INTEGRATION: CWS xmlsec08 (1.9.24); FILE MERGED

2005/03/03 10:27:45 mt 1.9.24.8: #i43491# Merged XMLSEC09 changes...
2005/02/16 08:40:03 mmi 1.9.24.7:
Issue number: 41270
Submitted by:
Reviewed by:
2005/02/06 09:32:47 mmi 1.9.24.6: chinese font displayed.
Issue number:  41071
Submitted by:
Reviewed by:
2005/01/31 06:02:01 mmi 1.9.24.5:
Issue number:  40394
Submitted by:
Reviewed by:
2005/01/27 10:23:21 mmi 1.9.24.4: Chinese font displayed as squares in the certificate choose window
Issue number:  41071
Submitted by:
Reviewed by:
2005/01/27 07:07:01 mmi 1.9.24.3:
Issue number:  40394
Submitted by:
Reviewed by:
2005/01/27 04:46:29 mmi 1.9.24.2: chinese font displayed  as squares
Issue number:  41071
Submitted by:
Reviewed by:
2005/01/20 03:34:27 mmi 1.9.24.1: smartcard support
Issue number:  38448
Submitted by:
Reviewed by:

1 files changed, 145 insertions, 21 deletions

diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
index f2dc2e26fb16..af51073885f0 100644
--- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
@@ -2,9 +2,9 @@
  *
  *  $RCSfile: securityenvironment_nssimpl.cxx,v $
  *
- *  $Revision: 1.9 $
+ *  $Revision: 1.10 $
  *
- *  last change: $Author: hr $ $Date: 2004-09-07 11:40:23 $
+ *  last change: $Author: vg $ $Date: 2005-03-10 18:12:42 $
  *
  *  The Contents of this file are made available subject to the terms of
  *  either of the following licenses
@@ -130,7 +130,7 @@ char* GetPasswordFunction( PK11SlotInfo* pSlot, PRBool bRetry, void* arg )
         if ( xInteractionHandler.is() )
         {
             task::PasswordRequestMode eMode = bRetry ? task::PasswordRequestMode_PASSWORD_REENTER : task::PasswordRequestMode_PASSWORD_ENTER;
-            RequestDocumentPassword* pPasswordRequest = new RequestDocumentPassword( eMode, ::rtl::OUString() );
+            RequestDocumentPassword* pPasswordRequest = new RequestDocumentPassword( eMode, ::rtl::OUString::createFromAscii(PK11_GetTokenName(pSlot)) );
 
             uno::Reference< task::XInteractionRequest > xRequest( pPasswordRequest );
             xInteractionHandler->handle( xRequest );
@@ -144,21 +144,21 @@ char* GetPasswordFunction( PK11SlotInfo* pSlot, PRBool bRetry, void* arg )
                 pPassword = (char*) PORT_Alloc( nLen+1 ) ;
                 pPassword[nLen] = 0;
                 memcpy( pPassword, aPassword.GetBuffer(), nLen );
+
+                return pPassword;
             }
         }
     }
+
 #ifdef DEBUG
-    else
-    {
-        // TEST Password is 'sceri'
-        pPassword = ( char* )PORT_Alloc( 20 ) ;
-        pPassword[0]='s';
-        pPassword[1]='c';
-        pPassword[2]='e';
-        pPassword[3]='r';
-        pPassword[4]='i';
-        pPassword[5]=0x0;
-   }
+    // When debug, we will set the password to 'sceri'
+    pPassword = ( char* )PORT_Alloc( 20 ) ;
+    pPassword[0]='s';
+    pPassword[1]='c';
+    pPassword[2]='e';
+    pPassword[3]='r';
+    pPassword[4]='i';
+    pPassword[5]=0x0;
 #endif
 
     return pPassword;
@@ -288,6 +288,20 @@ PK11SlotInfo* SecurityEnvironment_NssImpl :: getCryptoSlot() throw( Exception ,
     return m_pSlot ;
 }
 
+::rtl::OUString SecurityEnvironment_NssImpl::getSecurityEnvironmentInfo() throw( ::com::sun::star::uno::RuntimeException )
+{
+    rtl::OUString result;
+
+    if( m_pSlot != NULL ) {
+        result = rtl::OUString::createFromAscii(PK11_GetTokenName(m_pSlot));
+    }
+    else{
+        result = rtl::OUString::createFromAscii( "Unknown Token" );
+    }
+
+    return result;
+}
+
 void SecurityEnvironment_NssImpl :: setCryptoSlot( PK11SlotInfo* aSlot) throw( Exception , RuntimeException ) {
     if( m_pSlot != NULL ) {
         PK11_FreeSlot( m_pSlot ) ;
@@ -469,7 +483,8 @@ SECKEYPrivateKey* SecurityEnvironment_NssImpl :: getPriKey( unsigned int positio
     return prikey ;
 }
 
-Sequence< Reference < XCertificate > > SecurityEnvironment_NssImpl :: getPersonalCertificates() throw( SecurityException , RuntimeException ) {
+Sequence< Reference < XCertificate > > SecurityEnvironment_NssImpl :: getPersonalCertificates() throw( SecurityException , RuntimeException )
+{
     sal_Int32 length ;
     X509Certificate_NssImpl* xcert ;
     std::list< X509Certificate_NssImpl* > certsList ;
@@ -558,7 +573,8 @@ Sequence< Reference < XCertificate > > SecurityEnvironment_NssImpl :: getPersona
     return NULL ;
 }
 
-Reference< XCertificate > SecurityEnvironment_NssImpl :: getCertificate( const OUString& issuerName, const Sequence< sal_Int8 >& serialNumber ) throw( SecurityException , RuntimeException ) {
+Reference< XCertificate > SecurityEnvironment_NssImpl :: getCertificate( const OUString& issuerName, const Sequence< sal_Int8 >& serialNumber ) throw( SecurityException , RuntimeException )
+{
     X509Certificate_NssImpl* xcert ;
 
     if( m_pHandler != NULL ) {
@@ -573,13 +589,55 @@ Reference< XCertificate > SecurityEnvironment_NssImpl :: getCertificate( const O
         if( arena == NULL )
             throw RuntimeException() ;
 
-        rtl::OString ostr = rtl::OUStringToOString( issuerName , RTL_TEXTENCODING_ASCII_US ) ;
+                /*
+                 * mmi : because MS Crypto use the 'S' tag (equal to the 'ST' tag in NSS), but the NSS can't recognise
+                 *      it, so the 'S' tag should be changed to 'ST' tag
+                 *
+                 * PS  : it can work, but inside libxmlsec, the 'S' tag is till used to find cert in NSS engine, so it
+                 *       is not useful at all. (comment out now)
+                 */
+
+                /*
+                sal_Int32 nIndex = 0;
+                OUString newIssuerName;
+                do
+                {
+                    OUString aToken = issuerName.getToken( 0, ',', nIndex ).trim();
+                    if (aToken.compareToAscii("S=",2) == 0)
+                    {
+                        newIssuerName+=OUString::createFromAscii("ST=");
+                        newIssuerName+=aToken.copy(2);
+                    }
+                    else
+                    {
+                        newIssuerName+=aToken;
+                    }
+
+                    if (nIndex >= 0)
+                    {
+                        newIssuerName+=OUString::createFromAscii(",");
+                    }
+                } while ( nIndex >= 0 );
+                */
+
+                /* end */
+
+        //Create cert info from issue and serial
+        rtl::OString ostr = rtl::OUStringToOString( issuerName , RTL_TEXTENCODING_UTF8 ) ;
         chIssuer = PL_strndup( ( char* )ostr.getStr(), ( int )ostr.getLength() ) ;
         nmIssuer = CERT_AsciiToName( chIssuer ) ;
         if( nmIssuer == NULL ) {
             PL_strfree( chIssuer ) ;
             PORT_FreeArena( arena, PR_FALSE ) ;
-            throw RuntimeException() ;
+
+            /*
+             * i40394
+             *
+             * mmi : no need to throw exception
+             *       just return "no found"
+             */
+            //throw RuntimeException() ;
+            return NULL;
         }
 
         derIssuer = SEC_ASN1EncodeItem( arena, NULL, ( void* )nmIssuer, SEC_ASN1_GET( CERT_NameTemplate ) ) ;
@@ -824,11 +882,21 @@ sal_Int32 SecurityEnvironment_NssImpl :: getCertificateCharacters( const ::com::
     }
 
     //Secondly, make sentence whether or not the cert has a private key.
+
+    /*
+     * i40394
+     *
+     * mmi : need to check whether the cert's slot is valid first
+     */
     {
-        SECKEYPrivateKey* priKey ;
+        SECKEYPrivateKey* priKey = NULL;
+
+        if (cert->slot != NULL)
+        {
+            priKey = PK11_FindPrivateKeyFromCert( cert->slot, ( CERTCertificate* )cert, NULL ) ;
+        }
 
-        priKey = PK11_FindPrivateKeyFromCert( cert->slot, ( CERTCertificate* )cert, NULL ) ;
-        if( priKey == NULL && m_pSlot != NULL )
+        if( priKey == NULL && m_pSlot != NULL && m_pSlot != cert->slot )
             priKey = PK11_FindPrivateKeyFromCert( m_pSlot, ( CERTCertificate* )cert, NULL ) ;
 
         if( priKey != NULL ) {
@@ -927,3 +995,59 @@ X509Certificate_NssImpl* NssPrivKeyToXCert( SECKEYPrivateKey* priKey )
     return xcert ;
 }
 
+
+/* Native methods */
+xmlSecKeysMngrPtr SecurityEnvironment_NssImpl::createKeysManager() throw( Exception, RuntimeException ) {
+
+    unsigned int i ;
+    PK11SlotInfo* slot = NULL ;
+    CERTCertDBHandle* handler = NULL ;
+    PK11SymKey* symKey = NULL ;
+    SECKEYPublicKey* pubKey = NULL ;
+    SECKEYPrivateKey* priKey = NULL ;
+    xmlSecKeysMngrPtr pKeysMngr = NULL ;
+
+    slot = this->getCryptoSlot() ;
+    handler = this->getCertDb() ;
+
+    /*-
+     * The following lines is based on the private version of xmlSec-NSS
+     * crypto engine
+     */
+    pKeysMngr = xmlSecNssAppliedKeysMngrCreate( slot , handler ) ;
+    if( pKeysMngr == NULL )
+        throw RuntimeException() ;
+
+    /*-
+     * Adopt symmetric key into keys manager
+     */
+    for( i = 0 ; ( symKey = this->getSymKey( i ) ) != NULL ; i ++ ) {
+        if( xmlSecNssAppliedKeysMngrSymKeyLoad( pKeysMngr, symKey ) < 0 ) {
+            throw RuntimeException() ;
+        }
+    }
+
+    /*-
+     * Adopt asymmetric public key into keys manager
+     */
+    for( i = 0 ; ( pubKey = this->getPubKey( i ) ) != NULL ; i ++ ) {
+        if( xmlSecNssAppliedKeysMngrPubKeyLoad( pKeysMngr, pubKey ) < 0 ) {
+            throw RuntimeException() ;
+        }
+    }
+
+    /*-
+     * Adopt asymmetric private key into keys manager
+     */
+    for( i = 0 ; ( priKey = this->getPriKey( i ) ) != NULL ; i ++ ) {
+        if( xmlSecNssAppliedKeysMngrPriKeyLoad( pKeysMngr, priKey ) < 0 ) {
+            throw RuntimeException() ;
+        }
+    }
+    return pKeysMngr ;
+}
+void SecurityEnvironment_NssImpl::destroyKeysManager(xmlSecKeysMngrPtr pKeysMngr) throw( Exception, RuntimeException ) {
+    if( pKeysMngr != NULL ) {
+        xmlSecKeysMngrDestroy( pKeysMngr ) ;
+    }
+}