diff options
author | Tomaž Vajngerl <tomaz.vajngerl@collabora.co.uk> | 2018-10-24 10:56:15 +0200 |
---|---|---|
committer | Miklos Vajna <vmiklos@collabora.co.uk> | 2018-11-08 15:18:52 +0100 |
commit | 7cfec914bb86c300e901f0fd0877af95a8d082c7 (patch) | |
tree | 04f61381153b22f2291e23465dc7a4753152e984 | |
parent | 81400dcc0a062227021485dd994561dcfb454f9b (diff) |
lok: new function to add certificate to certificate DB
Also needed to extend XCertificateCreator with a new method
"addDERCertificateToTheDatabase".
Reviewed-on: https://gerrit.libreoffice.org/62273
Tested-by: Jenkins
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
(cherry picked from commit 08c3c504644ee978c2ec75ba083765b6ffddf08c)
Conflicts:
desktop/qa/desktop_lib/test_desktop_lib.cxx
xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
Change-Id: I7b4df65365893bd5a0628aeec30b3156584849fe
-rw-r--r-- | desktop/qa/desktop_lib/test_desktop_lib.cxx | 6 | ||||
-rw-r--r-- | desktop/source/lib/init.cxx | 52 | ||||
-rw-r--r-- | include/LibreOfficeKit/LibreOfficeKit.h | 5 | ||||
-rw-r--r-- | include/LibreOfficeKit/LibreOfficeKit.hxx | 15 | ||||
-rw-r--r-- | offapi/com/sun/star/xml/crypto/XCertificateCreator.idl | 9 | ||||
-rw-r--r-- | xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx | 7 | ||||
-rw-r--r-- | xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx | 4 |
7 files changed, 92 insertions, 6 deletions
diff --git a/desktop/qa/desktop_lib/test_desktop_lib.cxx b/desktop/qa/desktop_lib/test_desktop_lib.cxx index f8cab66a0aee..31e79b4590b1 100644 --- a/desktop/qa/desktop_lib/test_desktop_lib.cxx +++ b/desktop/qa/desktop_lib/test_desktop_lib.cxx @@ -2357,11 +2357,11 @@ void DesktopLOKTest::testABI() CPPUNIT_ASSERT_EQUAL(documentClassOffset(41), offsetof(struct _LibreOfficeKitDocumentClass, getPartInfo)); CPPUNIT_ASSERT_EQUAL(documentClassOffset(42), offsetof(struct _LibreOfficeKitDocumentClass, paintWindowDPI)); CPPUNIT_ASSERT_EQUAL(documentClassOffset(43), offsetof(struct _LibreOfficeKitDocumentClass, insertCertificate)); - CPPUNIT_ASSERT_EQUAL(documentClassOffset(44), offsetof(struct _LibreOfficeKitDocumentClass, getSignatureState)); - + CPPUNIT_ASSERT_EQUAL(documentClassOffset(44), offsetof(struct _LibreOfficeKitDocumentClass, addCertificate)); + CPPUNIT_ASSERT_EQUAL(documentClassOffset(45), offsetof(struct _LibreOfficeKitDocumentClass, getSignatureState)); // Extending is fine, update this, and add new assert for the offsetof the // new method - CPPUNIT_ASSERT_EQUAL(documentClassOffset(45), sizeof(struct _LibreOfficeKitDocumentClass)); + CPPUNIT_ASSERT_EQUAL(documentClassOffset(46), sizeof(struct _LibreOfficeKitDocumentClass)); } CPPUNIT_TEST_SUITE_REGISTRATION(DesktopLOKTest); diff --git a/desktop/source/lib/init.cxx b/desktop/source/lib/init.cxx index 56e2bcfec907..e90fb96f3c0c 100644 --- a/desktop/source/lib/init.cxx +++ b/desktop/source/lib/init.cxx @@ -701,6 +701,10 @@ static bool doc_insertCertificate(LibreOfficeKitDocument* pThis, const unsigned char* pPrivateKeyBinary, const int nPrivateKeyBinarySize); +static bool doc_addCertificate(LibreOfficeKitDocument* pThis, + const unsigned char* pCertificateBinary, + const int nCertificateBinarySize); + static int doc_getSignatureState(LibreOfficeKitDocument* pThis); LibLODocument_Impl::LibLODocument_Impl(const uno::Reference <css::lang::XComponent> &xComponent) @@ -762,6 +766,7 @@ LibLODocument_Impl::LibLODocument_Impl(const uno::Reference <css::lang::XCompone m_pDocumentClass->getPartInfo = doc_getPartInfo; m_pDocumentClass->insertCertificate = doc_insertCertificate; + m_pDocumentClass->addCertificate = doc_addCertificate; m_pDocumentClass->getSignatureState = doc_getSignatureState; gDocumentClass = m_pDocumentClass; @@ -3736,6 +3741,53 @@ static bool doc_insertCertificate(LibreOfficeKitDocument* pThis, return pObjectShell->SignDocumentContentUsingCertificate(xCertificate); } +static bool doc_addCertificate(LibreOfficeKitDocument* pThis, + const unsigned char* pCertificateBinary, const int nCertificateBinarySize) +{ + if (!xContext.is()) + return false; + + LibLODocument_Impl* pDocument = static_cast<LibLODocument_Impl*>(pThis); + + if (!pDocument->mxComponent.is()) + return false; + + SfxBaseModel* pBaseModel = dynamic_cast<SfxBaseModel*>(pDocument->mxComponent.get()); + if (!pBaseModel) + return false; + + SfxObjectShell* pObjectShell = pBaseModel->GetObjectShell(); + + if (!pObjectShell) + return false; + + uno::Reference<xml::crypto::XSEInitializer> xSEInitializer = xml::crypto::SEInitializer::create(xContext); + uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext; + xSecurityContext = xSEInitializer->createSecurityContext(OUString()); + if (!xSecurityContext.is()) + return false; + + uno::Reference<xml::crypto::XSecurityEnvironment> xSecurityEnvironment; + xSecurityEnvironment = xSecurityContext->getSecurityEnvironment(); + uno::Reference<xml::crypto::XCertificateCreator> xCertificateCreator(xSecurityEnvironment, uno::UNO_QUERY); + + if (!xCertificateCreator.is()) + return false; + + uno::Sequence<sal_Int8> aCertificateSequence(nCertificateBinarySize); + std::copy(pCertificateBinary, pCertificateBinary + nCertificateBinarySize, aCertificateSequence.begin()); + + uno::Reference<security::XCertificate> xCertificate; + xCertificate = xCertificateCreator->addDERCertificateToTheDatabase(aCertificateSequence, "TCu,Cu,Tu"); + + if (!xCertificate.is()) + return false; + + SAL_INFO("lok", "Certificate Added = IssuerName: " << xCertificate->getIssuerName() << " SubjectName: " << xCertificate->getSubjectName()); + + return true; +} + static int doc_getSignatureState(LibreOfficeKitDocument* pThis) { LibLODocument_Impl* pDocument = static_cast<LibLODocument_Impl*>(pThis); diff --git a/include/LibreOfficeKit/LibreOfficeKit.h b/include/LibreOfficeKit/LibreOfficeKit.h index 8a4c6d4ad659..eecadf745b97 100644 --- a/include/LibreOfficeKit/LibreOfficeKit.h +++ b/include/LibreOfficeKit/LibreOfficeKit.h @@ -327,6 +327,11 @@ struct _LibreOfficeKitDocumentClass const unsigned char* pPrivateKeyBinary, const int nPrivateKeyBinarySize); + /// @see lok::Document::addCertificate(). + bool (*addCertificate) (LibreOfficeKitDocument* pThis, + const unsigned char* pCertificateBinary, + const int nCertificateBinarySize); + /// @see lok::Document::getSignatureState(). int (*getSignatureState) (LibreOfficeKitDocument* pThis); diff --git a/include/LibreOfficeKit/LibreOfficeKit.hxx b/include/LibreOfficeKit/LibreOfficeKit.hxx index f72badaae851..10d3a24a4711 100644 --- a/include/LibreOfficeKit/LibreOfficeKit.hxx +++ b/include/LibreOfficeKit/LibreOfficeKit.hxx @@ -565,12 +565,23 @@ public: const unsigned char* pPrivateKeyBinary, const int nPrivateKeyBinarySize) { - return mpDoc->pClass->insertCertificate(mpDoc, - pCertificateBinary, pCertificateBinarySize, + return mpDoc->pClass->insertCertificate(mpDoc, + pCertificateBinary, pCertificateBinarySize, pPrivateKeyBinary, nPrivateKeyBinarySize); } /** + * Add the certificate (in binary form) to the certificate store. + * + */ + bool addCertificate(const unsigned char* pCertificateBinary, + const int pCertificateBinarySize) + { + return mpDoc->pClass->addCertificate(mpDoc, + pCertificateBinary, pCertificateBinarySize); + } + + /** * Verify signature of the document. * * Check possible values in include/sfx2/signaturestate.hxx diff --git a/offapi/com/sun/star/xml/crypto/XCertificateCreator.idl b/offapi/com/sun/star/xml/crypto/XCertificateCreator.idl index 6d920b37715c..3137aa00474b 100644 --- a/offapi/com/sun/star/xml/crypto/XCertificateCreator.idl +++ b/offapi/com/sun/star/xml/crypto/XCertificateCreator.idl @@ -27,13 +27,20 @@ module com { module sun { module star { module xml { module crypto { /** - * Interface for creating certificates + * Interface for creating and adding certificates * * @since LibreOffice 6.2 */ interface XCertificateCreator : com::sun::star::uno::XInterface { /** + * Adds a certificate to the certificate database with the trust provided by the trust string. + */ + com::sun::star::security::XCertificate addDERCertificateToTheDatabase( + [in] sequence<byte> aDerCertificate, + [in] string aTrustString); + + /** * Create certificate from raw DER encoded certificate and associate the private key with the certificate */ com::sun::star::security::XCertificate createDERCertificateWithPrivateKey( diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx index a6905b96079f..aa711d876b8f 100644 --- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx @@ -1038,4 +1038,11 @@ uno::Reference<security::XCertificate> SecurityEnvironment_NssImpl::createDERCer return pX509Certificate; } +uno::Reference<security::XCertificate> SecurityEnvironment_NssImpl::addDERCertificateToTheDatabase( + uno::Sequence<sal_Int8> const & raDERCertificate, OUString const & raTrustString) +{ + X509Certificate_NssImpl* pX509Certificate = createAndAddCertificateFromPackage(raDERCertificate, raTrustString); + return pX509Certificate; +} + /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx index 94dad6235767..2ffd4d6f2173 100644 --- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx +++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx @@ -142,6 +142,10 @@ private: virtual css::uno::Reference< css::security::XCertificate > SAL_CALL createCertificateFromAscii( const OUString& asciiCertificate ) override ; // Methods of XCertificateCreator + css::uno::Reference<css::security::XCertificate> SAL_CALL addDERCertificateToTheDatabase( + css::uno::Sequence<sal_Int8> const & raDERCertificate, + OUString const & raTrustString) override; + css::uno::Reference<css::security::XCertificate> SAL_CALL createDERCertificateWithPrivateKey( css::uno::Sequence<sal_Int8> const & raDERCertificate, css::uno::Sequence<sal_Int8> const & raPrivateKey) override; |