mir/libreoffice
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
524a90293f4cb9beb8331b4e7cf5f738fcdf37c3
libreoffice/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
Norbert Thiebaud cc5db648bc Merge commit 'ooo/DEV300_m101' into integration/dev300_m101 
* commit 'ooo/DEV300_m101': (185 commits)
  masterfix DEV300: #i10000# usage of L10N build_type
  masterfix: #i10000# INT16 -> sal_Int16
  fixed compile errors after resync to m100, part2
  gridsort: post-rebase fixes
  CWS gnumake3: found another tools integer type
  removetooltypes01: Fix build problems after rebase to DEV300m99 in basctl, cui, reportdesign, sw
  native359: #i114398# changing mac langpack icon
  native359: #i115669# fixing package description for solaris packages
  gnumake3: remove comphelper version; fix including extract.hxx
  locales34: #i106785# add Haitian_Haiti [ht-HT] to language list and locale data; locale data contributed by <jcpoulard>
  sb138: #i116659# timely termination of OnLogRotateThread
  accfixes: removed include of obsolete header file
  accfixes: removed obsolete file
  removetooltypes01: #i112600# Fix build problems on non-pro
  accfixes: moved some shared strings to svx part2
  accfixes: moved some shared strings to svx
  accfixes: added more accessibility information and fixed tab orders in multiple dialogs (cui module)
  removetooltypes01: #i112600# Remove tools types for Mac specific parts
  fixed tab order in BasicIDE, Library dialog tab page
  added some accessible names in BasicIDE
  ...

Conflicts:
	UnoControls/source/base/registercontrols.cxx
	accessibility/inc/accessibility/standard/vclxaccessiblelistboxlist.hxx
	automation/inc/automation/communi.hxx
	automation/inc/automation/simplecm.hxx
	automation/source/communi/communi.cxx
	automation/source/inc/rcontrol.hxx
	automation/source/miniapp/servuid.hxx
	automation/source/server/XMLParser.cxx
	automation/source/server/cmdbasestream.cxx
	automation/source/server/profiler.hxx
	automation/source/server/recorder.cxx
	automation/source/server/retstrm.hxx
	automation/source/server/server.cxx
	automation/source/server/sta_list.cxx
	automation/source/server/statemnt.cxx
	automation/source/server/statemnt.hxx
	automation/source/simplecm/packethandler.cxx
	automation/source/simplecm/simplecm.cxx
	automation/source/simplecm/tcpio.cxx
	automation/source/simplecm/tcpio.hxx
	automation/source/testtool/comm_bas.hxx
	automation/source/testtool/cretstrm.hxx
	automation/source/testtool/httprequest.cxx
	automation/source/testtool/httprequest.hxx
	automation/source/testtool/objtest.cxx
	automation/source/testtool/objtest.hxx
	basctl/source/basicide/baside2.cxx
	basctl/source/basicide/baside2.hxx
	basctl/source/basicide/baside2b.cxx
	basctl/source/basicide/baside3.cxx
	basctl/source/basicide/basides1.cxx
	basctl/source/basicide/basides2.cxx
	basctl/source/basicide/basidesh.cxx
	basctl/source/basicide/basidesh.src
	basctl/source/basicide/basobj3.cxx
	basctl/source/basicide/bastype2.cxx
	basctl/source/basicide/bastype3.cxx
	basctl/source/basicide/bastypes.cxx
	basctl/source/basicide/brkdlg.cxx
	basctl/source/basicide/iderdll.cxx
	basctl/source/basicide/macrodlg.cxx
	basctl/source/basicide/moduldl2.cxx
	basctl/source/basicide/moduldlg.cxx
	basctl/source/basicide/objdlg.cxx
	basctl/source/basicide/scriptdocument.cxx
	basctl/source/basicide/tbxctl.cxx
	basctl/source/basicide/tbxctl.hxx
	basctl/source/basicide/tbxctl.src
	basctl/source/dlged/dlged.cxx
	basctl/source/dlged/dlgedfunc.cxx
	basctl/source/dlged/dlgedobj.cxx
	basctl/source/inc/basidesh.hxx
	basctl/source/inc/bastypes.hxx
	basctl/source/inc/dlgedmod.hxx
	basctl/source/inc/dlgedpage.hxx
	crashrep/prj/build.lst
	cui/inc/pch/precompiled_cui.hxx
	cui/source/customize/acccfg.cxx
	cui/source/customize/acccfg.hrc
	cui/source/customize/acccfg.src
	cui/source/customize/cfg.cxx
	cui/source/customize/cfgutil.cxx
	cui/source/customize/macropg.cxx
	cui/source/customize/macropg.src
	cui/source/customize/selector.cxx
	cui/source/dialogs/SpellDialog.cxx
	cui/source/dialogs/commonlingui.cxx
	cui/source/dialogs/cuicharmap.cxx
	cui/source/dialogs/cuifmsearch.cxx
	cui/source/dialogs/cuigaldlg.cxx
	cui/source/dialogs/cuigrfflt.cxx
	cui/source/dialogs/hldocntp.cxx
	cui/source/dialogs/hldoctp.cxx
	cui/source/dialogs/hlinettp.cxx
	cui/source/dialogs/hlmailtp.cxx
	cui/source/dialogs/hlmarkwn.cxx
	cui/source/dialogs/hlmarkwn.src
	cui/source/dialogs/hltpbase.cxx
	cui/source/dialogs/iconcdlg.cxx
	cui/source/dialogs/passwdomdlg.cxx
	cui/source/dialogs/pastedlg.cxx
	cui/source/dialogs/scriptdlg.cxx
	cui/source/dialogs/thesdlg.cxx
	cui/source/dialogs/zoom.cxx
	cui/source/factory/dlgfact.hxx
	cui/source/inc/SpellDialog.hxx
	cui/source/inc/autocdlg.hxx
	cui/source/inc/backgrnd.hxx
	cui/source/inc/bbdlg.hxx
	cui/source/inc/cfg.hxx
	cui/source/inc/cfgutil.hxx
	cui/source/inc/cuigaldlg.hxx
	cui/source/inc/cuigrfflt.hxx
	cui/source/inc/cuitabarea.hxx
	cui/source/inc/cuitabline.hxx
	cui/source/inc/hldocntp.hxx
	cui/source/inc/hltpbase.hxx
	cui/source/inc/iconcdlg.hxx
	cui/source/inc/numpages.hxx
	cui/source/inc/page.hxx
	cui/source/inc/postdlg.hxx
	cui/source/inc/scriptdlg.hxx
	cui/source/inc/transfrm.hxx
	cui/source/inc/zoom.hxx
	cui/source/options/cfgchart.cxx
	cui/source/options/cuisrchdlg.cxx
	cui/source/options/dbregister.cxx
	cui/source/options/dbregister.src
	cui/source/options/fontsubs.cxx
	cui/source/options/internationaloptions.cxx
	cui/source/options/optasian.cxx
	cui/source/options/optchart.cxx
	cui/source/options/optcolor.cxx
	cui/source/options/optcolor.src
	cui/source/options/optfltr.cxx
	cui/source/options/optfltr.src
	cui/source/options/optgdlg.cxx
	cui/source/options/optgdlg.src
	cui/source/options/optgenrl.cxx
	cui/source/options/opthtml.cxx
	cui/source/options/optimprove.cxx
	cui/source/options/optinet2.cxx
	cui/source/options/optinet2.hxx
	cui/source/options/optjava.cxx
	cui/source/options/optlingu.cxx
	cui/source/options/optsave.cxx
	cui/source/options/optsave.hxx
	cui/source/options/treeopt.cxx
	cui/source/options/webconninfo.cxx
	cui/source/tabpages/autocdlg.cxx
	cui/source/tabpages/backgrnd.cxx
	cui/source/tabpages/border.cxx
	cui/source/tabpages/chardlg.cxx
	cui/source/tabpages/dstribut.cxx
	cui/source/tabpages/grfpage.cxx
	cui/source/tabpages/macroass.cxx
	cui/source/tabpages/measure.cxx
	cui/source/tabpages/numfmt.cxx
	cui/source/tabpages/numpages.cxx
	cui/source/tabpages/page.cxx
	cui/source/tabpages/paragrph.cxx
	cui/source/tabpages/swpossizetabpage.cxx
	cui/source/tabpages/tabarea.src
	cui/source/tabpages/textanim.cxx
	cui/source/tabpages/textattr.cxx
	cui/source/tabpages/tparea.cxx
	cui/source/tabpages/tpbitmap.cxx
	cui/source/tabpages/tpcolor.cxx
	cui/source/tabpages/tpgradnt.cxx
	cui/source/tabpages/tphatch.cxx
	cui/source/tabpages/tpline.cxx
	cui/source/tabpages/tplnedef.cxx
	cui/source/tabpages/tplneend.cxx
	cui/source/tabpages/tpshadow.cxx
	cui/source/tabpages/transfrm.cxx
	embedserv/source/embed/register.cxx
	extensions/inc/pch/precompiled_extensions.hxx
	extensions/inc/propctrlr.hrc
	extensions/source/abpilot/abpservices.cxx
	extensions/source/bibliography/bibload.cxx
	extensions/source/bibliography/datman.cxx
	extensions/source/bibliography/general.cxx
	extensions/source/dbpilots/dbpservices.cxx
	extensions/source/inc/componentmodule.cxx
	extensions/source/nsplugin/source/so_env.cxx
	extensions/source/ole/oleobjw.cxx
	extensions/source/ole/oleobjw.hxx
	extensions/source/oooimprovement/invite_job.cxx
	extensions/source/oooimprovement/onlogrotate_job.cxx
	extensions/source/plugin/base/service.cxx
	extensions/source/plugin/inc/plugin/unx/mediator.hxx
	extensions/source/plugin/inc/plugin/unx/plugcon.hxx
	extensions/source/plugin/unx/mediator.cxx
	extensions/source/plugin/unx/nppapi.cxx
	extensions/source/plugin/unx/plugcon.cxx
	extensions/source/preload/services.cxx
	extensions/source/propctrlr/formmetadata.cxx
	extensions/source/propctrlr/pcrservices.cxx
	extensions/source/resource/resource.cxx
	extensions/source/scanner/sane.hxx
	extensions/source/scanner/sanedlg.cxx
	extensions/source/scanner/scanunx.cxx
	extensions/source/scanner/scanwin.cxx
	extensions/source/scanner/twain.cxx
	extensions/source/scanner/twain.hxx
	extensions/source/update/check/updatecheckconfig.cxx
	extensions/test/stm/datatest.cxx
	extensions/test/stm/marktest.cxx
	extensions/test/stm/pipetest.cxx
	extensions/test/stm/testfactreg.cxx
	extensions/workben/testpgp.cxx
	forms/qa/complex/forms/CheckOGroupBoxModel.java
	forms/qa/makefile.mk
	forms/source/component/Button.cxx
	forms/source/component/Button.hxx
	forms/source/component/ListBox.cxx
	forms/source/inc/forms_module_impl.hxx
	forms/source/misc/services.cxx
	forms/source/solar/control/navtoolbar.cxx
	javainstaller2/prj/build.lst
	javainstaller2/src/JavaSetup/org/openoffice/setup/Util/ModuleCtrl.java
	lingucomponent/prj/build.lst
	lingucomponent/source/hyphenator/altlinuxhyph/hyphen/hyphenimp.cxx
	lingucomponent/source/spellcheck/spell/sreg.cxx
	lingucomponent/source/spellcheck/spell/sspellimp.cxx
	package/source/manifest/ManifestExport.cxx
	package/source/manifest/UnoRegister.cxx
	package/source/xstor/owriteablestream.cxx
	package/source/xstor/owriteablestream.hxx
	package/source/xstor/xstorage.hxx
	package/source/zippackage/ZipPackageFolder.cxx
	package/source/zippackage/ZipPackageStream.cxx
	setup_native/source/mac/ooo/DS_Store
	setup_native/source/win32/customactions/shellextensions/registerextensions.cxx
	xmlsecurity/prj/build.lst
	xmlsecurity/source/component/registerservices.cxx
	xmlsecurity/source/dialogs/stbcontrl.cxx
	xmlsecurity/source/framework/xsec_framework.cxx
	xmlsecurity/source/xmlsec/xsec_xmlsec.cxx
	xmlsecurity/tools/demo/util.hxx
	xmlsecurity/workben/signaturetest.cxx
2011-03-09 16:20:50 -06:00

1113 lines
40 KiB
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*************************************************************************
*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* Copyright 2000, 2010 Oracle and/or its affiliates.
*
* OpenOffice.org - a multi-platform office productivity suite
*
* This file is part of OpenOffice.org.
*
* OpenOffice.org is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License version 3
* only, as published by the Free Software Foundation.
*
* OpenOffice.org is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License version 3 for more details
* (a copy is included in the LICENSE file that accompanied this code).
*
* You should have received a copy of the GNU Lesser General Public License
* version 3 along with OpenOffice.org. If not, see
* <http://www.openoffice.org/license.html>
* for a copy of the LGPLv3 License.
*
************************************************************************/
// MARKER(update_precomp.py): autogen include statement, do not remove
#include "precompiled_xmlsecurity.hxx"
//todo before commit: nssrenam.h is not delivered!!!
#include "nssrenam.h"
#include "cert.h"
#include "secerr.h"
#include "ocsp.h"
#include <sal/config.h>
#include <sal/macros.h>
#include "securityenvironment_nssimpl.hxx"
#include "x509certificate_nssimpl.hxx"
#include <rtl/uuid.h>
#include "../diagnose.hxx"
#include <sal/types.h>
//For reasons that escape me, this is what xmlsec does when size_t is not 4
#if SAL_TYPES_SIZEOFPOINTER != 4
# define XMLSEC_NO_SIZE_T
#endif
#include <xmlsec/xmlsec.h>
#include <xmlsec/keysmngr.h>
#include <xmlsec/crypto.h>
#include <xmlsec/base64.h>
#include <xmlsec/strings.h>
#include <tools/string.hxx>
#include <rtl/ustrbuf.hxx>
#include <comphelper/processfactory.hxx>
#include <cppuhelper/servicefactory.hxx>
#include <comphelper/docpasswordrequest.hxx>
#include <xmlsecurity/biginteger.hxx>
#include <rtl/logfile.h>
#include <com/sun/star/task/XInteractionHandler.hpp>
#include <vector>
#include "boost/scoped_array.hpp"
#include "secerror.hxx"
// added for password exception
#include <com/sun/star/security/NoPasswordException.hpp>
namespace csss = ::com::sun::star::security;
using namespace xmlsecurity;
using namespace ::com::sun::star::security;
using namespace com::sun::star;
using namespace ::com::sun::star::uno ;
using namespace ::com::sun::star::lang ;
using ::com::sun::star::lang::XMultiServiceFactory ;
using ::com::sun::star::lang::XSingleServiceFactory ;
using ::rtl::OUString ;
using ::com::sun::star::xml::crypto::XSecurityEnvironment ;
using ::com::sun::star::security::XCertificate ;
extern X509Certificate_NssImpl* NssCertToXCert( CERTCertificate* cert ) ;
extern X509Certificate_NssImpl* NssPrivKeyToXCert( SECKEYPrivateKey* ) ;
struct UsageDescription
{
SECCertificateUsage usage;
char const * const description;
};
char* GetPasswordFunction( PK11SlotInfo* pSlot, PRBool bRetry, void* /*arg*/ )
{
uno::Reference< lang::XMultiServiceFactory > xMSF( ::comphelper::getProcessServiceFactory() );
if ( xMSF.is() )
{
uno::Reference < task::XInteractionHandler > xInteractionHandler(
xMSF->createInstance( rtl::OUString(RTL_CONSTASCII_USTRINGPARAM("com.sun.star.task.InteractionHandler")) ), uno::UNO_QUERY );
if ( xInteractionHandler.is() )
{
task::PasswordRequestMode eMode = bRetry ? task::PasswordRequestMode_PASSWORD_REENTER : task::PasswordRequestMode_PASSWORD_ENTER;
::comphelper::DocPasswordRequest* pPasswordRequest = new ::comphelper::DocPasswordRequest(
::comphelper::DocPasswordRequestType_STANDARD, eMode, ::rtl::OUString::createFromAscii(PK11_GetTokenName(pSlot)) );
uno::Reference< task::XInteractionRequest > xRequest( pPasswordRequest );
xInteractionHandler->handle( xRequest );
if ( pPasswordRequest->isPassword() )
{
ByteString aPassword = ByteString( String( pPasswordRequest->getPassword() ), gsl_getSystemTextEncoding() );
sal_uInt16 nLen = aPassword.Len();
char* pPassword = (char*) PORT_Alloc( nLen+1 ) ;
pPassword[nLen] = 0;
memcpy( pPassword, aPassword.GetBuffer(), nLen );
return pPassword;
}
}
}
return NULL;
}
SecurityEnvironment_NssImpl :: SecurityEnvironment_NssImpl( const Reference< XMultiServiceFactory >& ) :
m_pHandler( NULL ) , m_tSymKeyList() , m_tPubKeyList() , m_tPriKeyList() {
PK11_SetPasswordFunc( GetPasswordFunction ) ;
}
SecurityEnvironment_NssImpl :: ~SecurityEnvironment_NssImpl() {
PK11_SetPasswordFunc( NULL ) ;
for (CIT_SLOTS i = m_Slots.begin(); i != m_Slots.end(); i++)
{
PK11_FreeSlot(*i);
}
if( !m_tSymKeyList.empty() ) {
std::list< PK11SymKey* >::iterator symKeyIt ;
for( symKeyIt = m_tSymKeyList.begin() ; symKeyIt != m_tSymKeyList.end() ; ++symKeyIt )
PK11_FreeSymKey( *symKeyIt ) ;
}
if( !m_tPubKeyList.empty() ) {
std::list< SECKEYPublicKey* >::iterator pubKeyIt ;
for( pubKeyIt = m_tPubKeyList.begin() ; pubKeyIt != m_tPubKeyList.end() ; ++pubKeyIt )
SECKEY_DestroyPublicKey( *pubKeyIt ) ;
}
if( !m_tPriKeyList.empty() ) {
std::list< SECKEYPrivateKey* >::iterator priKeyIt ;
for( priKeyIt = m_tPriKeyList.begin() ; priKeyIt != m_tPriKeyList.end() ; ++priKeyIt )
SECKEY_DestroyPrivateKey( *priKeyIt ) ;
}
}
/* XInitialization */
void SAL_CALL SecurityEnvironment_NssImpl :: initialize( const Sequence< Any >& ) throw( Exception, RuntimeException ) {
// TBD
} ;
/* XServiceInfo */
OUString SAL_CALL SecurityEnvironment_NssImpl :: getImplementationName() throw( RuntimeException ) {
return impl_getImplementationName() ;
}
/* XServiceInfo */
sal_Bool SAL_CALL SecurityEnvironment_NssImpl :: supportsService( const OUString& serviceName) throw( RuntimeException ) {
Sequence< OUString > seqServiceNames = getSupportedServiceNames() ;
const OUString* pArray = seqServiceNames.getConstArray() ;
for( sal_Int32 i = 0 ; i < seqServiceNames.getLength() ; i ++ ) {
if( *( pArray + i ) == serviceName )
return sal_True ;
}
return sal_False ;
}
/* XServiceInfo */
Sequence< OUString > SAL_CALL SecurityEnvironment_NssImpl :: getSupportedServiceNames() throw( RuntimeException ) {
return impl_getSupportedServiceNames() ;
}
//Helper for XServiceInfo
Sequence< OUString > SecurityEnvironment_NssImpl :: impl_getSupportedServiceNames() {
::osl::Guard< ::osl::Mutex > aGuard( ::osl::Mutex::getGlobalMutex() ) ;
Sequence< OUString > seqServiceNames( 1 ) ;
seqServiceNames.getArray()[0] = OUString(RTL_CONSTASCII_USTRINGPARAM("com.sun.star.xml.crypto.SecurityEnvironment")) ;
return seqServiceNames ;
}
OUString SecurityEnvironment_NssImpl :: impl_getImplementationName() throw( RuntimeException ) {
return OUString(RTL_CONSTASCII_USTRINGPARAM("com.sun.star.xml.security.bridge.xmlsec.SecurityEnvironment_NssImpl")) ;
}
//Helper for registry
Reference< XInterface > SAL_CALL SecurityEnvironment_NssImpl :: impl_createInstance( const Reference< XMultiServiceFactory >& aServiceManager ) throw( RuntimeException ) {
return Reference< XInterface >( *new SecurityEnvironment_NssImpl( aServiceManager ) ) ;
}
Reference< XSingleServiceFactory > SecurityEnvironment_NssImpl :: impl_createFactory( const Reference< XMultiServiceFactory >& aServiceManager ) {
return ::cppu::createSingleFactory( aServiceManager , impl_getImplementationName() , impl_createInstance , impl_getSupportedServiceNames() ) ;
}
/* XUnoTunnel */
sal_Int64 SAL_CALL SecurityEnvironment_NssImpl :: getSomething( const Sequence< sal_Int8 >& aIdentifier )
throw( RuntimeException )
{
if( aIdentifier.getLength() == 16 && 0 == rtl_compareMemory( getUnoTunnelId().getConstArray(), aIdentifier.getConstArray(), 16 ) ) {
return sal::static_int_cast<sal_Int64>(reinterpret_cast<sal_uIntPtr>(this));
}
return 0 ;
}
/* XUnoTunnel extension */
const Sequence< sal_Int8>& SecurityEnvironment_NssImpl :: getUnoTunnelId() {
static Sequence< sal_Int8 >* pSeq = 0 ;
if( !pSeq ) {
::osl::Guard< ::osl::Mutex > aGuard( ::osl::Mutex::getGlobalMutex() ) ;
if( !pSeq ) {
static Sequence< sal_Int8> aSeq( 16 ) ;
rtl_createUuid( ( sal_uInt8* )aSeq.getArray() , 0 , sal_True ) ;
pSeq = &aSeq ;
}
}
return *pSeq ;
}
/* XUnoTunnel extension */
SecurityEnvironment_NssImpl* SecurityEnvironment_NssImpl :: getImplementation( const Reference< XInterface > xObj ) {
Reference< XUnoTunnel > xUT( xObj , UNO_QUERY ) ;
if( xUT.is() ) {
return reinterpret_cast<SecurityEnvironment_NssImpl*>(
sal::static_int_cast<sal_uIntPtr>(xUT->getSomething( getUnoTunnelId() ))) ;
} else
return NULL ;
}
::rtl::OUString SecurityEnvironment_NssImpl::getSecurityEnvironmentInformation() throw( ::com::sun::star::uno::RuntimeException )
{
rtl::OUString result;
::rtl::OUStringBuffer buff;
for (CIT_SLOTS is = m_Slots.begin(); is != m_Slots.end(); is++)
{
buff.append(rtl::OUString::createFromAscii(PK11_GetTokenName(*is)));
buff.appendAscii("\n");
}
return buff.makeStringAndClear();
}
void SecurityEnvironment_NssImpl::addCryptoSlot( PK11SlotInfo* aSlot) throw( Exception , RuntimeException )
{
PK11_ReferenceSlot(aSlot);
m_Slots.push_back(aSlot);
}
CERTCertDBHandle* SecurityEnvironment_NssImpl :: getCertDb() throw( Exception , RuntimeException ) {
return m_pHandler ;
}
//Could we have multiple cert dbs?
void SecurityEnvironment_NssImpl :: setCertDb( CERTCertDBHandle* aCertDb ) throw( Exception , RuntimeException ) {
m_pHandler = aCertDb ;
}
void SecurityEnvironment_NssImpl :: adoptSymKey( PK11SymKey* aSymKey ) throw( Exception , RuntimeException ) {
PK11SymKey* symkey ;
std::list< PK11SymKey* >::iterator keyIt ;
if( aSymKey != NULL ) {
//First try to find the key in the list
for( keyIt = m_tSymKeyList.begin() ; keyIt != m_tSymKeyList.end() ; ++keyIt ) {
if( *keyIt == aSymKey )
return ;
}
//If we do not find the key in the list, add a new node
symkey = PK11_ReferenceSymKey( aSymKey ) ;
if( symkey == NULL )
throw RuntimeException() ;
try {
m_tSymKeyList.push_back( symkey ) ;
} catch ( Exception& ) {
PK11_FreeSymKey( symkey ) ;
}
}
}
void SecurityEnvironment_NssImpl :: rejectSymKey( PK11SymKey* aSymKey ) throw( Exception , RuntimeException ) {
PK11SymKey* symkey ;
std::list< PK11SymKey* >::iterator keyIt ;
if( aSymKey != NULL ) {
for( keyIt = m_tSymKeyList.begin() ; keyIt != m_tSymKeyList.end() ; ++keyIt ) {
if( *keyIt == aSymKey ) {
symkey = *keyIt ;
PK11_FreeSymKey( symkey ) ;
m_tSymKeyList.erase( keyIt ) ;
break ;
}
}
}
}
PK11SymKey* SecurityEnvironment_NssImpl :: getSymKey( unsigned int position ) throw( Exception , RuntimeException ) {
PK11SymKey* symkey ;
std::list< PK11SymKey* >::iterator keyIt ;
unsigned int pos ;
symkey = NULL ;
for( pos = 0, keyIt = m_tSymKeyList.begin() ; pos < position && keyIt != m_tSymKeyList.end() ; pos ++ , keyIt ++ ) ;
if( pos == position && keyIt != m_tSymKeyList.end() )
symkey = *keyIt ;
return symkey ;
}
void SecurityEnvironment_NssImpl :: adoptPubKey( SECKEYPublicKey* aPubKey ) throw( Exception , RuntimeException ) {
SECKEYPublicKey* pubkey ;
std::list< SECKEYPublicKey* >::iterator keyIt ;
if( aPubKey != NULL ) {
//First try to find the key in the list
for( keyIt = m_tPubKeyList.begin() ; keyIt != m_tPubKeyList.end() ; ++keyIt ) {
if( *keyIt == aPubKey )
return ;
}
//If we do not find the key in the list, add a new node
pubkey = SECKEY_CopyPublicKey( aPubKey ) ;
if( pubkey == NULL )
throw RuntimeException() ;
try {
m_tPubKeyList.push_back( pubkey ) ;
} catch ( Exception& ) {
SECKEY_DestroyPublicKey( pubkey ) ;
}
}
}
void SecurityEnvironment_NssImpl :: rejectPubKey( SECKEYPublicKey* aPubKey ) throw( Exception , RuntimeException ) {
SECKEYPublicKey* pubkey ;
std::list< SECKEYPublicKey* >::iterator keyIt ;
if( aPubKey != NULL ) {
for( keyIt = m_tPubKeyList.begin() ; keyIt != m_tPubKeyList.end() ; ++keyIt ) {
if( *keyIt == aPubKey ) {
pubkey = *keyIt ;
SECKEY_DestroyPublicKey( pubkey ) ;
m_tPubKeyList.erase( keyIt ) ;
break ;
}
}
}
}
SECKEYPublicKey* SecurityEnvironment_NssImpl :: getPubKey( unsigned int position ) throw( Exception , RuntimeException ) {
SECKEYPublicKey* pubkey ;
std::list< SECKEYPublicKey* >::iterator keyIt ;
unsigned int pos ;
pubkey = NULL ;
for( pos = 0, keyIt = m_tPubKeyList.begin() ; pos < position && keyIt != m_tPubKeyList.end() ; pos ++ , keyIt ++ ) ;
if( pos == position && keyIt != m_tPubKeyList.end() )
pubkey = *keyIt ;
return pubkey ;
}
void SecurityEnvironment_NssImpl :: adoptPriKey( SECKEYPrivateKey* aPriKey ) throw( Exception , RuntimeException ) {
SECKEYPrivateKey* prikey ;
std::list< SECKEYPrivateKey* >::iterator keyIt ;
if( aPriKey != NULL ) {
//First try to find the key in the list
for( keyIt = m_tPriKeyList.begin() ; keyIt != m_tPriKeyList.end() ; ++keyIt ) {
if( *keyIt == aPriKey )
return ;
}
//If we do not find the key in the list, add a new node
prikey = SECKEY_CopyPrivateKey( aPriKey ) ;
if( prikey == NULL )
throw RuntimeException() ;
try {
m_tPriKeyList.push_back( prikey ) ;
} catch ( Exception& ) {
SECKEY_DestroyPrivateKey( prikey ) ;
}
}
}
void SecurityEnvironment_NssImpl :: rejectPriKey( SECKEYPrivateKey* aPriKey ) throw( Exception , RuntimeException ) {
SECKEYPrivateKey* prikey ;
std::list< SECKEYPrivateKey* >::iterator keyIt ;
if( aPriKey != NULL ) {
for( keyIt = m_tPriKeyList.begin() ; keyIt != m_tPriKeyList.end() ; ++keyIt ) {
if( *keyIt == aPriKey ) {
prikey = *keyIt ;
SECKEY_DestroyPrivateKey( prikey ) ;
m_tPriKeyList.erase( keyIt ) ;
break ;
}
}
}
}
SECKEYPrivateKey* SecurityEnvironment_NssImpl :: getPriKey( unsigned int position ) throw( ::com::sun::star::uno::Exception , ::com::sun::star::uno::RuntimeException ) {
SECKEYPrivateKey* prikey ;
std::list< SECKEYPrivateKey* >::iterator keyIt ;
unsigned int pos ;
prikey = NULL ;
for( pos = 0, keyIt = m_tPriKeyList.begin() ; pos < position && keyIt != m_tPriKeyList.end() ; pos ++ , keyIt ++ ) ;
if( pos == position && keyIt != m_tPriKeyList.end() )
prikey = *keyIt ;
return prikey ;
}
void SecurityEnvironment_NssImpl::updateSlots()
{
//In case new tokens are present then we can obtain the corresponding slot
PK11SlotList * soltList = NULL;
PK11SlotListElement * soltEle = NULL;
PK11SlotInfo * pSlot = NULL;
PK11SymKey * pSymKey = NULL;
osl::MutexGuard guard(m_mutex);
m_Slots.clear();
m_tSymKeyList.clear();
soltList = PK11_GetAllTokens( CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, NULL ) ;
if( soltList != NULL )
{
for( soltEle = soltList->head ; soltEle != NULL; soltEle = soltEle->next )
{
pSlot = soltEle->slot ;
if(pSlot != NULL)
{
RTL_LOGFILE_TRACE2( "XMLSEC: Found a slot: SlotName=%s, TokenName=%s", PK11_GetSlotName(pSlot), PK11_GetTokenName(pSlot) );
//The following code which is commented out checks if a slot, that is a smart card for example, is
// able to generate a symmetric key of type CKM_DES3_CBC. If this fails then this token
// will not be used. This key is possibly used for the encryption service. However, all
// interfaces and services used for public key signature and encryption are not published
// and the encryption is not used in OOo. Therefore it does not do any harm to remove
// this code, hence allowing smart cards which cannot generate this type of key.
//
// By doing this, the encryption may fail if a smart card is being used which does not
// support this key generation.
//
pSymKey = PK11_KeyGen( pSlot , CKM_DES3_CBC, NULL, 128, NULL ) ;
// if( pSymKey == NULL )
// {
// PK11_FreeSlot( pSlot ) ;
// RTL_LOGFILE_TRACE( "XMLSEC: Error - pSymKey is NULL" );
// continue;
// }
addCryptoSlot(pSlot);
PK11_FreeSlot( pSlot ) ;
pSlot = NULL;
if (pSymKey != NULL)
{
adoptSymKey( pSymKey ) ;
PK11_FreeSymKey( pSymKey ) ;
pSymKey = NULL;
}
}// end of if(pSlot != NULL)
}// end of for
}// end of if( soltList != NULL )
}
Sequence< Reference < XCertificate > >
SecurityEnvironment_NssImpl::getPersonalCertificates() throw( SecurityException , RuntimeException )
{
sal_Int32 length ;
X509Certificate_NssImpl* xcert ;
std::list< X509Certificate_NssImpl* > certsList ;
updateSlots();
//firstly, we try to find private keys in slot
for (CIT_SLOTS is = m_Slots.begin(); is != m_Slots.end(); is++)
{
PK11SlotInfo *slot = *is;
SECKEYPrivateKeyList* priKeyList ;
SECKEYPrivateKeyListNode* curPri ;
if( PK11_NeedLogin(slot ) ) {
SECStatus nRet = PK11_Authenticate(slot, PR_TRUE, NULL);
//PK11_Authenticate may fail in case the a slot has not been initialized.
//this is the case if the user has a new profile, so that they have never
//added a personal certificate.
if( nRet != SECSuccess && PORT_GetError() != SEC_ERROR_IO) {
throw NoPasswordException();
}
}
priKeyList = PK11_ListPrivateKeysInSlot(slot) ;
if( priKeyList != NULL ) {
for( curPri = PRIVKEY_LIST_HEAD( priKeyList );
!PRIVKEY_LIST_END( curPri, priKeyList ) && curPri != NULL ;
curPri = PRIVKEY_LIST_NEXT( curPri ) ) {
xcert = NssPrivKeyToXCert( curPri->key ) ;
if( xcert != NULL )
certsList.push_back( xcert ) ;
}
}
SECKEY_DestroyPrivateKeyList( priKeyList ) ;
}
//secondly, we try to find certificate from registered private keys.
if( !m_tPriKeyList.empty() ) {
std::list< SECKEYPrivateKey* >::iterator priKeyIt ;
for( priKeyIt = m_tPriKeyList.begin() ; priKeyIt != m_tPriKeyList.end() ; ++priKeyIt ) {
xcert = NssPrivKeyToXCert( *priKeyIt ) ;
if( xcert != NULL )
certsList.push_back( xcert ) ;
}
}
length = certsList.size() ;
if( length != 0 ) {
int i ;
std::list< X509Certificate_NssImpl* >::iterator xcertIt ;
Sequence< Reference< XCertificate > > certSeq( length ) ;
for( i = 0, xcertIt = certsList.begin(); xcertIt != certsList.end(); ++xcertIt, ++i ) {
certSeq[i] = *xcertIt ;
}
return certSeq ;
}
return Sequence< Reference < XCertificate > > ();
}
Reference< XCertificate > SecurityEnvironment_NssImpl :: getCertificate( const OUString& issuerName, const Sequence< sal_Int8 >& serialNumber ) throw( SecurityException , RuntimeException )
{
X509Certificate_NssImpl* xcert = NULL;
if( m_pHandler != NULL ) {
CERTIssuerAndSN issuerAndSN ;
CERTCertificate* cert ;
CERTName* nmIssuer ;
char* chIssuer ;
SECItem* derIssuer ;
PRArenaPool* arena ;
arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE ) ;
if( arena == NULL )
throw RuntimeException() ;
// Create cert info from issue and serial
rtl::OString ostr = rtl::OUStringToOString( issuerName , RTL_TEXTENCODING_UTF8 ) ;
chIssuer = PL_strndup( ( char* )ostr.getStr(), ( int )ostr.getLength() ) ;
nmIssuer = CERT_AsciiToName( chIssuer ) ;
if( nmIssuer == NULL ) {
PL_strfree( chIssuer ) ;
PORT_FreeArena( arena, PR_FALSE ) ;
return NULL; // no need for exception cf. i40394
}
derIssuer = SEC_ASN1EncodeItem( arena, NULL, ( void* )nmIssuer, SEC_ASN1_GET( CERT_NameTemplate ) ) ;
if( derIssuer == NULL ) {
PL_strfree( chIssuer ) ;
CERT_DestroyName( nmIssuer ) ;
PORT_FreeArena( arena, PR_FALSE ) ;
throw RuntimeException() ;
}
memset( &issuerAndSN, 0, sizeof( issuerAndSN ) ) ;
issuerAndSN.derIssuer.data = derIssuer->data ;
issuerAndSN.derIssuer.len = derIssuer->len ;
issuerAndSN.serialNumber.data = ( unsigned char* )&serialNumber[0] ;
issuerAndSN.serialNumber.len = serialNumber.getLength() ;
cert = CERT_FindCertByIssuerAndSN( m_pHandler, &issuerAndSN ) ;
if( cert != NULL ) {
xcert = NssCertToXCert( cert ) ;
} else {
xcert = NULL ;
}
PL_strfree( chIssuer ) ;
CERT_DestroyName( nmIssuer ) ;
//SECITEM_FreeItem( derIssuer, PR_FALSE ) ;
CERT_DestroyCertificate( cert ) ;
PORT_FreeArena( arena, PR_FALSE ) ;
} else {
xcert = NULL ;
}
return xcert ;
}
Reference< XCertificate > SecurityEnvironment_NssImpl :: getCertificate( const OUString& issuerName, const OUString& serialNumber ) throw( SecurityException , RuntimeException ) {
Sequence< sal_Int8 > serial = numericStringToBigInteger( serialNumber ) ;
return getCertificate( issuerName, serial ) ;
}
Sequence< Reference < XCertificate > > SecurityEnvironment_NssImpl :: buildCertificatePath( const Reference< XCertificate >& begin ) throw( SecurityException , RuntimeException ) {
const X509Certificate_NssImpl* xcert ;
const CERTCertificate* cert ;
CERTCertList* certChain ;
Reference< XUnoTunnel > xCertTunnel( begin, UNO_QUERY ) ;
if( !xCertTunnel.is() ) {
throw RuntimeException() ;
}
xcert = reinterpret_cast<X509Certificate_NssImpl*>(
sal::static_int_cast<sal_uIntPtr>(xCertTunnel->getSomething( X509Certificate_NssImpl::getUnoTunnelId() ))) ;
if( xcert == NULL ) {
throw RuntimeException() ;
}
cert = xcert->getNssCert() ;
if( cert != NULL ) {
int64 timeboundary ;
//Get the system clock time
timeboundary = PR_Now() ;
certChain = CERT_GetCertChainFromCert( ( CERTCertificate* )cert, timeboundary, certUsageAnyCA ) ;
} else {
certChain = NULL ;
}
if( certChain != NULL ) {
X509Certificate_NssImpl* pCert ;
CERTCertListNode* node ;
int len ;
for( len = 0, node = CERT_LIST_HEAD( certChain ); !CERT_LIST_END( node, certChain ); node = CERT_LIST_NEXT( node ), len ++ ) ;
Sequence< Reference< XCertificate > > xCertChain( len ) ;
for( len = 0, node = CERT_LIST_HEAD( certChain ); !CERT_LIST_END( node, certChain ); node = CERT_LIST_NEXT( node ), len ++ ) {
pCert = new X509Certificate_NssImpl() ;
if( pCert == NULL ) {
CERT_DestroyCertList( certChain ) ;
throw RuntimeException() ;
}
pCert->setCert( node->cert ) ;
xCertChain[len] = pCert ;
}
CERT_DestroyCertList( certChain ) ;
return xCertChain ;
}
return Sequence< Reference < XCertificate > >();
}
Reference< XCertificate > SecurityEnvironment_NssImpl :: createCertificateFromRaw( const Sequence< sal_Int8 >& rawCertificate ) throw( SecurityException , RuntimeException ) {
X509Certificate_NssImpl* xcert ;
if( rawCertificate.getLength() > 0 ) {
xcert = new X509Certificate_NssImpl() ;
if( xcert == NULL )
throw RuntimeException() ;
xcert->setRawCert( rawCertificate ) ;
} else {
xcert = NULL ;
}
return xcert ;
}
Reference< XCertificate > SecurityEnvironment_NssImpl :: createCertificateFromAscii( const OUString& asciiCertificate ) throw( SecurityException , RuntimeException ) {
xmlChar* chCert ;
xmlSecSize certSize ;
rtl::OString oscert = rtl::OUStringToOString( asciiCertificate , RTL_TEXTENCODING_ASCII_US ) ;
chCert = xmlStrndup( ( const xmlChar* )oscert.getStr(), ( int )oscert.getLength() ) ;
certSize = xmlSecBase64Decode( chCert, ( xmlSecByte* )chCert, xmlStrlen( chCert ) ) ;
Sequence< sal_Int8 > rawCert( certSize ) ;
for( unsigned int i = 0 ; i < certSize ; i ++ )
rawCert[i] = *( chCert + i ) ;
xmlFree( chCert ) ;
return createCertificateFromRaw( rawCert ) ;
}
sal_Int32 SecurityEnvironment_NssImpl ::
verifyCertificate( const Reference< csss::XCertificate >& aCert,
const Sequence< Reference< csss::XCertificate > >& intermediateCerts )
throw( ::com::sun::star::uno::SecurityException, ::com::sun::star::uno::RuntimeException )
{
sal_Int32 validity = csss::CertificateValidity::INVALID;
const X509Certificate_NssImpl* xcert ;
const CERTCertificate* cert ;
::std::vector<CERTCertificate*> vecTmpNSSCertificates;
Reference< XUnoTunnel > xCertTunnel( aCert, UNO_QUERY ) ;
if( !xCertTunnel.is() ) {
throw RuntimeException() ;
}
xmlsec_trace("Start verification of certificate: \n %s \n",
OUStringToOString(
aCert->getSubjectName(), osl_getThreadTextEncoding()).getStr());
xcert = reinterpret_cast<X509Certificate_NssImpl*>(
sal::static_int_cast<sal_uIntPtr>(xCertTunnel->getSomething( X509Certificate_NssImpl::getUnoTunnelId() ))) ;
if( xcert == NULL ) {
throw RuntimeException() ;
}
//CERT_PKIXVerifyCert does not take a db as argument. It will therefore
//internally use CERT_GetDefaultCertDB
//Make sure m_pHandler is the default DB
OSL_ASSERT(m_pHandler == CERT_GetDefaultCertDB());
CERTCertDBHandle * certDb = m_pHandler != NULL ? m_pHandler : CERT_GetDefaultCertDB();
cert = xcert->getNssCert() ;
if( cert != NULL )
{
//prepare the intermediate certificates
for (sal_Int32 i = 0; i < intermediateCerts.getLength(); i++)
{
Sequence<sal_Int8> der = intermediateCerts[i]->getEncoded();
SECItem item;
item.type = siBuffer;
item.data = (unsigned char*)der.getArray();
item.len = der.getLength();
CERTCertificate* certTmp = CERT_NewTempCertificate(certDb, &item,
NULL /* nickname */,
PR_FALSE /* isPerm */,
PR_TRUE /* copyDER */);
if (!certTmp)
{
xmlsec_trace("Failed to add a temporary certificate: %s",
OUStringToOString(intermediateCerts[i]->getIssuerName(),
osl_getThreadTextEncoding()).getStr());
}
else
{
xmlsec_trace("Added temporary certificate: %s",
certTmp->subjectName ? certTmp->subjectName : "");
vecTmpNSSCertificates.push_back(certTmp);
}
}
SECStatus status ;
CERTVerifyLog log;
log.arena = PORT_NewArena(512);
log.head = log.tail = NULL;
log.count = 0;
CERT_EnableOCSPChecking(certDb);
CERT_DisableOCSPDefaultResponder(certDb);
CERTValOutParam cvout[5];
CERTValInParam cvin[3];
int ncvinCount=0;
#if ( NSS_VMAJOR > 3 ) || ( NSS_VMAJOR == 3 && NSS_VMINOR > 12 ) || ( NSS_VMAJOR == 3 && NSS_VMINOR == 12 && NSS_VPATCH > 0 )
cvin[ncvinCount].type = cert_pi_useAIACertFetch;
cvin[ncvinCount].value.scalar.b = PR_TRUE;
ncvinCount++;
#endif
PRUint64 revFlagsLeaf[2];
PRUint64 revFlagsChain[2];
CERTRevocationFlags rev;
rev.leafTests.number_of_defined_methods = 2;
rev.leafTests.cert_rev_flags_per_method = revFlagsLeaf;
//the flags are defined in cert.h
//We check both leaf and chain.
//It is enough if one revocation method has fresh info,
//but at least one must have some. Otherwise validation fails.
//!!! using leaf test and CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE
// when validating a root certificate will result in "revoked". Usually
//there is no revocation information available for the root cert because
//it must be trusted anyway and it does itself issue revocation information.
//When we use the flag here and OOo shows the certification path then the root
//cert is invalid while all other can be valid. It would probably best if
//this interface method returned the whole chain.
//Otherwise we need to check if the certificate is self-signed and if it is
//then not use the flag when doing the leaf-test.
rev.leafTests.cert_rev_flags_per_method[cert_revocation_method_crl] =
CERT_REV_M_TEST_USING_THIS_METHOD
| CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE;
rev.leafTests.cert_rev_flags_per_method[cert_revocation_method_ocsp] =
CERT_REV_M_TEST_USING_THIS_METHOD
| CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE;
rev.leafTests.number_of_preferred_methods = 0;
rev.leafTests.preferred_methods = NULL;
rev.leafTests.cert_rev_method_independent_flags =
CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST;
rev.chainTests.number_of_defined_methods = 2;
rev.chainTests.cert_rev_flags_per_method = revFlagsChain;
rev.chainTests.cert_rev_flags_per_method[cert_revocation_method_crl] =
CERT_REV_M_TEST_USING_THIS_METHOD
| CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE;
rev.chainTests.cert_rev_flags_per_method[cert_revocation_method_ocsp] =
CERT_REV_M_TEST_USING_THIS_METHOD
| CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE;
rev.chainTests.number_of_preferred_methods = 0;
rev.chainTests.preferred_methods = NULL;
rev.chainTests.cert_rev_method_independent_flags =
CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST;
cvin[ncvinCount].type = cert_pi_revocationFlags;
cvin[ncvinCount].value.pointer.revocation = &rev;
ncvinCount++;
// does not work, not implemented yet in 3.12.4
// cvin[ncvinCount].type = cert_pi_keyusage;
// cvin[ncvinCount].value.scalar.ui = KU_DIGITAL_SIGNATURE;
// ncvinCount++;
cvin[ncvinCount].type = cert_pi_end;
cvout[0].type = cert_po_trustAnchor;
cvout[0].value.pointer.cert = NULL;
cvout[1].type = cert_po_errorLog;
cvout[1].value.pointer.log = &log;
cvout[2].type = cert_po_end;
// We check SSL server certificates, CA certificates and signing sertificates.
//
// ToDo check keyusage, looking at CERT_KeyUsageAndTypeForCertUsage (
// mozilla/security/nss/lib/certdb/certdb.c indicates that
// certificateUsageSSLClient, certificateUsageSSLServer and certificateUsageSSLCA
// are sufficient. They cover the key usages for digital signature, key agreement
// and encipherment and certificate signature
//never use the following usages because they are not checked properly
// certificateUsageUserCertImport
// certificateUsageVerifyCA
// certificateUsageAnyCA
// certificateUsageProtectedObjectSigner
UsageDescription arUsages[] =
{
{certificateUsageSSLClient, "certificateUsageSSLClient" },
{certificateUsageSSLServer, "certificateUsageSSLServer" },
{certificateUsageSSLCA, "certificateUsageSSLCA" },
{certificateUsageEmailSigner, "certificateUsageEmailSigner"}, //only usable for end certs
{certificateUsageEmailRecipient, "certificateUsageEmailRecipient"}
};
int numUsages = SAL_N_ELEMENTS(arUsages);
for (int i = 0; i < numUsages; i++)
{
xmlsec_trace("Testing usage %d of %d: %s (0x%x)", i + 1,
numUsages, arUsages[i].description, (int) arUsages[i].usage);
status = CERT_PKIXVerifyCert(const_cast<CERTCertificate *>(cert), arUsages[i].usage,
cvin, cvout, NULL);
if( status == SECSuccess )
{
xmlsec_trace("CERT_PKIXVerifyCert returned SECSuccess.");
//When an intermediate or root certificate is checked then we expect the usage
//certificateUsageSSLCA. This, however, will be only set when in the trust settings dialog
//the button "This certificate can identify websites" is checked. If for example only
//"This certificate can identify mail users" is set then the end certificate can
//be validated and the returned usage will conain certificateUsageEmailRecipient.
//But checking directly the root or intermediate certificate will fail. In the
//certificate path view the end certificate will be shown as valid but the others
//will be displayed as invalid.
validity = csss::CertificateValidity::VALID;
xmlsec_trace("Certificate is valid.\n");
CERTCertificate * issuerCert = cvout[0].value.pointer.cert;
if (issuerCert)
{
xmlsec_trace("Root certificate: %s", issuerCert->subjectName);
CERT_DestroyCertificate(issuerCert);
};
break;
}
else
{
PRIntn err = PR_GetError();
xmlsec_trace("Error: , %d = %s", err, getCertError(err));
/* Display validation results */
if ( log.count > 0)
{
CERTVerifyLogNode *node = NULL;
printChainFailure(&log);
for (node = log.head; node; node = node->next) {
if (node->cert)
CERT_DestroyCertificate(node->cert);
}
log.head = log.tail = NULL;
log.count = 0;
}
xmlsec_trace("Certificate is invalid.\n");
}
}
}
else
{
validity = ::com::sun::star::security::CertificateValidity::INVALID ;
}
//Destroying the temporary certificates
std::vector<CERTCertificate*>::const_iterator cert_i;
for (cert_i = vecTmpNSSCertificates.begin(); cert_i != vecTmpNSSCertificates.end(); ++cert_i)
{
xmlsec_trace("Destroying temporary certificate");
CERT_DestroyCertificate(*cert_i);
}
return validity ;
}
sal_Int32 SecurityEnvironment_NssImpl::getCertificateCharacters(
const ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificate >& aCert ) throw( ::com::sun::star::uno::SecurityException, ::com::sun::star::uno::RuntimeException ) {
sal_Int32 characters ;
const X509Certificate_NssImpl* xcert ;
const CERTCertificate* cert ;
Reference< XUnoTunnel > xCertTunnel( aCert, UNO_QUERY ) ;
if( !xCertTunnel.is() ) {
throw RuntimeException() ;
}
xcert = reinterpret_cast<X509Certificate_NssImpl*>(
sal::static_int_cast<sal_uIntPtr>(xCertTunnel->getSomething( X509Certificate_NssImpl::getUnoTunnelId() ))) ;
if( xcert == NULL ) {
throw RuntimeException() ;
}
cert = xcert->getNssCert() ;
characters = 0x00000000 ;
//Firstly, find out whether or not the cert is self-signed.
if( SECITEM_CompareItem( &(cert->derIssuer), &(cert->derSubject) ) == SECEqual ) {
characters |= ::com::sun::star::security::CertificateCharacters::SELF_SIGNED ;
} else {
characters &= ~ ::com::sun::star::security::CertificateCharacters::SELF_SIGNED ;
}
//Secondly, find out whether or not the cert has a private key.
/*
* i40394
*
* mmi : need to check whether the cert's slot is valid first
*/
SECKEYPrivateKey* priKey = NULL;
if (cert->slot != NULL)
{
priKey = PK11_FindPrivateKeyFromCert( cert->slot, ( CERTCertificate* )cert, NULL ) ;
}
if(priKey == NULL)
{
for (CIT_SLOTS is = m_Slots.begin(); is != m_Slots.end(); is++)
{
priKey = PK11_FindPrivateKeyFromCert(*is, (CERTCertificate*)cert, NULL);
if (priKey)
break;
}
}
if( priKey != NULL ) {
characters |= ::com::sun::star::security::CertificateCharacters::HAS_PRIVATE_KEY ;
SECKEY_DestroyPrivateKey( priKey ) ;
} else {
characters &= ~ ::com::sun::star::security::CertificateCharacters::HAS_PRIVATE_KEY ;
}
return characters ;
}
X509Certificate_NssImpl* NssCertToXCert( CERTCertificate* cert )
{
X509Certificate_NssImpl* xcert ;
if( cert != NULL ) {
xcert = new X509Certificate_NssImpl() ;
if( xcert == NULL ) {
xcert = NULL ;
} else {
xcert->setCert( cert ) ;
}
} else {
xcert = NULL ;
}
return xcert ;
}
X509Certificate_NssImpl* NssPrivKeyToXCert( SECKEYPrivateKey* priKey )
{
CERTCertificate* cert ;
X509Certificate_NssImpl* xcert ;
if( priKey != NULL ) {
cert = PK11_GetCertFromPrivateKey( priKey ) ;
if( cert != NULL ) {
xcert = NssCertToXCert( cert ) ;
} else {
xcert = NULL ;
}
CERT_DestroyCertificate( cert ) ;
} else {
xcert = NULL ;
}
return xcert ;
}
/* Native methods */
xmlSecKeysMngrPtr SecurityEnvironment_NssImpl::createKeysManager() throw( Exception, RuntimeException ) {
unsigned int i ;
CERTCertDBHandle* handler = NULL ;
PK11SymKey* symKey = NULL ;
SECKEYPublicKey* pubKey = NULL ;
SECKEYPrivateKey* priKey = NULL ;
xmlSecKeysMngrPtr pKeysMngr = NULL ;
handler = this->getCertDb() ;
/*-
* The following lines is based on the private version of xmlSec-NSS
* crypto engine
*/
int cSlots = m_Slots.size();
boost::scoped_array<PK11SlotInfo*> sarSlots(new PK11SlotInfo*[cSlots]);
PK11SlotInfo** slots = sarSlots.get();
int count = 0;
for (CIT_SLOTS islots = m_Slots.begin();islots != m_Slots.end(); islots++, count++)
slots[count] = *islots;
pKeysMngr = xmlSecNssAppliedKeysMngrCreate(slots, cSlots, handler ) ;
if( pKeysMngr == NULL )
throw RuntimeException() ;
/*-
* Adopt symmetric key into keys manager
*/
for( i = 0 ; ( symKey = this->getSymKey( i ) ) != NULL ; i ++ ) {
if( xmlSecNssAppliedKeysMngrSymKeyLoad( pKeysMngr, symKey ) < 0 ) {
throw RuntimeException() ;
}
}
/*-
* Adopt asymmetric public key into keys manager
*/
for( i = 0 ; ( pubKey = this->getPubKey( i ) ) != NULL ; i ++ ) {
if( xmlSecNssAppliedKeysMngrPubKeyLoad( pKeysMngr, pubKey ) < 0 ) {
throw RuntimeException() ;
}
}
/*-
* Adopt asymmetric private key into keys manager
*/
for( i = 0 ; ( priKey = this->getPriKey( i ) ) != NULL ; i ++ ) {
if( xmlSecNssAppliedKeysMngrPriKeyLoad( pKeysMngr, priKey ) < 0 ) {
throw RuntimeException() ;
}
}
return pKeysMngr ;
}
void SecurityEnvironment_NssImpl::destroyKeysManager(xmlSecKeysMngrPtr pKeysMngr) throw( Exception, RuntimeException ) {
if( pKeysMngr != NULL ) {
xmlSecKeysMngrDestroy( pKeysMngr ) ;
}
}
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
Reference in New Issue View Git Blame Copy Permalink