xmlsecurity: expose the certificate's SHA-256 checksum in the NSS backend

OOXML export will need an SHA-256 hash of the certificate, introducing a css::security::XCertificate2 just for this would be probably an overkill. The same will have to be done in the mscrypto backend in the near future. Change-Id: Id2df06416a713927edd60e1253ff8e1c09dd706a (cherry picked from commit f09f61c9b4f474a95fafa144b4eb18dbdf2a166c)
author: Miklos Vajna <vmiklos@collabora.co.uk> 2016-02-11 17:11:55 +0100
committer: Miklos Vajna <vmiklos@collabora.co.uk> 2016-07-07 12:28:08 +0200
commit: e4ad47085f952c7824393acd6eecc3342d08e366 (patch)
tree: e00cd09f23ab48764f9082de6f8410c784f3a0c5 /xmlsecurity
parent: b0f98eb674feb5432f22f2799278f84c27a5d272 (diff)
3 files changed, 61 insertions, 3 deletions
diff --git a/xmlsecurity/inc/certificate.hxx b/xmlsecurity/inc/certificate.hxx
new file mode 100644
index 000000000000..2c0e0498bcf9
--- /dev/null
+++ b/xmlsecurity/inc/certificate.hxx
@@ -0,0 +1,34 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#ifndef INCLUDED_XMLSECURITY_INC_CERTIFICATE_H
+#define INCLUDED_XMLSECURITY_INC_CERTIFICATE_H
+
+#include <sal/types.h>
+
+namespace xmlsecurity
+{
+
+/// Extension of css::security::XCertificate for module-internal purposes.
+class SAL_NO_VTABLE SAL_DLLPUBLIC_RTTI Certificate
+{
+public:
+
+    /// Returns the SHA-256 thumbprint.
+    virtual css::uno::Sequence<sal_Int8> getSHA256Thumbprint() throw (css::uno::RuntimeException, std::exception) = 0;
+
+protected:
+    ~Certificate() throw () {}
+};
+
+}
+
+#endif // INCLUDED_XMLSECURITY_INC_CERTIFICATE_H
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
index 0939a1f95bfb..9d7cd557db20 100644
--- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
@@ -35,6 +35,7 @@
 #include "sanextension_nssimpl.hxx"
 #include <tools/time.hxx>
 
+using namespace ::com::sun::star;
 using namespace ::com::sun::star::uno ;
 using namespace ::com::sun::star::security ;
 
@@ -337,8 +338,22 @@ OUString getAlgorithmDescription(SECAlgorithmID *aid)
     if( pCert != nullptr )
     {
         SECStatus rv;
-        unsigned char fingerprint[20];
-        int length = ((id == SEC_OID_MD5)?MD5_LENGTH:SHA1_LENGTH);
+        unsigned char fingerprint[32];
+        int length = 0;
+        switch (id)
+        {
+        case SEC_OID_MD5:
+            length = MD5_LENGTH;
+            break;
+        case SEC_OID_SHA1:
+            length = SHA1_LENGTH;
+            break;
+        case SEC_OID_SHA256:
+            length = SHA256_LENGTH;
+            break;
+        default:
+            break;
+        }
 
         memset(fingerprint, 0, sizeof fingerprint);
         rv = PK11_HashBuf(id, fingerprint, pCert->derCert.data, pCert->derCert.len);
@@ -409,6 +424,11 @@ OUString SAL_CALL X509Certificate_NssImpl::getSignatureAlgorithm()
     return getThumbprint(m_pCert, SEC_OID_SHA1);
 }
 
+uno::Sequence<sal_Int8> X509Certificate_NssImpl::getSHA256Thumbprint() throw (uno::RuntimeException, std::exception)
+{
+    return getThumbprint(m_pCert, SEC_OID_SHA256);
+}
+
 ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getMD5Thumbprint()
     throw ( ::com::sun::star::uno::RuntimeException, std::exception)
 {
diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx
index 70714a4a8bc3..7bad209b7177 100644
--- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx
+++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx
@@ -29,11 +29,12 @@
 #include <com/sun/star/uno/SecurityException.hpp>
 #include <com/sun/star/security/XCertificate.hpp>
 
+#include <certificate.hxx>
 #include "cert.h"
 
 class X509Certificate_NssImpl : public ::cppu::WeakImplHelper<
     ::com::sun::star::security::XCertificate ,
-    ::com::sun::star::lang::XUnoTunnel >
+    ::com::sun::star::lang::XUnoTunnel > , public xmlsecurity::Certificate
 {
     private:
         CERTCertificate* m_pCert ;
@@ -82,6 +83,9 @@ class X509Certificate_NssImpl : public ::cppu::WeakImplHelper<
         //Methods from XUnoTunnel
         virtual sal_Int64 SAL_CALL getSomething( const ::com::sun::star::uno::Sequence< sal_Int8 >& aIdentifier ) throw (com::sun::star::uno::RuntimeException, std::exception) override;
 
+        /// @see xmlsecurity::Certificate::getSHA256Thumbprint().
+        virtual css::uno::Sequence<sal_Int8> getSHA256Thumbprint() throw (css::uno::RuntimeException, std::exception) override;
+
         static const ::com::sun::star::uno::Sequence< sal_Int8 >& getUnoTunnelId() ;
 
         //Helper methods
author	Miklos Vajna <vmiklos@collabora.co.uk>	2016-02-11 17:11:55 +0100
committer	Miklos Vajna <vmiklos@collabora.co.uk>	2016-07-07 12:28:08 +0200
commit	e4ad47085f952c7824393acd6eecc3342d08e366 (patch)
tree	e00cd09f23ab48764f9082de6f8410c784f3a0c5 /xmlsecurity
parent	b0f98eb674feb5432f22f2799278f84c27a5d272 (diff)