tkr38: #i112307# Support for x509 v3 Subject Alternative Name extension added

4 files changed, 502 insertions, 0 deletions

diff --git a/xmlsecurity/qa/certext/SanCertExt.cxx b/xmlsecurity/qa/certext/SanCertExt.cxx
new file mode 100644
index 000000000000..6110f0f7645e
--- /dev/null
+++ b/xmlsecurity/qa/certext/SanCertExt.cxx
@@ -0,0 +1,227 @@
+/*************************************************************************
+*
+* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+*
+* Copyright 2000, 2010 Oracle and/or its affiliates.
+*
+* OpenOffice.org - a multi-platform office productivity suite
+*
+* This file is part of OpenOffice.org.
+*
+* OpenOffice.org is free software: you can redistribute it and/or modify
+* it under the terms of the GNU Lesser General Public License version 3
+* only, as published by the Free Software Foundation.
+*
+* OpenOffice.org is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU Lesser General Public License version 3 for more details
+* (a copy is included in the LICENSE file that accompanied this code).
+*
+* You should have received a copy of the GNU Lesser General Public License
+* version 3 along with OpenOffice.org.  If not, see
+* <http://www.openoffice.org/license.html>
+* for a copy of the LGPLv3 License.
+*
+************************************************************************/
+
+#include "precompiled_xmlsecurity.hxx"
+#include "sal/config.h"
+
+#include "../../source/xmlsec/mscrypt/securityenvironment_mscryptimpl.hxx"
+#include <com/sun/star/security/XSanExtension.hpp>
+#include <com/sun/star/security/ExtAltNameType.hpp>
+#include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp>
+#include <com/sun/star/xml/crypto/XXMLSecurityContext.hpp>
+#include <com/sun/star/security/XCertificate.hpp>
+#include <com/sun/star/lang/XMultiServiceFactory.hpp>
+#include <com/sun/star/beans/NamedValue.hpp>
+
+#include "cppuhelper/bootstrap.hxx"
+#include "cppunit/TestAssert.h"
+#include "cppunit/TestFixture.h"
+#include "cppunit/extensions/HelperMacros.h"
+#include "cppunit/plugin/TestPlugIn.h"
+#include "sal/types.h"
+#include "comphelper/sequence.hxx"
+#include <rtl/ustring.hxx>
+
+#include <neon/ne_ssl.h>
+
+using namespace com::sun::star;
+using ::com::sun::star::lang::XMultiServiceFactory;
+
+#define OID_SUBJECT_ALTERNATIVE_NAME "2.5.29.17"
+
+namespace {
+
+class Test: public CppUnit::TestFixture {
+
+private:
+
+    static uno::Sequence< security::CertAltNameEntry > altNames;
+
+    void init(){
+        if (altNames.getLength() == 0){
+            cppu::defaultBootstrap_InitialComponentContext();
+            ne_ssl_certificate* cert = ne_ssl_cert_read("User_35_Root_11.crt");
+            char* certExportB64 = ne_ssl_cert_export(cert);
+
+            uno::Reference< xml::crypto::XSecurityEnvironment > xSecurityEnv( new SecurityEnvironment_MSCryptImpl( uno::Reference< XMultiServiceFactory >() ) );
+
+            uno::Reference< security::XCertificate > xCert = xSecurityEnv->createCertificateFromAscii(
+                rtl::OStringToOUString( certExportB64, RTL_TEXTENCODING_ASCII_US ) );
+
+            uno::Sequence< uno::Reference< security::XCertificateExtension > > extensions = xCert->getExtensions();
+            for (sal_Int32 i = 0 ; i < extensions.getLength(); i++)
+            {
+                uno::Reference< security::XCertificateExtension >element = extensions[i];
+
+                rtl::OString aId ( (const sal_Char *)element->getExtensionId().getArray(), element->getExtensionId().getLength());
+                if (aId.equals(OID_SUBJECT_ALTERNATIVE_NAME))
+                {
+                   uno::Reference< security::XSanExtension > sanExtension ( element, uno::UNO_QUERY );
+                   altNames = sanExtension->getAlternativeNames();
+                   break;
+                }
+            }
+        }
+
+    }
+
+public:
+    void test_Others() {
+        init();
+        for(int n = 1; n < altNames.getLength(); n++)
+        {
+            if (altNames[n].Type ==  security::ExtAltNameType_OTHER_NAME)
+            {
+                ::com::sun::star::beans::NamedValue otherNameProp;
+                if (altNames[n].Value >>= otherNameProp)
+                {
+                    //Name
+                    CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("1.2.3.4"), otherNameProp.Name);
+
+                    //Value
+                    uno::Sequence< sal_Int8 > ipAddress;
+                    otherNameProp.Value >>= ipAddress;
+                    CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( ipAddress.getLength() > 0 ) );
+                }
+            }
+        }
+    }
+
+    void test_RFC822() {
+        init();
+        for(int n = 1; n < altNames.getLength(); n++)
+        {
+            if (altNames[n].Type ==  security::ExtAltNameType_RFC822_NAME)
+            {
+                rtl::OUString value;
+                altNames[n].Value >>= value;
+                //Value
+                CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("my@other.address"), value);
+            }
+        }
+    }
+
+    void test_DNS() {
+        init();
+        for(int n = 1; n < altNames.getLength(); n++)
+        {
+            if (altNames[n].Type ==  security::ExtAltNameType_DNS_NAME)
+            {
+                rtl::OUString value;
+                altNames[n].Value >>= value;
+                //Value
+                CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("alt.openoffice.org"), value);
+            }
+        }
+    }
+
+    void test_Direcory() {
+        init();
+        for(int n = 1; n < altNames.getLength(); n++)
+        {
+            if (altNames[n].Type ==  security::ExtAltNameType_DIRECTORY_NAME)
+            {
+                uno::Sequence< sal_Int8 > value;
+                altNames[n].Value >>= value;
+                //Value
+                CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( value.getLength() > 0 ) );
+            }
+        }
+    }
+
+    void test_URI() {
+        init();
+        for(int n = 1; n < altNames.getLength(); n++)
+        {
+            if (altNames[n].Type ==  security::ExtAltNameType_URL)
+            {
+                rtl::OUString value;
+                altNames[n].Value >>= value;
+                //Value
+                CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("http://my.url.here/"), value);
+            }
+        }
+    }
+
+    void test_IP() {
+        init();
+        for(int n = 1; n < altNames.getLength(); n++)
+        {
+            if (altNames[n].Type ==  security::ExtAltNameType_IP_ADDRESS)
+            {
+                uno::Sequence< sal_Int8 > ipAddress;
+                altNames[n].Value >>= ipAddress;
+                //Value
+                CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( ipAddress.getLength() > 0 ) );
+            }
+        }
+
+    }
+
+    void test_RID() {
+        init();
+        for(int n = 1; n < altNames.getLength(); n++)
+        {
+            if (altNames[n].Type ==  security::ExtAltNameType_REGISTERED_ID)
+            {
+                rtl::OUString value;
+                altNames[n].Value >>= value;
+                //Value
+                CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("1.2.3.4"), value);
+            }
+        }
+
+    }
+
+    void test_EDI() {
+        // Not implemented
+    }
+
+    void test_X400() {
+        // Not implemented
+    }
+
+    CPPUNIT_TEST_SUITE(Test);
+    CPPUNIT_TEST(test_Others);
+    CPPUNIT_TEST(test_RFC822);
+    CPPUNIT_TEST(test_DNS);
+    CPPUNIT_TEST(test_Direcory);
+    CPPUNIT_TEST(test_URI);
+    CPPUNIT_TEST(test_IP);
+    CPPUNIT_TEST(test_RID);
+    CPPUNIT_TEST(test_EDI);
+    CPPUNIT_TEST(test_X400);
+    CPPUNIT_TEST_SUITE_END();
+};
+
+uno::Sequence< security::CertAltNameEntry > Test::altNames;
+
+CPPUNIT_TEST_SUITE_REGISTRATION(Test);
+
+}
+
+CPPUNIT_PLUGIN_IMPLEMENT();
diff --git a/xmlsecurity/qa/certext/User_35_Root_11.crt b/xmlsecurity/qa/certext/User_35_Root_11.crt
new file mode 100644
index 000000000000..6902605756af
--- /dev/null
+++ b/xmlsecurity/qa/certext/User_35_Root_11.crt
@@ -0,0 +1,64 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4130 (0x1022)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+        Validity
+            Not Before: Nov  8 10:51:39 2010 GMT
+            Not After : Nov  8 10:51:39 2011 GMT
+        Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=User 35
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:9b:36:00:64:f3:ce:93:97:62:19:fa:78:d9:6f:
+                    92:6a:b9:d2:9a:4e:06:2c:02:52:cd:93:50:84:28:
+                    19:42:a2:4a:34:e2:cd:e6:b0:39:7a:c8:4d:84:bc:
+                    71:51:ed:5d:6c:7e:f9:cc:01:5a:4b:73:50:a9:3b:
+                    5d:ad:cc:89:f7:dc:e0:dd:0a:ff:48:01:a9:34:19:
+                    c0:6a:ee:4b:20:f4:cf:3c:94:c1:ae:88:0f:c9:42:
+                    1a:a6:47:31:fe:37:04:00:bb:ec:07:5f:cb:ee:70:
+                    c4:c7:7c:6f:ee:03:19:76:de:0b:df:d0:48:91:67:
+                    55:9b:90:91:f4:ce:56:04:d5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Key Encipherment
+            X509v3 Subject Key Identifier: 
+                91:47:AC:29:95:5D:EF:72:14:8F:82:45:07:E2:94:49:75:C6:7D:73
+            X509v3 Authority Key Identifier: 
+                keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+            X509v3 Subject Alternative Name: 
+                DNS:alt.openoffice.org, IP Address:192.168.7.1, IP Address:13:0:0:0:0:0:0:17, email:my@other.address, Registered ID:1.2.3.4, othername:<unsupported>, DirName:/C=DE/O=OpenOffice.org/OU=Development/CN=User 32 Root 11, URI:http://my.url.here/
+    Signature Algorithm: sha1WithRSAEncryption
+        6e:80:e6:1e:86:3d:d2:65:a6:17:fa:80:2d:2e:dc:85:32:05:
+        a1:69:82:e1:79:d1:dc:de:69:cd:9e:f0:cc:90:75:a9:45:ee:
+        73:46:fe:29:69:c0:99:bb:fc:3a:db:c0:5f:69:c6:b7:ea:9a:
+        63:b2:8e:29:2c:a5:5a:88:88:94:75:4b:ab:0a:72:f6:3a:aa:
+        5d:6b:3a:5c:b6:9b:57:f5:c1:51:af:df:3c:a6:8a:a3:da:70:
+        66:61:49:12:06:78:98:9f:bc:78:3c:43:6d:08:94:aa:32:b6:
+        f3:cc:af:0d:29:fe:96:47:7d:fe:4a:61:48:90:11:0b:bd:0f:
+        a0:fd
+-----BEGIN CERTIFICATE-----
+MIIDajCCAtOgAwIBAgICECIwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDExMDgxMDUx
+MzlaFw0xMTExMDgxMDUxMzlaMGAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxEDAOBgNVBAMTB1VzZXIgMzUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+AJs2AGTzzpOXYhn6eNlvkmq50ppOBiwCUs2TUIQoGUKiSjTizeawOXrITYS8cVHt
+XWx++cwBWktzUKk7Xa3Miffc4N0K/0gBqTQZwGruSyD0zzyUwa6ID8lCGqZHMf43
+BAC77Adfy+5wxMd8b+4DGXbeC9/QSJFnVZuQkfTOVgTVAgMBAAGjggExMIIBLTAL
+BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJFHrCmVXe9yFI+CRQfilEl1xn1zMB8GA1Ud
+IwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMIHdBgNVHREEgdUwgdKCEmFsdC5v
+cGVub2ZmaWNlLm9yZ4cEwKgHAYcQABMAAAAAAAAAAAAAAAAAF4EQbXlAb3RoZXIu
+YWRkcmVzc4gDKgMEoB4GAyoDBKAXDBVzb21lIG90aGVyIGlkZW50aWZpZXKkWDBW
+MQswCQYDVQQGEwJERTEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT
+C0RldmVsb3BtZW50MRgwFgYDVQQDEw9Vc2VyIDMyIFJvb3QgMTGGE2h0dHA6Ly9t
+eS51cmwuaGVyZS8wDQYJKoZIhvcNAQEFBQADgYEAboDmHoY90mWmF/qALS7chTIF
+oWmC4XnR3N5pzZ7wzJB1qUXuc0b+KWnAmbv8OtvAX2nGt+qaY7KOKSylWoiIlHVL
+qwpy9jqqXWs6XLabV/XBUa/fPKaKo9pwZmFJEgZ4mJ+8eDxDbQiUqjK288yvDSn+
+lkd9/kphSJARC70PoP0=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/qa/certext/export.map b/xmlsecurity/qa/certext/export.map
new file mode 100644
index 000000000000..3308588ef6f8
--- /dev/null
+++ b/xmlsecurity/qa/certext/export.map
@@ -0,0 +1,34 @@
+#*************************************************************************
+#
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# Copyright 2000, 2010 Oracle and/or its affiliates.
+#
+# OpenOffice.org - a multi-platform office productivity suite
+#
+# This file is part of OpenOffice.org.
+#
+# OpenOffice.org is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License version 3
+# only, as published by the Free Software Foundation.
+#
+# OpenOffice.org is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License version 3 for more details
+# (a copy is included in the LICENSE file that accompanied this code).
+#
+# You should have received a copy of the GNU Lesser General Public License
+# version 3 along with OpenOffice.org.  If not, see
+# <http://www.openoffice.org/license.html>
+# for a copy of the LGPLv3 License.
+#
+#*************************************************************************
+
+UDK_3_0_0 {
+    global:
+        cppunitTestPlugIn;
+
+    local:
+        *;
+};
diff --git a/xmlsecurity/qa/certext/makefile.mk b/xmlsecurity/qa/certext/makefile.mk
new file mode 100644
index 000000000000..36ebb954914c
--- /dev/null
+++ b/xmlsecurity/qa/certext/makefile.mk
@@ -0,0 +1,177 @@
+#*************************************************************************
+#
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# Copyright 2000, 2010 Oracle and/or its affiliates.
+#
+# OpenOffice.org - a multi-platform office productivity suite
+#
+# This file is part of OpenOffice.org.
+#
+# OpenOffice.org is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License version 3
+# only, as published by the Free Software Foundation.
+#
+# OpenOffice.org is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License version 3 for more details
+# (a copy is included in the LICENSE file that accompanied this code).
+#
+# You should have received a copy of the GNU Lesser General Public License
+# version 3 along with OpenOffice.org.  If not, see
+# <http://www.openoffice.org/license.html>
+# for a copy of the LGPLv3 License.
+#
+#***********************************************************************/
+
+PRJ = ../..
+PRJNAME = xmlsecurity
+TARGET = qa_certext
+
+ENABLE_EXCEPTIONS = TRUE
+
+.IF "$(OS)" == "WNT"
+my_file = file:///
+.ELSE
+my_file = file://
+.END
+
+
+.INCLUDE: settings.mk
+.INCLUDE :	$(PRJ)$/util$/target.pmk
+
+.IF "$(SYSTEM_LIBXML)" == "YES"
+CFLAGS+=-DSYSTEM_LIBXML $(LIBXML_CFLAGS)
+.ENDIF
+
+.IF "$(CRYPTO_ENGINE)" == "nss"
+
+.IF "$(WITH_MOZILLA)" == "NO" || "$(ENABLE_NSS_MODULE)"!="YES"
+.IF "$(SYSTEM_MOZILLA)" != "YES"
+@all:
+    @echo "No mozilla -> no nss -> no libxmlsec -> no xmlsecurity/nss"
+.ENDIF
+.ENDIF
+
+.IF "$(SYSTEM_MOZILLA)" != "YES"
+MOZ_INC = $(SOLARVERSION)$/$(INPATH)$/inc$(UPDMINOREXT)$/mozilla
+NSS_INC = $(MOZ_INC)$/nss
+NSPR_INC = $(MOZ_INC)$/nspr
+.ELSE
+# MOZ_INC already defined from environment
+NSS_INC = $(MOZ_NSS_CFLAGS)
+NSPR_INC = $(MOZ_INC)$/nspr
+.ENDIF
+
+.IF "$(GUI)"=="UNX"
+.IF "$(COMNAME)"=="sunpro5"
+CFLAGS += -features=tmplife
+#This flag is needed to build mozilla 1.7 code
+.ENDIF		# "$(COMNAME)"=="sunpro5"
+.ENDIF
+
+.IF "$(GUI)" == "WNT"
+.IF "$(DBG_LEVEL)" == "0"
+INCPRE += \
+-I$(MOZ_INC)$/profile \
+-I$(MOZ_INC)$/string \
+-I$(MOZ_INC)$/embed_base
+CFLAGS +=   -GR- -W3 -Gy -MD -UDEBUG
+.ELSE
+INCPRE += \
+-I$(MOZ_INC)$/profile \
+-I$(MOZ_INC)$/string \
+-I$(MOZ_INC)$/embed_base
+CFLAGS += -Zi -GR- -W3 -Gy -MDd -UNDEBUG
+.ENDIF
+.ENDIF
+.IF "$(GUI)" == "UNX"
+INCPOST += \
+$(MOZ_INC)$/profile \
+-I$(MOZ_INC)$/string \
+-I$(MOZ_INC)$/embed_base
+.ENDIF
+
+CDEFS += -DXMLSEC_CRYPTO_NSS -DXMLSEC_NO_XSLT
+
+SOLARINC += \
+ -I$(MOZ_INC) \
+-I$(NSPR_INC) \
+-I$(PRJ)$/source$/xmlsec
+
+.IF "$(SYSTEM_MOZILLA)" == "YES"
+SOLARINC += -DSYSTEM_MOZILLA $(NSS_INC)
+.ELSE
+SOLARINC += -I$(NSS_INC)
+.ENDIF
+.ENDIF
+
+
+
+
+CFLAGSCXX += $(CPPUNIT_CFLAGS)
+
+SHL1IMPLIB = i$(SHL1TARGET)
+SHL1OBJS = $(SLOFILES)
+SHL1RPATH = NONE
+SHL1STDLIBS = $(CPPUNITLIB)     \
+              $(SALLIB)         \
+              $(NEON3RDLIB)     \
+              $(CPPULIB)        \
+              $(XMLOFFLIB)      \
+              $(CPPUHELPERLIB)	\
+              $(SVLLIB)			\
+              $(TOOLSLIB)	    \
+              $(COMPHELPERLIB)
+              
+    
+    
+.IF "$(OS)"=="SOLARIS"
+SHL1STDLIBS +=-ldl
+.ENDIF
+
+.IF "$(SYSTEM_MOZILLA)" == "YES"
+.IF "$(NSPR_LIB)" != ""
+SHL1STDLIBS += $(NSPR_LIB)
+.ENDIF
+.IF "$(NSS_LIB)" != ""
+SHL1STDLIBS += $(NSS_LIB)
+.ENDIF
+.ENDIF
+
+.IF "$(CRYPTO_ENGINE)" == "mscrypto"
+SHL1STDLIBS+= $(MSCRYPTOLIBS)
+.ELSE
+CDEFS += -DNSS_ENGINE
+SHL1STDLIBS+= $(NSSCRYPTOLIBS)
+.ENDIF	
+
+.IF "$(ENABLE_NSS_MODULE)"=="YES" || "$(SYSTEM_MOZILLA)" == "YES"
+
+SHL1LIBS= \
+    $(SLB)$/xs_comm.lib
+
+.IF "$(CRYPTO_ENGINE)" == "mscrypto"
+SHL1LIBS += \
+    $(SLB)$/xs_mscrypt.lib
+.ELSE
+SHL1LIBS += \
+    $(SLB)$/xs_nss.lib
+.ENDIF
+
+.ENDIF	
+
+SHL1TARGET = qa_CertExt
+SHL1VERSIONMAP = $(PRJ)/qa/certext/export.map
+DEF1NAME = $(SHL1TARGET)
+
+SLOFILES = $(SLO)/SanCertExt.obj
+
+.INCLUDE: target.mk
+
+ALLTAR : test
+
+test .PHONY : $(SHL1TARGETN)
+    $(CPPUNITTESTER) $(SHL1TARGETN) \
+        -env:UNO_TYPES=$(my_file)$(SOLARBINDIR)/types.rdb