xmlsecurity: implement XCertificateCreator for NSS backend

Reviewed-on: https://gerrit.libreoffice.org/61914 Tested-by: Jenkins Reviewed-by: Tomaž Vajngerl <quikee@gmail.com> (cherry picked from commit ef2623b712d7417d8135279d654a16de2caf56fc) Conflicts: xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx Change-Id: I28aa17e6c97494769185ed289836524064030f39
author: Tomaž Vajngerl <tomaz.vajngerl@collabora.co.uk> 2018-10-18 10:34:14 +0200
committer: Miklos Vajna <vmiklos@collabora.co.uk> 2018-11-08 15:06:34 +0100
commit: 38cb72b307e5fdc4c4bd70a4841dac306892ff0c (patch)
tree: 8b6d40fa2c77d03a7ae601e1c618d0829aaae968 /xmlsecurity
parent: 728718b0fe7c5697bd7e96b008f6d911d31c7279 (diff)
2 files changed, 66 insertions, 13 deletions
diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
index 3ba0062e86b4..035896932ed3 100644
--- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
@@ -26,7 +26,6 @@
 #include <sal/macros.h>
 #include <osl/diagnose.h>
 #include "securityenvironment_nssimpl.hxx"
-#include "x509certificate_nssimpl.hxx"
 #include <comphelper/servicehelper.hxx>
 
 #include <xmlsec-wrapper.h>
@@ -528,20 +527,23 @@ Sequence< Reference < XCertificate > > SecurityEnvironment_NssImpl::buildCertifi
     return Sequence< Reference < XCertificate > >();
 }
 
-Reference< XCertificate > SecurityEnvironment_NssImpl::createCertificateFromRaw( const Sequence< sal_Int8 >& rawCertificate ) {
-    X509Certificate_NssImpl* xcert ;
-
-    if( rawCertificate.getLength() > 0 ) {
-        xcert = new X509Certificate_NssImpl() ;
-        if( xcert == nullptr )
-            throw RuntimeException() ;
+X509Certificate_NssImpl* SecurityEnvironment_NssImpl::createX509CertificateFromDER(const css::uno::Sequence<sal_Int8>& aDerCertificate)
+{
+    X509Certificate_NssImpl* pX509Certificate = nullptr;
 
-        xcert->setRawCert( rawCertificate ) ;
-    } else {
-        xcert = nullptr ;
+    if (aDerCertificate.getLength() > 0)
+    {
+        pX509Certificate = new X509Certificate_NssImpl();
+        if (pX509Certificate == nullptr)
+            throw RuntimeException();
+        pX509Certificate->setRawCert(aDerCertificate);
     }
+    return pX509Certificate;
+}
 
-    return xcert ;
+Reference<XCertificate> SecurityEnvironment_NssImpl::createCertificateFromRaw(const Sequence< sal_Int8 >& rawCertificate)
+{
+    return createX509CertificateFromDER(rawCertificate);
 }
 
 Reference< XCertificate > SecurityEnvironment_NssImpl::createCertificateFromAscii( const OUString& asciiCertificate )
@@ -968,4 +970,45 @@ void SecurityEnvironment_NssImpl::destroyKeysManager(xmlSecKeysMngrPtr pKeysMngr
     }
 }
 
+uno::Reference<security::XCertificate> SecurityEnvironment_NssImpl::createDERCertificateWithPrivateKey(
+        Sequence<sal_Int8> const & raDERCertificate, Sequence<sal_Int8> const & raPrivateKey)
+{
+    SECStatus nStatus = SECSuccess;
+
+    PK11SlotInfo* pSlot = PK11_GetInternalKeySlot();
+    if (!pSlot)
+        return uno::Reference<security::XCertificate>();
+
+    SECItem pDerPrivateKeyInfo;
+    pDerPrivateKeyInfo.data = reinterpret_cast<unsigned char *>(const_cast<sal_Int8 *>(raPrivateKey.getConstArray()));
+    pDerPrivateKeyInfo.len = raPrivateKey.getLength();
+
+    const unsigned int keyUsage = KU_KEY_ENCIPHERMENT | KU_DATA_ENCIPHERMENT | KU_DIGITAL_SIGNATURE;
+    SECKEYPrivateKey* pPrivateKey = nullptr;
+
+    bool bPermanent = false;
+    bool bSensitive = false;
+
+    nStatus = PK11_ImportDERPrivateKeyInfoAndReturnKey(
+          pSlot, &pDerPrivateKeyInfo, nullptr, nullptr, bPermanent, bSensitive,
+          keyUsage, &pPrivateKey, nullptr);
+
+    if (nStatus != SECSuccess)
+        return uno::Reference<security::XCertificate>();
+
+    if (!pPrivateKey)
+        return uno::Reference<security::XCertificate>();
+
+    X509Certificate_NssImpl* pX509Certificate = createX509CertificateFromDER(raDERCertificate);
+    if (!pX509Certificate)
+        return uno::Reference<security::XCertificate>();
+
+    addCryptoSlot(pSlot);
+
+    CERTCertificate* pCERTCertificate = const_cast<CERTCertificate*>(pX509Certificate->getNssCert());
+    pCERTCertificate->slot = pSlot;
+
+    return pX509Certificate;
+}
+
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx
index 0e47cd9d4213..becde1168661 100644
--- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx
+++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx
@@ -31,11 +31,14 @@
 
 #include <com/sun/star/lang/XServiceInfo.hpp>
 #include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp>
+#include <com/sun/star/xml/crypto/XCertificateCreator.hpp>
 #include <com/sun/star/security/XCertificate.hpp>
 #include <com/sun/star/security/CertificateCharacters.hpp>
 #include <com/sun/star/security/CertificateValidity.hpp>
 #include <com/sun/star/lang/XUnoTunnel.hpp>
 
+#include "x509certificate_nssimpl.hxx"
+
 #include <osl/mutex.hxx>
 
 #include <pk11func.h>
@@ -46,7 +49,8 @@
 #include <xmlsec-wrapper.h>
 
 class SecurityEnvironment_NssImpl : public ::cppu::WeakImplHelper<
-    css::xml::crypto::XSecurityEnvironment ,
+    css::xml::crypto::XSecurityEnvironment,
+    css::xml::crypto::XCertificateCreator,
     css::lang::XServiceInfo,
     css::lang::XUnoTunnel >
 {
@@ -137,6 +141,10 @@ private:
         virtual css::uno::Reference< css::security::XCertificate > SAL_CALL createCertificateFromRaw( const css::uno::Sequence< sal_Int8 >& rawCertificate ) override ;
         virtual css::uno::Reference< css::security::XCertificate > SAL_CALL createCertificateFromAscii( const OUString& asciiCertificate ) override ;
 
+        // Methods of XCertificateCreator
+        css::uno::Reference<css::security::XCertificate> SAL_CALL createDERCertificateWithPrivateKey(
+                css::uno::Sequence<sal_Int8> const & raDERCertificate,
+                css::uno::Sequence<sal_Int8> const & raPrivateKey) override;
 
         //Native methods
         /// @throws css::uno::RuntimeException
@@ -148,6 +156,8 @@ private:
 private:
         void updateSlots();
 
+        X509Certificate_NssImpl* createX509CertificateFromDER(const css::uno::Sequence<sal_Int8>& aDerCertificate);
+
           /// @throws css::uno::Exception
           /// @throws css::uno::RuntimeException
           void addCryptoSlot( PK11SlotInfo* aSlot ) ;
author	Tomaž Vajngerl <tomaz.vajngerl@collabora.co.uk>	2018-10-18 10:34:14 +0200
committer	Miklos Vajna <vmiklos@collabora.co.uk>	2018-11-08 15:06:34 +0100
commit	38cb72b307e5fdc4c4bd70a4841dac306892ff0c (patch)
tree	8b6d40fa2c77d03a7ae601e1c618d0829aaae968 /xmlsecurity
parent	728718b0fe7c5697bd7e96b008f6d911d31c7279 (diff)