptImpl :: getSubjectName() throw ( ::com::sun::star::uno::RuntimeException) {
if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) {
char* subject ;
DWORD cbSubject ;
cbSubject = CertNameToStr(
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING ,
&( m_pCertContext->pCertInfo->Subject ),
CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG ,
NULL, 0
) ;
if( cbSubject != 0 ) {
subject = new char[ cbSubject ] ;
if( subject == NULL )
throw RuntimeException() ;
cbSubject = CertNameToStr(
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING ,
&( m_pCertContext->pCertInfo->Subject ),
CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG ,
subject, cbSubject
) ;
if( cbSubject <= 0 ) {
delete subject ;
throw RuntimeException() ;
}
// By CP , for correct encoding
sal_uInt16 encoding ;
rtl_Locale *pLocale = NULL ;
osl_getProcessLocale( &pLocale ) ;
encoding = osl_getTextEncodingFromLocale( pLocale ) ;
// CP end
if(subject[cbSubject-1] == 0) cbSubject--; //delimit the last 0x00;
OUString xSubject(subject , cbSubject ,encoding ) ; //By CP
delete subject ;
return replaceTagSWithTagST(xSubject);
} else {
return OUString() ;
}
} else {
return OUString() ;
}
}
::com::sun::star::util::DateTime SAL_CALL X509Certificate_MSCryptImpl :: getNotValidBefore() throw ( ::com::sun::star::uno::RuntimeException ) {
if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) {
SYSTEMTIME explTime ;
DateTime dateTime ;
FILETIME localFileTime;
if (FileTimeToLocalFileTime(&( m_pCertContext->pCertInfo->NotBefore ), &localFileTime))
{
if( FileTimeToSystemTime( &localFileTime, &explTime ) ) {
//Convert the time to readable local time
dateTime.HundredthSeconds = explTime.wMilliseconds / 100 ;
dateTime.Seconds = explTime.wSecond ;
dateTime.Minutes = explTime.wMinute ;
dateTime.Hours = explTime.wHour ;
dateTime.Day = explTime.wDay ;
dateTime.Month = explTime.wMonth ;
dateTime.Year = explTime.wYear ;
}
}
return dateTime ;
} else {
return DateTime() ;
}
}
::com::sun::star::util::DateTime SAL_CALL X509Certificate_MSCryptImpl :: getNotValidAfter() throw ( ::com::sun::star::uno::RuntimeException) {
if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) {
SYSTEMTIME explTime ;
DateTime dateTime ;
FILETIME localFileTime;
if (FileTimeToLocalFileTime(&( m_pCertContext->pCertInfo->NotAfter ), &localFileTime))
{
if( FileTimeToSystemTime( &localFileTime, &explTime ) ) {
//Convert the time to readable local time
dateTime.HundredthSeconds = explTime.wMilliseconds / 100 ;
dateTime.Seconds = explTime.wSecond ;
dateTime.Minutes = explTime.wMinute ;
dateTime.Hours = explTime.wHour ;
dateTime.Day = explTime.wDay ;
dateTime.Month = explTime.wMonth ;
dateTime.Year = explTime.wYear ;
}
}
return dateTime ;
} else {
return DateTime() ;
}
}
::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl :: getIssuerUniqueID() throw ( ::com::sun::star::uno::RuntimeException) {
if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) {
Sequence< sal_Int8 > issuerUid( m_pCertContext->pCertInfo->IssuerUniqueId.cbData ) ;
for( unsigned int i = 0 ; i < m_pCertContext->pCertInfo->IssuerUniqueId.cbData; i ++ )
issuerUid[i] = *( m_pCertContext->pCertInfo->IssuerUniqueId.pbData + i ) ;
return issuerUid ;
} else {
return NULL ;
}
}
::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl :: getSubjectUniqueID() throw ( ::com::sun::star::uno::RuntimeException ) {
if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) {
Sequence< sal_Int8 > subjectUid( m_pCertContext->pCertInfo->SubjectUniqueId.cbData ) ;
for( unsigned int i = 0 ; i < m_pCertContext->pCertInfo->SubjectUniqueId.cbData; i ++ )
subjectUid[i] = *( m_pCertContext->pCertInfo->SubjectUniqueId.pbData + i ) ;
return subjectUid ;
} else {
return NULL ;
}
}
::com::sun::star::uno::Sequence< ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificateExtension > > SAL_CALL X509Certificate_MSCryptImpl :: getExtensions() throw ( ::com::sun::star::uno::RuntimeException ) {
if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL && m_pCertContext->pCertInfo->cExtension != 0 ) {
CertificateExtension_XmlSecImpl* xExtn ;
CERT_EXTENSION* pExtn ;
Sequence< Reference< XCertificateExtension > > xExtns( m_pCertContext->pCertInfo->cExtension ) ;
for( unsigned int i = 0; i < m_pCertContext->pCertInfo->cExtension; i++ ) {
pExtn = &(m_pCertContext->pCertInfo->rgExtension[i]) ;
xExtn = new CertificateExtension_XmlSecImpl() ;
if( xExtn == NULL )
throw RuntimeException() ;
xExtn->setCertExtn( pExtn->Value.pbData, pExtn->Value.cbData, ( unsigned char* )pExtn->pszObjId, strlen( pExtn->pszObjId ), sal::static_int_cast<sal_Bool>(pExtn->fCritical) ) ;
xExtns[i] = xExtn ;
}
return xExtns ;
} else {
return NULL ;
}
}
::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificateExtension > SAL_CALL X509Certificate_MSCryptImpl :: findCertificateExtension( const ::com::sun::star::uno::Sequence< sal_Int8 >& /*oid*/ ) throw (::com::sun::star::uno::RuntimeException) {
if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL && m_pCertContext->pCertInfo->cExtension != 0 ) {
CertificateExtension_XmlSecImpl* xExtn ;
CERT_EXTENSION* pExtn ;
Sequence< Reference< XCertificateExtension > > xExtns( m_pCertContext->pCertInfo->cExtension ) ;
xExtn = NULL ;
for( unsigned int i = 0; i < m_pCertContext->pCertInfo->cExtension; i++ ) {
pExtn = &( m_pCertContext->pCertInfo->rgExtension[i] ) ;
//TODO: Compare the oid
if( 0 ) {
xExtn = new CertificateExtension_XmlSecImpl() ;
if( xExtn == NULL )
throw RuntimeException() ;
xExtn->setCertExtn( pExtn->Value.pbData, pExtn->Value.cbData, ( unsigned char* )pExtn->pszObjId, strlen( pExtn->pszObjId ), sal::static_int_cast<sal_Bool>(pExtn->fCritical) ) ;
}
}
return xExtn ;
} else {
return NULL ;
}
}
::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl :: getEncoded() throw ( ::com::sun::star::uno::RuntimeException) {
if( m_pCertContext != NULL && m_pCertContext->cbCertEncoded > 0 ) {
Sequence< sal_Int8 > rawCert( m_pCertContext->cbCertEncoded ) ;
for( unsigned int i = 0 ; i < m_pCertContext->cbCertEncoded ; i ++ )
rawCert[i] = *( m_pCertContext->pbCertEncoded + i ) ;
return rawCert ;
} else {
return NULL ;
}
}
//Helper methods
void X509Certificate_MSCryptImpl :: setMswcryCert( const CERT_CONTEXT* cert ) {
if( m_pCertContext != NULL ) {
CertFreeCertificateContext( m_pCertContext ) ;
m_pCertContext = NULL ;
}
if( cert != NULL ) {
m_pCertContext = CertDuplicateCertificateContext( cert ) ;
}
}
const CERT_CONTEXT* X509Certificate_MSCryptImpl :: getMswcryCert() const {
if( m_pCertContext != NULL ) {
return m_pCertContext ;
} else {
return NULL ;
}
}
void X509Certificate_MSCryptImpl :: setRawCert( Sequence< sal_Int8 > rawCert ) throw ( ::com::sun::star::uno::RuntimeException) {
if( m_pCertContext != NULL ) {
CertFreeCertificateContext( m_pCertContext ) ;
m_pCertContext = NULL ;
}
if( rawCert.getLength() != 0 ) {
m_pCertContext = CertCreateCertificateContext( X509_ASN_ENCODING, ( const BYTE* )&rawCert[0], rawCert.getLength() ) ;
}
}
/* XUnoTunnel */
sal_Int64 SAL_CALL X509Certificate_MSCryptImpl :: getSomething( const Sequence< sal_Int8 >& aIdentifier ) throw( RuntimeException ) {
if( aIdentifier.getLength() == 16 && 0 == rtl_compareMemory( getUnoTunnelId().getConstArray(), aIdentifier.getConstArray(), 16 ) ) {
return ( sal_Int64 )this ;
}
return 0 ;
}
/* XUnoTunnel extension */
const Sequence< sal_Int8>& X509Certificate_MSCryptImpl :: getUnoTunnelId() {
static Sequence< sal_Int8 >* pSeq = 0 ;
if( !pSeq ) {
::osl::Guard< ::osl::Mutex > aGuard( ::osl::Mutex::getGlobalMutex() ) ;
if( !pSeq ) {
static Sequence< sal_Int8> aSeq( 16 ) ;
rtl_createUuid( ( sal_uInt8* )aSeq.getArray() , 0 , sal_True ) ;
pSeq = &aSeq ;
}
}
return *pSeq ;
}
/* XUnoTunnel extension */
X509Certificate_MSCryptImpl* X509Certificate_MSCryptImpl :: getImplementation( const Reference< XInterface > xObj ) {
Reference< XUnoTunnel > xUT( xObj , UNO_QUERY ) ;
if( xUT.is() ) {
return ( X509Certificate_MSCryptImpl* )xUT->getSomething( getUnoTunnelId() ) ;
} else
return NULL ;
}
// MM : added by MM
::rtl::OUString findOIDDescription(char *oid)
{
OUString ouOID = OUString::createFromAscii( oid );
for (int i=0; i<nOID; i++)
{
OUString item = OUString::createFromAscii( OIDs[i].oid );
if (ouOID == item)
{
return OUString::createFromAscii( OIDs[i].desc );
}
}
return OUString() ;
}
::com::sun::star::uno::Sequence< sal_Int8 > getThumbprint(const CERT_CONTEXT* pCertContext, DWORD dwPropId)
{
if( pCertContext != NULL )
{
DWORD cbData = 20;
unsigned char fingerprint[20];
if (CertGetCertificateContextProperty(pCertContext, dwPropId, (void*)fingerprint, &cbData))
{
Sequence< sal_Int8 > thumbprint( cbData ) ;
for( unsigned int i = 0 ; i < cbData ; i ++ )
{
thumbprint[i] = fingerprint[i];
}
return thumbprint;
}
else
{
DWORD e = GetLastError();
cbData = e;
}
}
return NULL;
}
::rtl::OUString SAL_CALL X509Certificate_MSCryptImpl::getSubjectPublicKeyAlgorithm()
throw ( ::com::sun::star::uno::RuntimeException)
{
if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL )
{
CRYPT_ALGORITHM_IDENTIFIER algorithm = m_pCertContext->pCertInfo->SubjectPublicKeyInfo.Algorithm;
return findOIDDescription( algorithm.pszObjId ) ;
}
else
{
return OUString() ;
}
}
::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl::getSubjectPublicKeyValue()
throw ( ::com::sun::star::uno::RuntimeException)
{
if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL )
{
CRYPT_BIT_BLOB publicKey = m_pCertContext->pCertInfo->SubjectPublicKeyInfo.PublicKey;
Sequence< sal_Int8 > key( publicKey.cbData ) ;
for( unsigned int i = 0 ; i < publicKey.cbData ; i++ )
{
key[i] = *(publicKey.pbData + i) ;
}
return key;
}
else
{
return NULL ;
}
}
::rtl::OUString SAL_CALL X509Certificate_MSCryptImpl::getSignatureAlgorithm()
throw ( ::com::sun::star::uno::RuntimeException)
{
if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL )
{
CRYPT_ALGORITHM_IDENTIFIER algorithm = m_pCertContext->pCertInfo->SignatureAlgorithm;
return findOIDDescription( algorithm.pszObjId ) ;
}
else
{
return OUString() ;
}
}
::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl::getSHA1Thumbprint()
throw ( ::com::sun::star::uno::RuntimeException)
{
return getThumbprint(m_pCertContext, CERT_SHA1_HASH_PROP_ID);
}
::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl::getMD5Thumbprint()
throw ( ::com::sun::star::uno::RuntimeException)
{
return getThumbprint(m_pCertContext, CERT_MD5_HASH_PROP_ID);
}
sal_Int32 SAL_CALL X509Certificate_MSCryptImpl::getCertificateUsage( )
throw ( ::com::sun::star::uno::RuntimeException)
{
sal_Int32 usage =
CERT_DATA_ENCIPHERMENT_KEY_USAGE |
CERT_DIGITAL_SIGNATURE_KEY_USAGE |
CERT_KEY_AGREEMENT_KEY_USAGE |
CERT_KEY_CERT_SIGN_KEY_USAGE |
CERT_KEY_ENCIPHERMENT_KEY_USAGE |
CERT_NON_REPUDIATION_KEY_USAGE |
CERT_OFFLINE_CRL_SIGN_KEY_USAGE;
if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL && m_pCertContext->pCertInfo->cExtension != 0 )
{
CERT_EXTENSION* pExtn = CertFindExtension(
szOID_KEY_USAGE,
m_pCertContext->pCertInfo->cExtension,
m_pCertContext->pCertInfo->rgExtension);
if (pExtn != NULL)
{
CERT_KEY_USAGE_RESTRICTION_INFO keyUsage;
DWORD length = sizeof(CERT_KEY_USAGE_RESTRICTION_INFO);
bool rc = CryptDecodeObject(
X509_ASN_ENCODING,
X509_KEY_USAGE,
pExtn->Value.pbData,
pExtn->Value.cbData,
CRYPT_DECODE_NOCOPY_FLAG,
(void *)&keyUsage,
&length);
if (rc && keyUsage.RestrictedKeyUsage.cbData!=0)
{
usage = (sal_Int32)keyUsage.RestrictedKeyUsage.pbData;
}
}
}
return usage;
}
// MM : end
Reference in New Issue View Git Blame Copy Permalink