diff options
| author | Mikhail Voytenko <mav@openoffice.org> | 2011-03-27 10:36:28 +0200 |
|---|---|---|
| committer | Mikhail Voytenko <mav@openoffice.org> | 2011-03-27 10:36:28 +0200 |
| commit | 66164edf5bdb77d3e60050711998a98f26414997 (patch) | |
| tree | 38ce63eb1b3e7e796e8711edd4ffc2ec6eda6db2 /xmlsecurity | |
| parent | ecea2657b023888aa5be5af41876cee03ffa9b27 (diff) | |
mav60: #164341# introduce nss initialization for the case when mscrypto is used
Diffstat (limited to 'xmlsecurity')
| -rw-r--r-- | xmlsecurity/source/xmlsec/makefile.mk | 6 | ||||
| -rw-r--r-- | xmlsecurity/source/xmlsec/nss/ciphercontext.cxx | 2 | ||||
| -rw-r--r-- | xmlsecurity/source/xmlsec/nss/makefile.mk | 21 | ||||
| -rw-r--r-- | xmlsecurity/source/xmlsec/nss/nssinitializer.cxx | 516 | ||||
| -rw-r--r-- | xmlsecurity/source/xmlsec/nss/nssinitializer.hxx | 87 | ||||
| -rw-r--r-- | xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx | 38 | ||||
| -rw-r--r-- | xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx | 387 | ||||
| -rw-r--r-- | xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx | 39 | ||||
| -rw-r--r-- | xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx | 28 | ||||
| -rw-r--r-- | xmlsecurity/source/xmlsec/nss/xsec_nss.cxx | 34 | ||||
| -rw-r--r-- | xmlsecurity/util/makefile.mk | 11 | ||||
| -rw-r--r-- | xmlsecurity/util/xsec_xmlsec.windows.component | 2 |
12 files changed, 710 insertions, 461 deletions
diff --git a/xmlsecurity/source/xmlsec/makefile.mk b/xmlsecurity/source/xmlsec/makefile.mk index f3a30d8e987f..36b30f4f25a3 100644 --- a/xmlsecurity/source/xmlsec/makefile.mk +++ b/xmlsecurity/source/xmlsec/makefile.mk @@ -49,11 +49,11 @@ CFLAGS+=-DSYSTEM_LIBXML $(LIBXML_CFLAGS) .ENDIF .IF "$(CRYPTO_ENGINE)" == "mscrypto" -CDEFS += -DXMLSEC_CRYPTO_MSCRYPTO -DXMLSEC_NO_XSLT -.ELSE -CDEFS += -DXMLSEC_NO_XSLT +CDEFS += -DXMLSEC_CRYPTO_MSCRYPTO .ENDIF +CDEFS += -DXMLSEC_NO_XSLT + # --- Files -------------------------------------------------------- SLOFILES = \ $(SLO)$/biginteger.obj \ diff --git a/xmlsecurity/source/xmlsec/nss/ciphercontext.cxx b/xmlsecurity/source/xmlsec/nss/ciphercontext.cxx index 9a7cb560ba8a..93a17e3514b7 100644 --- a/xmlsecurity/source/xmlsec/nss/ciphercontext.cxx +++ b/xmlsecurity/source/xmlsec/nss/ciphercontext.cxx @@ -218,7 +218,7 @@ uno::Sequence< ::sal_Int8 > SAL_CALL OCipherContext::finalizeCipherContextAndDis rtl_random_getBytes( aRandomPool, m_aLastBlock.getArray() + nOldLastBlockLen, nPaddingSize - 1 ); rtl_random_destroyPool ( aRandomPool ); } - m_aLastBlock[m_aLastBlock.getLength() - 1] = nPaddingSize; + m_aLastBlock[m_aLastBlock.getLength() - 1] = static_cast< sal_Int8 >( nPaddingSize ); } // finally should the last block be smaller than two standard blocks diff --git a/xmlsecurity/source/xmlsec/nss/makefile.mk b/xmlsecurity/source/xmlsec/nss/makefile.mk index 7d2faf6ace9c..17d775d00823 100644 --- a/xmlsecurity/source/xmlsec/nss/makefile.mk +++ b/xmlsecurity/source/xmlsec/nss/makefile.mk @@ -102,7 +102,11 @@ $(MOZ_INC)$/profile \ #.ENDIF .ENDIF -CDEFS += -DXMLSEC_CRYPTO_NSS -DXMLSEC_NO_XSLT +.IF "$(CRYPTO_ENGINE)" == "nss" +CDEFS += -DXMLSEC_CRYPTO_NSS +.ENDIF + +CDEFS += -DXMLSEC_NO_XSLT # --- Files -------------------------------------------------------- @@ -118,16 +122,21 @@ SOLARINC += -I$(NSS_INC) .ENDIF SLOFILES = \ + $(SLO)$/nssinitializer.obj \ + $(SLO)$/digestcontext.obj \ + $(SLO)$/ciphercontext.obj \ + $(SLO)$/xsec_nss.obj + +.IF "$(CRYPTO_ENGINE)" == "nss" +SLOFILES += \ $(SLO)$/securityenvironment_nssimpl.obj \ + $(SLO)$/seinitializer_nssimpl.obj \ $(SLO)$/xmlencryption_nssimpl.obj \ $(SLO)$/xmlsecuritycontext_nssimpl.obj \ $(SLO)$/xmlsignature_nssimpl.obj \ $(SLO)$/x509certificate_nssimpl.obj \ - $(SLO)$/seinitializer_nssimpl.obj \ - $(SLO)$/digestcontext.obj \ - $(SLO)$/ciphercontext.obj \ - $(SLO)$/xsec_nss.obj \ - $(SLO)$/secerror.obj + $(SLO)$/secerror.obj +.ENDIF # --- Targets ------------------------------------------------------ diff --git a/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx b/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx new file mode 100644 index 000000000000..7e0d942e8e3c --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx @@ -0,0 +1,516 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +// MARKER(update_precomp.py): autogen include statement, do not remove +#include "precompiled_xmlsecurity.hxx" + +/* + * Turn off DEBUG Assertions + */ +#ifdef _DEBUG + #define _DEBUG_WAS_DEFINED _DEBUG + #undef _DEBUG +#else + #undef _DEBUG_WAS_DEFINED +#endif + +/* + * and turn off the additional virtual methods which are part of some interfaces when compiled + * with debug + */ +#ifdef DEBUG + #define DEBUG_WAS_DEFINED DEBUG + #undef DEBUG +#else + #undef DEBUG_WAS_DEFINED +#endif + + +#include <com/sun/star/mozilla/XMozillaBootstrap.hpp> +#include <com/sun/star/xml/crypto/DigestID.hpp> +#include <com/sun/star/xml/crypto/CipherID.hpp> + +#include <sal/types.h> +#include <rtl/instance.hxx> +#include <rtl/bootstrap.hxx> +#include <rtl/string.hxx> +#include <rtl/strbuf.hxx> +#include <osl/file.hxx> +#include <osl/thread.h> +#include <tools/debug.hxx> +#include <rtl/logfile.hxx> + +#include "seinitializer_nssimpl.hxx" +#include "../diagnose.hxx" + +#include "securityenvironment_nssimpl.hxx" +#include "digestcontext.hxx" +#include "ciphercontext.hxx" + +#include <nspr.h> +#include <cert.h> +#include <nss.h> +#include <pk11pub.h> +#include <secmod.h> +#include <nssckbi.h> + + +namespace css = ::com::sun::star; +namespace cssu = css::uno; +namespace cssl = css::lang; +namespace cssxc = css::xml::crypto; + +using namespace xmlsecurity; +using namespace com::sun::star; +using ::rtl::OUString; +using ::rtl::OString; + +#define IMPLEMENTATION_NAME "com.sun.star.xml.security.bridge.xmlsec.NSSInitializer_NssImpl" + +#define ROOT_CERTS "Root Certs for OpenOffice.org" + +extern "C" void nsscrypto_finalize(); + + +namespace +{ + +bool nsscrypto_initialize( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF, bool & out_nss_init ); + +struct InitNSSInitialize +{ + css::uno::Reference< css::lang::XMultiServiceFactory > mxMSF; + + InitNSSInitialize( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF ) + : mxMSF( xMSF ) + { + } + + bool * operator()() + { + static bool bInitialized = false; + bool bNSSInit = false; + bInitialized = nsscrypto_initialize( mxMSF, bNSSInit ); + if (bNSSInit) + atexit(nsscrypto_finalize ); + return & bInitialized; + } +}; + +struct GetNSSInitStaticMutex +{ + ::osl::Mutex* operator()() + { + static ::osl::Mutex aNSSInitMutex; + return &aNSSInitMutex; + } +}; + +void deleteRootsModule() +{ + SECMODModule *RootsModule = 0; + SECMODModuleList *list = SECMOD_GetDefaultModuleList(); + SECMODListLock *lock = SECMOD_GetDefaultModuleListLock(); + SECMOD_GetReadLock(lock); + + while (!RootsModule && list) + { + SECMODModule *module = list->module; + + for (int i=0; i < module->slotCount; i++) + { + PK11SlotInfo *slot = module->slots[i]; + if (PK11_IsPresent(slot)) + { + if (PK11_HasRootCerts(slot)) + { + xmlsec_trace("The root certifificates module \"%s" + "\" is already loaded: \n%s", + module->commonName, module->dllName); + + RootsModule = SECMOD_ReferenceModule(module); + break; + } + } + } + list = list->next; + } + SECMOD_ReleaseReadLock(lock); + + if (RootsModule) + { + PRInt32 modType; + if (SECSuccess == SECMOD_DeleteModule(RootsModule->commonName, &modType)) + { + xmlsec_trace("Deleted module \"%s\".", RootsModule->commonName); + } + else + { + xmlsec_trace("Failed to delete \"%s\" : \n%s", + RootsModule->commonName, RootsModule->dllName); + } + SECMOD_DestroyModule(RootsModule); + RootsModule = 0; + } +} + +::rtl::OString getMozillaCurrentProfile( const css::uno::Reference< css::lang::XMultiServiceFactory > &rxMSF ) +{ + ::rtl::OString sResult; + // first, try to get the profile from "MOZILLA_CERTIFICATE_FOLDER" + char* pEnv = getenv( "MOZILLA_CERTIFICATE_FOLDER" ); + if ( pEnv ) + { + sResult = ::rtl::OString( pEnv ); + RTL_LOGFILE_PRODUCT_TRACE1( "XMLSEC: Using env MOZILLA_CERTIFICATE_FOLDER: %s", sResult.getStr() ); + } + else + { + mozilla::MozillaProductType productTypes[4] = { + mozilla::MozillaProductType_Thunderbird, + mozilla::MozillaProductType_Mozilla, + mozilla::MozillaProductType_Firefox, + mozilla::MozillaProductType_Default }; + int nProduct = 4; + + uno::Reference<uno::XInterface> xInstance = rxMSF->createInstance( + ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM("com.sun.star.mozilla.MozillaBootstrap")) ); + OSL_ENSURE( xInstance.is(), "failed to create instance" ); + + uno::Reference<mozilla::XMozillaBootstrap> xMozillaBootstrap + = uno::Reference<mozilla::XMozillaBootstrap>(xInstance,uno::UNO_QUERY); + OSL_ENSURE( xMozillaBootstrap.is(), "failed to create instance" ); + + if (xMozillaBootstrap.is()) + { + for (int i=0; i<nProduct; i++) + { + ::rtl::OUString profile = xMozillaBootstrap->getDefaultProfile(productTypes[i]); + + if (profile != NULL && profile.getLength()>0) + { + ::rtl::OUString sProfilePath = xMozillaBootstrap->getProfilePath( productTypes[i], profile ); + sResult = ::rtl::OUStringToOString( sProfilePath, osl_getThreadTextEncoding() ); + RTL_LOGFILE_PRODUCT_TRACE1( "XMLSEC: Using Mozilla Profile: %s", sResult.getStr() ); + } + } + } + + RTL_LOGFILE_PRODUCT_TRACE( "XMLSEC: No Mozilla Profile found!" ); + } + + return sResult; +} + +//Older versions of Firefox (FF), for example FF2, and Thunderbird (TB) 2 write +//the roots certificate module (libnssckbi.so), which they use, into the +//profile. This module will then already be loaded during NSS_Init (and the +//other init functions). This fails in two cases. First, FF3 was used to create +//the profile, or possibly used that profile before, and second the profile was +//used on a different platform. +// +//Then one needs to add the roots module oneself. This should be done with +//SECMOD_LoadUserModule rather then SECMOD_AddNewModule. The latter would write +//the location of the roots module to the profile, which makes FF2 and TB2 use +//it instead of there own module. +// +//When using SYSTEM_MOZILLA then the libnss3.so lib is typically found in +///usr/lib. This folder may, however, NOT contain the roots certificate +//module. That is, just providing the library name in SECMOD_LoadUserModule or +//SECMOD_AddNewModule will FAIL to load the mozilla unless the LD_LIBRARY_PATH +//contains an FF or TB installation. +//ATTENTION: DO NOT call this function directly instead use initNSS +//return true - whole initialization was successful +//param out_nss_init = true: at least the NSS initialization (NSS_InitReadWrite +//was successful and therefor NSS_Shutdown should be called when terminating. +bool nsscrypto_initialize( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF, bool & out_nss_init ) +{ + bool return_value = true; + + // this method must be called only once, no need for additional lock + rtl::OString sCertDir; + if ( xMSF.is() ) + sCertDir = getMozillaCurrentProfile( xMSF ); + + xmlsec_trace( "Using profile: %s", sCertDir.getStr() ); + + PR_Init( PR_USER_THREAD, PR_PRIORITY_NORMAL, 1 ) ; + + // there might be no profile + if ( sCertDir.getLength() > 0 ) + { + if( NSS_InitReadWrite( sCertDir.getStr() ) != SECSuccess ) + { + xmlsec_trace("Initializing NSS with profile failed."); + char * error = NULL; + + PR_GetErrorText(error); + if (error) + xmlsec_trace("%s",error); + return false ; + } + } + else + { + xmlsec_trace("Initializing NSS without profile."); + if ( NSS_NoDB_Init(NULL) != SECSuccess ) + { + xmlsec_trace("Initializing NSS without profile failed."); + char * error = NULL; + PR_GetErrorText(error); + if (error) + xmlsec_trace("%s",error); + return false ; + } + } + out_nss_init = true; + +#if defined SYSTEM_MOZILLA + if (!SECMOD_HasRootCerts()) + { +#endif + deleteRootsModule(); + +#if defined SYSTEM_MOZILLA + OUString rootModule(RTL_CONSTASCII_USTRINGPARAM("libnssckbi"SAL_DLLEXTENSION)); +#else + OUString rootModule(RTL_CONSTASCII_USTRINGPARAM("${OOO_BASE_DIR}/program/libnssckbi"SAL_DLLEXTENSION)); +#endif + ::rtl::Bootstrap::expandMacros(rootModule); + + OUString rootModulePath; + if (::osl::File::E_None == ::osl::File::getSystemPathFromFileURL(rootModule, rootModulePath)) + { + ::rtl::OString ospath = ::rtl::OUStringToOString(rootModulePath, osl_getThreadTextEncoding()); + ::rtl::OStringBuffer pkcs11moduleSpec; + pkcs11moduleSpec.append("name=\""); + pkcs11moduleSpec.append(ROOT_CERTS); + pkcs11moduleSpec.append("\" library=\""); + pkcs11moduleSpec.append(ospath.getStr()); + pkcs11moduleSpec.append("\""); + + SECMODModule * RootsModule = + SECMOD_LoadUserModule( + const_cast<char*>(pkcs11moduleSpec.makeStringAndClear().getStr()), + 0, // no parent + PR_FALSE); // do not recurse + + if (RootsModule) + { + + bool found = RootsModule->loaded; + + SECMOD_DestroyModule(RootsModule); + RootsModule = 0; + if (found) + xmlsec_trace("Added new root certificate module " + "\""ROOT_CERTS"\" contained in \n%s", ospath.getStr()); + else + { + xmlsec_trace("FAILED to load the new root certificate module " + "\""ROOT_CERTS"\" contained in \n%s", ospath.getStr()); + return_value = false; + } + } + else + { + xmlsec_trace("FAILED to add new root certifice module: " + "\""ROOT_CERTS"\" contained in \n%s", ospath.getStr()); + return_value = false; + + } + } + else + { + xmlsec_trace("Adding new root certificate module failed."); + return_value = false; + } +#if SYSTEM_MOZILLA + } +#endif + + return return_value; +} + + +// must be extern "C" because we pass the function pointer to atexit +extern "C" void nsscrypto_finalize() +{ + SECMODModule *RootsModule = SECMOD_FindModule(ROOT_CERTS); + + if (RootsModule) + { + + if (SECSuccess == SECMOD_UnloadUserModule(RootsModule)) + { + xmlsec_trace("Unloaded module \""ROOT_CERTS"\"."); + } + else + { + xmlsec_trace("Failed unloadeding module \""ROOT_CERTS"\"."); + } + SECMOD_DestroyModule(RootsModule); + } + else + { + xmlsec_trace("Unloading module \""ROOT_CERTS + "\" failed because it was not found."); + } + PK11_LogoutAll(); + NSS_Shutdown(); +} +} // namespace + +ONSSInitializer::ONSSInitializer( + const css::uno::Reference< css::lang::XMultiServiceFactory > &rxMSF) + :mxMSF( rxMSF ) +{ +} + +ONSSInitializer::~ONSSInitializer() +{ +} + +bool ONSSInitializer::initNSS( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF ) +{ + return *rtl_Instance< bool, InitNSSInitialize, ::osl::MutexGuard, GetNSSInitStaticMutex > + ::create( InitNSSInitialize( xMSF ), GetNSSInitStaticMutex() ); +} + +css::uno::Reference< css::xml::crypto::XDigestContext > SAL_CALL ONSSInitializer::getDigestContext( ::sal_Int32 nDigestID, const css::uno::Sequence< css::beans::NamedValue >& aParams ) + throw (css::lang::IllegalArgumentException, css::uno::RuntimeException) +{ + SECOidTag nNSSDigestID = SEC_OID_UNKNOWN; + sal_Int32 nDigestLength = 0; + bool b1KData = false; + if ( nDigestID == css::xml::crypto::DigestID::SHA256 + || nDigestID == css::xml::crypto::DigestID::SHA256_1K ) + { + nNSSDigestID = SEC_OID_SHA256; + nDigestLength = 32; + b1KData = ( nDigestID == css::xml::crypto::DigestID::SHA256_1K ); + } + else if ( nDigestID == css::xml::crypto::DigestID::SHA1 + || nDigestID == css::xml::crypto::DigestID::SHA1_1K ) + { + nNSSDigestID = SEC_OID_SHA1; + nDigestLength = 20; + b1KData = ( nDigestID == css::xml::crypto::DigestID::SHA1_1K ); + } + else + throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected digest requested." ) ), css::uno::Reference< css::uno::XInterface >(), 1 ); + + if ( aParams.getLength() ) + throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected arguments provided for digest creation." ) ), css::uno::Reference< css::uno::XInterface >(), 2 ); + + css::uno::Reference< css::xml::crypto::XDigestContext > xResult; + if( initNSS( mxMSF ) ) + { + PK11Context* pContext = PK11_CreateDigestContext( nNSSDigestID ); + if ( pContext && PK11_DigestBegin( pContext ) == SECSuccess ) + xResult = new ODigestContext( pContext, nDigestLength, b1KData ); + } + + return xResult; +} + +css::uno::Reference< css::xml::crypto::XCipherContext > SAL_CALL ONSSInitializer::getCipherContext( ::sal_Int32 nCipherID, const css::uno::Sequence< ::sal_Int8 >& aKey, const css::uno::Sequence< ::sal_Int8 >& aInitializationVector, ::sal_Bool bEncryption, const css::uno::Sequence< css::beans::NamedValue >& aParams ) + throw (css::lang::IllegalArgumentException, css::uno::RuntimeException) +{ + CK_MECHANISM_TYPE nNSSCipherID = 0; + bool bW3CPadding = false; + if ( nCipherID == css::xml::crypto::CipherID::AES_CBC_W3C_PADDING ) + { + nNSSCipherID = CKM_AES_CBC; + bW3CPadding = true; + + if ( aKey.getLength() != 16 && aKey.getLength() != 24 && aKey.getLength() != 32 ) + throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected key length." ) ), css::uno::Reference< css::uno::XInterface >(), 2 ); + + if ( aParams.getLength() ) + throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected arguments provided for cipher creation." ) ), css::uno::Reference< css::uno::XInterface >(), 5 ); + } + else + throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected cipher requested." ) ), css::uno::Reference< css::uno::XInterface >(), 1 ); + + css::uno::Reference< css::xml::crypto::XCipherContext > xResult; + if( initNSS( mxMSF ) ) + { + if ( aInitializationVector.getLength() != PK11_GetIVLength( nNSSCipherID ) ) + throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected length of initialization vector." ) ), css::uno::Reference< css::uno::XInterface >(), 3 ); + + xResult = OCipherContext::Create( nNSSCipherID, aKey, aInitializationVector, bEncryption, bW3CPadding ); + } + + return xResult; +} + +rtl::OUString ONSSInitializer_getImplementationName () + throw (cssu::RuntimeException) +{ + + return rtl::OUString ( RTL_CONSTASCII_USTRINGPARAM ( IMPLEMENTATION_NAME ) ); +} + +sal_Bool SAL_CALL ONSSInitializer_supportsService( const rtl::OUString& ServiceName ) + throw (cssu::RuntimeException) +{ + return ServiceName.equalsAsciiL( RTL_CONSTASCII_STRINGPARAM ( NSS_SERVICE_NAME )); +} + +cssu::Sequence< rtl::OUString > SAL_CALL ONSSInitializer_getSupportedServiceNames( ) + throw (cssu::RuntimeException) +{ + cssu::Sequence < rtl::OUString > aRet(1); + rtl::OUString* pArray = aRet.getArray(); + pArray[0] = rtl::OUString ( RTL_CONSTASCII_USTRINGPARAM ( NSS_SERVICE_NAME ) ); + return aRet; +} + +cssu::Reference< cssu::XInterface > SAL_CALL ONSSInitializer_createInstance( const cssu::Reference< cssl::XMultiServiceFactory > & rSMgr) + throw( cssu::Exception ) +{ + return (cppu::OWeakObject*) new ONSSInitializer( rSMgr ); +} + +/* XServiceInfo */ +rtl::OUString SAL_CALL ONSSInitializer::getImplementationName() + throw (cssu::RuntimeException) +{ + return ONSSInitializer_getImplementationName(); +} +sal_Bool SAL_CALL ONSSInitializer::supportsService( const rtl::OUString& rServiceName ) + throw (cssu::RuntimeException) +{ + return ONSSInitializer_supportsService( rServiceName ); +} +cssu::Sequence< rtl::OUString > SAL_CALL ONSSInitializer::getSupportedServiceNames( ) + throw (cssu::RuntimeException) +{ + return ONSSInitializer_getSupportedServiceNames(); +} + diff --git a/xmlsecurity/source/xmlsec/nss/nssinitializer.hxx b/xmlsecurity/source/xmlsec/nss/nssinitializer.hxx new file mode 100644 index 000000000000..598434086c79 --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/nssinitializer.hxx @@ -0,0 +1,87 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +#ifndef _NSSINITIALIZER_HXX +#define _NSSINITIALIZER_HXX + +#include <com/sun/star/xml/crypto/XDigestContextSupplier.hpp> +#include <com/sun/star/xml/crypto/XCipherContextSupplier.hpp> +#include <com/sun/star/lang/XServiceInfo.hpp> +#include <com/sun/star/lang/XMultiServiceFactory.hpp> + +#include <cppuhelper/implbase3.hxx> + +#define NSS_SERVICE_NAME "com.sun.star.xml.crypto.NSSInitializer" + +class ONSSInitializer : public cppu::WeakImplHelper3 +< + ::com::sun::star::xml::crypto::XDigestContextSupplier, + ::com::sun::star::xml::crypto::XCipherContextSupplier, + ::com::sun::star::lang::XServiceInfo +> +{ +private: + ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory > mxMSF; + +public: + ONSSInitializer( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory > &rxMSF ); + virtual ~ONSSInitializer(); + + bool initNSS( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory > &xMSF ); + + /* XDigestContextSupplier */ + virtual ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XDigestContext > SAL_CALL getDigestContext( ::sal_Int32 nDigestID, const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue >& aParams ) throw (::com::sun::star::lang::IllegalArgumentException, ::com::sun::star::uno::RuntimeException); + + /* XCipherContextSupplier */ + virtual ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XCipherContext > SAL_CALL getCipherContext( ::sal_Int32 nCipherID, const ::com::sun::star::uno::Sequence< ::sal_Int8 >& aKey, const ::com::sun::star::uno::Sequence< ::sal_Int8 >& aInitializationVector, ::sal_Bool bEncryption, const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue >& aParams ) throw (::com::sun::star::lang::IllegalArgumentException, ::com::sun::star::uno::RuntimeException); + + /* XServiceInfo */ + virtual rtl::OUString SAL_CALL getImplementationName() + throw (::com::sun::star::uno::RuntimeException); + + virtual sal_Bool SAL_CALL supportsService( const rtl::OUString& ServiceName ) + throw (::com::sun::star::uno::RuntimeException); + + virtual ::com::sun::star::uno::Sequence< rtl::OUString > SAL_CALL getSupportedServiceNames() + throw (::com::sun::star::uno::RuntimeException); +}; + +rtl::OUString ONSSInitializer_getImplementationName() + throw ( ::com::sun::star::uno::RuntimeException ); + +sal_Bool SAL_CALL ONSSInitializer_supportsService( const rtl::OUString& ServiceName ) + throw ( ::com::sun::star::uno::RuntimeException ); + +com::sun::star::uno::Sequence< rtl::OUString > SAL_CALL ONSSInitializer_getSupportedServiceNames() + throw ( ::com::sun::star::uno::RuntimeException ); + +com::sun::star::uno::Reference< ::com::sun::star::uno::XInterface > +SAL_CALL ONSSInitializer_createInstance( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory > & rSMgr ) + throw ( ::com::sun::star::uno::Exception ); + +#endif + diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx index f004d0195f88..ca99ee379a9c 100644 --- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx @@ -87,7 +87,29 @@ extern X509Certificate_NssImpl* NssPrivKeyToXCert( SECKEYPrivateKey* ) ; struct UsageDescription { SECCertificateUsage usage; - char const * const description; + char const* description; + + UsageDescription() + : usage( certificateUsageCheckAllUsages ) + , description( NULL ) + {} + + UsageDescription( SECCertificateUsage i_usage, char const* i_description ) + : usage( i_usage ) + , description( i_description ) + {} + + UsageDescription( const UsageDescription& aDescription ) + : usage( aDescription.usage ) + , description( aDescription.description ) + {} + + UsageDescription& operator =( const UsageDescription& aDescription ) + { + usage = aDescription.usage; + description = aDescription.description; + return *this; + } }; @@ -906,14 +928,12 @@ verifyCertificate( const Reference< csss::XCertificate >& aCert, // certificateUsageAnyCA // certificateUsageProtectedObjectSigner - UsageDescription arUsages[] = - { - {certificateUsageSSLClient, "certificateUsageSSLClient" }, - {certificateUsageSSLServer, "certificateUsageSSLServer" }, - {certificateUsageSSLCA, "certificateUsageSSLCA" }, - {certificateUsageEmailSigner, "certificateUsageEmailSigner"}, //only usable for end certs - {certificateUsageEmailRecipient, "certificateUsageEmailRecipient"} - }; + UsageDescription arUsages[5]; + arUsages[0] = UsageDescription( certificateUsageSSLClient, "certificateUsageSSLClient" ); + arUsages[1] = UsageDescription( certificateUsageSSLServer, "certificateUsageSSLServer" ); + arUsages[2] = UsageDescription( certificateUsageSSLCA, "certificateUsageSSLCA" ); + arUsages[3] = UsageDescription( certificateUsageEmailSigner, "certificateUsageEmailSigner" ); + arUsages[4] = UsageDescription( certificateUsageEmailRecipient, "certificateUsageEmailRecipient" ); int numUsages = sizeof(arUsages) / sizeof(UsageDescription); for (int i = 0; i < numUsages; i++) diff --git a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx index 2cccd079f8e5..3e969b093047 100644 --- a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx @@ -49,13 +49,7 @@ #undef DEBUG_WAS_DEFINED #endif - -#include <com/sun/star/mozilla/XMozillaBootstrap.hpp> -#include <com/sun/star/xml/crypto/DigestID.hpp> -#include <com/sun/star/xml/crypto/CipherID.hpp> - #include <sal/types.h> -#include <rtl/instance.hxx> #include <rtl/bootstrap.hxx> #include <rtl/string.hxx> #include <rtl/strbuf.hxx> @@ -65,11 +59,7 @@ #include <rtl/logfile.hxx> #include "seinitializer_nssimpl.hxx" -#include "../diagnose.hxx" - #include "securityenvironment_nssimpl.hxx" -#include "digestcontext.hxx" -#include "ciphercontext.hxx" #include <nspr.h> #include <cert.h> @@ -90,316 +80,13 @@ using ::rtl::OUString; using ::rtl::OString; #define SE_SERVICE_NAME "com.sun.star.xml.crypto.SEInitializer" -#define NSS_SERVICE_NAME "com.sun.star.xml.crypto.NSSInitializer" #define IMPLEMENTATION_NAME "com.sun.star.xml.security.bridge.xmlsec.SEInitializer_NssImpl" #define SECURITY_ENVIRONMENT "com.sun.star.xml.crypto.SecurityEnvironment" #define SECURITY_CONTEXT "com.sun.star.xml.crypto.XMLSecurityContext" - -#define ROOT_CERTS "Root Certs for OpenOffice.org" - - -extern "C" void nsscrypto_finalize(); - - -namespace -{ - -bool nsscrypto_initialize( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF, bool & out_nss_init ); - -struct InitNSSInitialize -{ - css::uno::Reference< css::lang::XMultiServiceFactory > mxMSF; - - InitNSSInitialize( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF ) - : mxMSF( xMSF ) - { - } - - bool * operator()() - { - static bool bInitialized = false; - bool bNSSInit = false; - bInitialized = nsscrypto_initialize( mxMSF, bNSSInit ); - if (bNSSInit) - atexit(nsscrypto_finalize ); - return & bInitialized; - } -}; - -struct GetNSSInitStaticMutex -{ - ::osl::Mutex* operator()() - { - static ::osl::Mutex aNSSInitMutex; - return &aNSSInitMutex; - } -}; - -bool * initNSS( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF ) -{ - return rtl_Instance< bool, InitNSSInitialize, ::osl::MutexGuard, GetNSSInitStaticMutex > - ::create( InitNSSInitialize( xMSF ), GetNSSInitStaticMutex() ); -} - -void deleteRootsModule() -{ - SECMODModule *RootsModule = 0; - SECMODModuleList *list = SECMOD_GetDefaultModuleList(); - SECMODListLock *lock = SECMOD_GetDefaultModuleListLock(); - SECMOD_GetReadLock(lock); - - while (!RootsModule && list) - { - SECMODModule *module = list->module; - - for (int i=0; i < module->slotCount; i++) - { - PK11SlotInfo *slot = module->slots[i]; - if (PK11_IsPresent(slot)) - { - if (PK11_HasRootCerts(slot)) - { - xmlsec_trace("The root certifificates module \"%s" - "\" is already loaded: \n%s", - module->commonName, module->dllName); - - RootsModule = SECMOD_ReferenceModule(module); - break; - } - } - } - list = list->next; - } - SECMOD_ReleaseReadLock(lock); - - if (RootsModule) - { - PRInt32 modType; - if (SECSuccess == SECMOD_DeleteModule(RootsModule->commonName, &modType)) - { - xmlsec_trace("Deleted module \"%s\".", RootsModule->commonName); - } - else - { - xmlsec_trace("Failed to delete \"%s\" : \n%s", - RootsModule->commonName, RootsModule->dllName); - } - SECMOD_DestroyModule(RootsModule); - RootsModule = 0; - } -} - -::rtl::OString getMozillaCurrentProfile( const css::uno::Reference< css::lang::XMultiServiceFactory > &rxMSF ) -{ - ::rtl::OString sResult; - // first, try to get the profile from "MOZILLA_CERTIFICATE_FOLDER" - char* pEnv = getenv( "MOZILLA_CERTIFICATE_FOLDER" ); - if ( pEnv ) - { - sResult = ::rtl::OString( pEnv ); - RTL_LOGFILE_PRODUCT_TRACE1( "XMLSEC: Using env MOZILLA_CERTIFICATE_FOLDER: %s", sResult.getStr() ); - } - else - { - mozilla::MozillaProductType productTypes[4] = { - mozilla::MozillaProductType_Thunderbird, - mozilla::MozillaProductType_Mozilla, - mozilla::MozillaProductType_Firefox, - mozilla::MozillaProductType_Default }; - int nProduct = 4; - - uno::Reference<uno::XInterface> xInstance = rxMSF->createInstance( - ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM("com.sun.star.mozilla.MozillaBootstrap")) ); - OSL_ENSURE( xInstance.is(), "failed to create instance" ); - - uno::Reference<mozilla::XMozillaBootstrap> xMozillaBootstrap - = uno::Reference<mozilla::XMozillaBootstrap>(xInstance,uno::UNO_QUERY); - OSL_ENSURE( xMozillaBootstrap.is(), "failed to create instance" ); - - if (xMozillaBootstrap.is()) - { - for (int i=0; i<nProduct; i++) - { - ::rtl::OUString profile = xMozillaBootstrap->getDefaultProfile(productTypes[i]); - - if (profile != NULL && profile.getLength()>0) - { - ::rtl::OUString sProfilePath = xMozillaBootstrap->getProfilePath( productTypes[i], profile ); - sResult = ::rtl::OUStringToOString( sProfilePath, osl_getThreadTextEncoding() ); - RTL_LOGFILE_PRODUCT_TRACE1( "XMLSEC: Using Mozilla Profile: %s", sResult.getStr() ); - } - } - } - - RTL_LOGFILE_PRODUCT_TRACE( "XMLSEC: No Mozilla Profile found!" ); - } - - return sResult; -} - -//Older versions of Firefox (FF), for example FF2, and Thunderbird (TB) 2 write -//the roots certificate module (libnssckbi.so), which they use, into the -//profile. This module will then already be loaded during NSS_Init (and the -//other init functions). This fails in two cases. First, FF3 was used to create -//the profile, or possibly used that profile before, and second the profile was -//used on a different platform. -// -//Then one needs to add the roots module oneself. This should be done with -//SECMOD_LoadUserModule rather then SECMOD_AddNewModule. The latter would write -//the location of the roots module to the profile, which makes FF2 and TB2 use -//it instead of there own module. -// -//When using SYSTEM_MOZILLA then the libnss3.so lib is typically found in -///usr/lib. This folder may, however, NOT contain the roots certificate -//module. That is, just providing the library name in SECMOD_LoadUserModule or -//SECMOD_AddNewModule will FAIL to load the mozilla unless the LD_LIBRARY_PATH -//contains an FF or TB installation. -//ATTENTION: DO NOT call this function directly instead use initNSS -//return true - whole initialization was successful -//param out_nss_init = true: at least the NSS initialization (NSS_InitReadWrite -//was successful and therefor NSS_Shutdown should be called when terminating. -bool nsscrypto_initialize( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF, bool & out_nss_init ) -{ - bool return_value = true; - - // this method must be called only once, no need for additional lock - rtl::OString sCertDir; - if ( xMSF.is() ) - sCertDir = getMozillaCurrentProfile( xMSF ); - - xmlsec_trace( "Using profile: %s", sCertDir.getStr() ); - - PR_Init( PR_USER_THREAD, PR_PRIORITY_NORMAL, 1 ) ; - - // there might be no profile - if ( sCertDir.getLength() > 0 ) - { - if( NSS_InitReadWrite( sCertDir.getStr() ) != SECSuccess ) - { - xmlsec_trace("Initializing NSS with profile failed."); - char * error = NULL; - - PR_GetErrorText(error); - if (error) - xmlsec_trace("%s",error); - return false ; - } - } - else - { - xmlsec_trace("Initializing NSS without profile."); - if ( NSS_NoDB_Init(NULL) != SECSuccess ) - { - xmlsec_trace("Initializing NSS without profile failed."); - char * error = NULL; - PR_GetErrorText(error); - if (error) - xmlsec_trace("%s",error); - return false ; - } - } - out_nss_init = true; - -#if defined SYSTEM_MOZILLA - if (!SECMOD_HasRootCerts()) - { -#endif - deleteRootsModule(); - -#if defined SYSTEM_MOZILLA - OUString rootModule(RTL_CONSTASCII_USTRINGPARAM("libnssckbi"SAL_DLLEXTENSION)); -#else - OUString rootModule(RTL_CONSTASCII_USTRINGPARAM("${OOO_BASE_DIR}/program/libnssckbi"SAL_DLLEXTENSION)); -#endif - ::rtl::Bootstrap::expandMacros(rootModule); - - OUString rootModulePath; - if (::osl::File::E_None == ::osl::File::getSystemPathFromFileURL(rootModule, rootModulePath)) - { - ::rtl::OString ospath = ::rtl::OUStringToOString(rootModulePath, osl_getThreadTextEncoding()); - ::rtl::OStringBuffer pkcs11moduleSpec; - pkcs11moduleSpec.append("name=\""); - pkcs11moduleSpec.append(ROOT_CERTS); - pkcs11moduleSpec.append("\" library=\""); - pkcs11moduleSpec.append(ospath.getStr()); - pkcs11moduleSpec.append("\""); - - SECMODModule * RootsModule = - SECMOD_LoadUserModule( - const_cast<char*>(pkcs11moduleSpec.makeStringAndClear().getStr()), - 0, // no parent - PR_FALSE); // do not recurse - - if (RootsModule) - { - - bool found = RootsModule->loaded; - - SECMOD_DestroyModule(RootsModule); - RootsModule = 0; - if (found) - xmlsec_trace("Added new root certificate module " - "\""ROOT_CERTS"\" contained in \n%s", ospath.getStr()); - else - { - xmlsec_trace("FAILED to load the new root certificate module " - "\""ROOT_CERTS"\" contained in \n%s", ospath.getStr()); - return_value = false; - } - } - else - { - xmlsec_trace("FAILED to add new root certifice module: " - "\""ROOT_CERTS"\" contained in \n%s", ospath.getStr()); - return_value = false; - - } - } - else - { - xmlsec_trace("Adding new root certificate module failed."); - return_value = false; - } -#if SYSTEM_MOZILLA - } -#endif - - return return_value; -} - - -// must be extern "C" because we pass the function pointer to atexit -extern "C" void nsscrypto_finalize() -{ - SECMODModule *RootsModule = SECMOD_FindModule(ROOT_CERTS); - - if (RootsModule) - { - - if (SECSuccess == SECMOD_UnloadUserModule(RootsModule)) - { - xmlsec_trace("Unloaded module \""ROOT_CERTS"\"."); - } - else - { - xmlsec_trace("Failed unloadeding module \""ROOT_CERTS"\"."); - } - SECMOD_DestroyModule(RootsModule); - } - else - { - xmlsec_trace("Unloading module \""ROOT_CERTS - "\" failed because it was not found."); - } - PK11_LogoutAll(); - NSS_Shutdown(); -} -} // namespace - SEInitializer_NssImpl::SEInitializer_NssImpl( - const css::uno::Reference< css::lang::XMultiServiceFactory > &rxMSF) - :mxMSF( rxMSF ) + const css::uno::Reference< css::lang::XMultiServiceFactory > &rxMSF ) + : ONSSInitialize( rxMSF ) { } @@ -414,7 +101,7 @@ cssu::Reference< cssxc::XXMLSecurityContext > SAL_CALL { CERTCertDBHandle *pCertHandle = NULL ; - if( ! *initNSS( mxMSF ) ) + if( !initNSS( mxMSF ) ) return NULL; pCertHandle = CERT_GetDefaultCertDB() ; @@ -450,74 +137,6 @@ cssu::Reference< cssxc::XXMLSecurityContext > SAL_CALL } } -css::uno::Reference< css::xml::crypto::XDigestContext > SAL_CALL SEInitializer_NssImpl::getDigestContext( ::sal_Int32 nDigestID, const css::uno::Sequence< css::beans::NamedValue >& aParams ) - throw (css::lang::IllegalArgumentException, css::uno::RuntimeException) -{ - SECOidTag nNSSDigestID = SEC_OID_UNKNOWN; - sal_Int32 nDigestLength = 0; - bool b1KData = false; - if ( nDigestID == css::xml::crypto::DigestID::SHA256 - || nDigestID == css::xml::crypto::DigestID::SHA256_1K ) - { - nNSSDigestID = SEC_OID_SHA256; - nDigestLength = 32; - b1KData = ( nDigestID == css::xml::crypto::DigestID::SHA256_1K ); - } - else if ( nDigestID == css::xml::crypto::DigestID::SHA1 - || nDigestID == css::xml::crypto::DigestID::SHA1_1K ) - { - nNSSDigestID = SEC_OID_SHA1; - nDigestLength = 20; - b1KData = ( nDigestID == css::xml::crypto::DigestID::SHA1_1K ); - } - else - throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected digest requested." ) ), css::uno::Reference< css::uno::XInterface >(), 1 ); - - if ( aParams.getLength() ) - throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected arguments provided for digest creation." ) ), css::uno::Reference< css::uno::XInterface >(), 2 ); - - css::uno::Reference< css::xml::crypto::XDigestContext > xResult; - if( *initNSS( mxMSF ) ) - { - PK11Context* pContext = PK11_CreateDigestContext( nNSSDigestID ); - if ( pContext && PK11_DigestBegin( pContext ) == SECSuccess ) - xResult = new ODigestContext( pContext, nDigestLength, b1KData ); - } - - return xResult; -} - -css::uno::Reference< css::xml::crypto::XCipherContext > SAL_CALL SEInitializer_NssImpl::getCipherContext( ::sal_Int32 nCipherID, const css::uno::Sequence< ::sal_Int8 >& aKey, const css::uno::Sequence< ::sal_Int8 >& aInitializationVector, ::sal_Bool bEncryption, const css::uno::Sequence< css::beans::NamedValue >& aParams ) - throw (css::lang::IllegalArgumentException, css::uno::RuntimeException) -{ - CK_MECHANISM_TYPE nNSSCipherID = -1; - bool bW3CPadding = false; - if ( nCipherID == css::xml::crypto::CipherID::AES_CBC_W3C_PADDING ) - { - nNSSCipherID = CKM_AES_CBC; - bW3CPadding = true; - - if ( aKey.getLength() != 16 && aKey.getLength() != 24 && aKey.getLength() != 32 ) - throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected key length." ) ), css::uno::Reference< css::uno::XInterface >(), 2 ); - - if ( aParams.getLength() ) - throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected arguments provided for cipher creation." ) ), css::uno::Reference< css::uno::XInterface >(), 5 ); - } - else - throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected cipher requested." ) ), css::uno::Reference< css::uno::XInterface >(), 1 ); - - css::uno::Reference< css::xml::crypto::XCipherContext > xResult; - if( *initNSS( mxMSF ) ) - { - if ( aInitializationVector.getLength() != PK11_GetIVLength( nNSSCipherID ) ) - throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected length of initialization vector." ) ), css::uno::Reference< css::uno::XInterface >(), 3 ); - - xResult = OCipherContext::Create( nNSSCipherID, aKey, aInitializationVector, bEncryption, bW3CPadding ); - } - - return xResult; -} - rtl::OUString SEInitializer_NssImpl_getImplementationName () throw (cssu::RuntimeException) { diff --git a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx index 350071064ee6..8cbdf160257b 100644 --- a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx +++ b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx @@ -30,40 +30,21 @@ #include <com/sun/star/xml/crypto/XXMLSecurityContext.hpp> #include <com/sun/star/xml/crypto/XSEInitializer.hpp> -#include <com/sun/star/xml/crypto/XDigestContextSupplier.hpp> -#include <com/sun/star/xml/crypto/XCipherContextSupplier.hpp> -#include <com/sun/star/lang/XUnoTunnel.hpp> -#include <com/sun/star/lang/XServiceInfo.hpp> -#include <com/sun/star/lang/XMultiServiceFactory.hpp> -#include <cppuhelper/implbase4.hxx> +#include <cppuhelper/implbase1.hxx> #include <libxml/tree.h> -class SEInitializer_NssImpl : public cppu::WeakImplHelper4 +#include "nssinitializer.hxx" + +class SEInitializer_NssImpl : public cppu::ImplInheritanceHelper1 < - ::com::sun::star::xml::crypto::XSEInitializer, - ::com::sun::star::xml::crypto::XDigestContextSupplier, - ::com::sun::star::xml::crypto::XCipherContextSupplier, - ::com::sun::star::lang::XServiceInfo + ONSSInitializer, + ::com::sun::star::xml::crypto::XSEInitializer > -/****** SEInitializer_NssImpl.hxx/CLASS SEInitializer_NssImpl *********** - * - * NAME - * SEInitializer_NssImpl -- Class to initialize a Security Context - * instance - * - * FUNCTION - * Use this class to initialize a XmlSec based Security Context - * instance. After this instance is used up, use this class to free this - * instance. - ******************************************************************************/ { -private: - ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory > mxMSF; - public: - SEInitializer_NssImpl(const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory > &rxMSF); + SEInitializer_NssImpl( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory > &rxMSF ); virtual ~SEInitializer_NssImpl(); /* XSEInitializer */ @@ -72,12 +53,6 @@ public: SAL_CALL createSecurityContext( const ::rtl::OUString& ) throw (::com::sun::star::uno::RuntimeException); - /* XDigestContextSupplier */ - virtual ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XDigestContext > SAL_CALL getDigestContext( ::sal_Int32 nDigestID, const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue >& aParams ) throw (::com::sun::star::lang::IllegalArgumentException, ::com::sun::star::uno::RuntimeException); - - /* XCipherContextSupplier */ - virtual ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XCipherContext > SAL_CALL getCipherContext( ::sal_Int32 nCipherID, const ::com::sun::star::uno::Sequence< ::sal_Int8 >& aKey, const ::com::sun::star::uno::Sequence< ::sal_Int8 >& aInitializationVector, ::sal_Bool bEncryption, const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue >& aParams ) throw (::com::sun::star::lang::IllegalArgumentException, ::com::sun::star::uno::RuntimeException); - /* XServiceInfo */ virtual rtl::OUString SAL_CALL getImplementationName( ) throw (::com::sun::star::uno::RuntimeException); diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx index 287dce6408ef..929ea91955be 100644 --- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx @@ -125,13 +125,13 @@ sal_Int16 SAL_CALL X509Certificate_NssImpl :: getVersion() throw ( ::com::sun::s //Convert the time to readable local time PR_ExplodeTime( notBefore, PR_LocalTimeParameters, &explTime ) ; - dateTime.HundredthSeconds = explTime.tm_usec / 1000 ; - dateTime.Seconds = explTime.tm_sec ; - dateTime.Minutes = explTime.tm_min ; - dateTime.Hours = explTime.tm_hour ; - dateTime.Day = explTime.tm_mday ; - dateTime.Month = explTime.tm_month+1 ; - dateTime.Year = explTime.tm_year ; + dateTime.HundredthSeconds = static_cast< sal_Int16 >( explTime.tm_usec / 1000 ); + dateTime.Seconds = static_cast< sal_Int16 >( explTime.tm_sec ); + dateTime.Minutes = static_cast< sal_Int16 >( explTime.tm_min ); + dateTime.Hours = static_cast< sal_Int16 >( explTime.tm_hour ); + dateTime.Day = static_cast< sal_Int16 >( explTime.tm_mday ); + dateTime.Month = static_cast< sal_Int16 >( explTime.tm_month+1 ); + dateTime.Year = static_cast< sal_Int16 >( explTime.tm_year ); return dateTime ; } else { @@ -154,13 +154,13 @@ sal_Int16 SAL_CALL X509Certificate_NssImpl :: getVersion() throw ( ::com::sun::s //Convert the time to readable local time PR_ExplodeTime( notAfter, PR_LocalTimeParameters, &explTime ) ; - dateTime.HundredthSeconds = explTime.tm_usec / 1000 ; - dateTime.Seconds = explTime.tm_sec ; - dateTime.Minutes = explTime.tm_min ; - dateTime.Hours = explTime.tm_hour ; - dateTime.Day = explTime.tm_mday ; - dateTime.Month = explTime.tm_month+1 ; - dateTime.Year = explTime.tm_year ; + dateTime.HundredthSeconds = static_cast< sal_Int16 >( explTime.tm_usec / 1000 ); + dateTime.Seconds = static_cast< sal_Int16 >( explTime.tm_sec ); + dateTime.Minutes = static_cast< sal_Int16 >( explTime.tm_min ); + dateTime.Hours = static_cast< sal_Int16 >( explTime.tm_hour ); + dateTime.Day = static_cast< sal_Int16 >( explTime.tm_mday ); + dateTime.Month = static_cast< sal_Int16 >( explTime.tm_month+1 ); + dateTime.Year = static_cast< sal_Int16 >( explTime.tm_year ); return dateTime ; } else { diff --git a/xmlsecurity/source/xmlsec/nss/xsec_nss.cxx b/xmlsecurity/source/xmlsec/nss/xsec_nss.cxx index 759b79a27fee..03d32451759c 100644 --- a/xmlsecurity/source/xmlsec/nss/xsec_nss.cxx +++ b/xmlsecurity/source/xmlsec/nss/xsec_nss.cxx @@ -56,21 +56,41 @@ void* SAL_CALL nss_component_getFactory( const sal_Char* pImplName , void* pServ void* pRet = 0; Reference< XSingleServiceFactory > xFactory ; - if( pImplName != NULL && pServiceManager != NULL ) { - if( XMLSignature_NssImpl::impl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) { + if( pImplName != NULL && pServiceManager != NULL ) + { +#ifdef XMLSEC_CRYPTO_NSS + if( SEInitializer_NssImpl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) + { + xFactory = Reference< XSingleServiceFactory >( createSingleFactory( + reinterpret_cast< XMultiServiceFactory * >( pServiceManager ), + OUString::createFromAscii( pImplName ), + SEInitializer_NssImpl_createInstance, SEInitializer_NssImpl_getSupportedServiceNames() ) ); + } + else if( XMLSignature_NssImpl::impl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) + { xFactory = XMLSignature_NssImpl::impl_createFactory( reinterpret_cast< XMultiServiceFactory* >( pServiceManager ) ) ; - } else if( XMLSecurityContext_NssImpl::impl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) { + } + else if( XMLSecurityContext_NssImpl::impl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) + { xFactory = XMLSecurityContext_NssImpl::impl_createFactory( reinterpret_cast< XMultiServiceFactory* >( pServiceManager ) ) ; - } else if( SecurityEnvironment_NssImpl::impl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) { + } + else if( SecurityEnvironment_NssImpl::impl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) + { xFactory = SecurityEnvironment_NssImpl::impl_createFactory( reinterpret_cast< XMultiServiceFactory* >( pServiceManager ) ) ; - } else if( XMLEncryption_NssImpl::impl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) { + } + else if( XMLEncryption_NssImpl::impl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) + { xFactory = XMLEncryption_NssImpl::impl_createFactory( reinterpret_cast< XMultiServiceFactory* >( pServiceManager ) ) ; - } else if( SEInitializer_NssImpl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) { + } +#else + if( ONSSInitializer_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) + { xFactory = Reference< XSingleServiceFactory >( createSingleFactory( reinterpret_cast< XMultiServiceFactory * >( pServiceManager ), OUString::createFromAscii( pImplName ), - SEInitializer_NssImpl_createInstance, SEInitializer_NssImpl_getSupportedServiceNames() ) ); + ONSSInitializer_createInstance, ONSSInitializer_getSupportedServiceNames() ) ); } +#endif } if( xFactory.is() ) { diff --git a/xmlsecurity/util/makefile.mk b/xmlsecurity/util/makefile.mk index 75ef30c7c5ac..4f60f4babe0e 100644 --- a/xmlsecurity/util/makefile.mk +++ b/xmlsecurity/util/makefile.mk @@ -83,10 +83,10 @@ SHL2LIBS= \ .IF "$(CRYPTO_ENGINE)" == "mscrypto" SHL2LIBS += \ $(SLB)$/xs_mscrypt.lib -.ELSE +.ENDIF + SHL2LIBS += \ $(SLB)$/xs_nss.lib -.ENDIF .ENDIF @@ -117,19 +117,22 @@ SHL2STDLIBS += $(NSS_LIB) .IF "$(CRYPTO_ENGINE)" == "mscrypto" SHL2STDLIBS+= $(MSCRYPTOLIBS) +# SHL2STDLIBS+= $(XMLSECLIB) $(LIBXML2LIB) $(NSS3LIB) $(NSPR4LIB) $(PLC4LIB) +SHL2STDLIBS+= $(NSS3LIB) $(NSPR4LIB) .ELSE SHL2STDLIBS+= $(NSSCRYPTOLIBS) .ENDIF + SHL2IMPLIB = $(SHL2TARGET) SHL2DEF = $(MISC)$/$(SHL2TARGET).def DEF2NAME = $(SHL2TARGET) .IF "$(CRYPTO_ENGINE)" == "mscrypto" DEF2EXPORTFILE = exports_xsmscrypt.dxp -.ELSE -DEF2EXPORTFILE = exports_xsnss.dxp .ENDIF +DEF2EXPORTFILE = exports_xsnss.dxp + SRSFILELIST= \ $(SRS)$/component.srs \ $(SRS)$/dialogs.srs diff --git a/xmlsecurity/util/xsec_xmlsec.windows.component b/xmlsecurity/util/xsec_xmlsec.windows.component index 58a89af442d4..7b4ef87a9480 100644 --- a/xmlsecurity/util/xsec_xmlsec.windows.component +++ b/xmlsecurity/util/xsec_xmlsec.windows.component @@ -31,7 +31,7 @@ <implementation name="com.sun.star.security.SerialNumberAdapter"> <service name="com.sun.star.security.SerialNumberAdapter"/> </implementation> - <implementation name="com.sun.star.xml.security.bridge.xmlsec.SEInitializer_NssImpl"> + <implementation name="com.sun.star.xml.security.bridge.xmlsec.NSSInitializer_NssImpl"> <service name="com.sun.star.xml.crypto.NSSInitializer"/> </implementation> <implementation name="com.sun.star.xml.security.bridge.xmlsec.SEInitializer_MSCryptImpl"> |