diff options
author | Tomaž Vajngerl <tomaz.vajngerl@collabora.co.uk> | 2018-10-18 10:34:14 +0200 |
---|---|---|
committer | Miklos Vajna <vmiklos@collabora.co.uk> | 2018-11-08 15:06:34 +0100 |
commit | 38cb72b307e5fdc4c4bd70a4841dac306892ff0c (patch) | |
tree | 8b6d40fa2c77d03a7ae601e1c618d0829aaae968 /xmlsecurity | |
parent | 728718b0fe7c5697bd7e96b008f6d911d31c7279 (diff) |
xmlsecurity: implement XCertificateCreator for NSS backend
Reviewed-on: https://gerrit.libreoffice.org/61914
Tested-by: Jenkins
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
(cherry picked from commit ef2623b712d7417d8135279d654a16de2caf56fc)
Conflicts:
xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
Change-Id: I28aa17e6c97494769185ed289836524064030f39
Diffstat (limited to 'xmlsecurity')
-rw-r--r-- | xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx | 67 | ||||
-rw-r--r-- | xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx | 12 |
2 files changed, 66 insertions, 13 deletions
diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx index 3ba0062e86b4..035896932ed3 100644 --- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx @@ -26,7 +26,6 @@ #include <sal/macros.h> #include <osl/diagnose.h> #include "securityenvironment_nssimpl.hxx" -#include "x509certificate_nssimpl.hxx" #include <comphelper/servicehelper.hxx> #include <xmlsec-wrapper.h> @@ -528,20 +527,23 @@ Sequence< Reference < XCertificate > > SecurityEnvironment_NssImpl::buildCertifi return Sequence< Reference < XCertificate > >(); } -Reference< XCertificate > SecurityEnvironment_NssImpl::createCertificateFromRaw( const Sequence< sal_Int8 >& rawCertificate ) { - X509Certificate_NssImpl* xcert ; - - if( rawCertificate.getLength() > 0 ) { - xcert = new X509Certificate_NssImpl() ; - if( xcert == nullptr ) - throw RuntimeException() ; +X509Certificate_NssImpl* SecurityEnvironment_NssImpl::createX509CertificateFromDER(const css::uno::Sequence<sal_Int8>& aDerCertificate) +{ + X509Certificate_NssImpl* pX509Certificate = nullptr; - xcert->setRawCert( rawCertificate ) ; - } else { - xcert = nullptr ; + if (aDerCertificate.getLength() > 0) + { + pX509Certificate = new X509Certificate_NssImpl(); + if (pX509Certificate == nullptr) + throw RuntimeException(); + pX509Certificate->setRawCert(aDerCertificate); } + return pX509Certificate; +} - return xcert ; +Reference<XCertificate> SecurityEnvironment_NssImpl::createCertificateFromRaw(const Sequence< sal_Int8 >& rawCertificate) +{ + return createX509CertificateFromDER(rawCertificate); } Reference< XCertificate > SecurityEnvironment_NssImpl::createCertificateFromAscii( const OUString& asciiCertificate ) @@ -968,4 +970,45 @@ void SecurityEnvironment_NssImpl::destroyKeysManager(xmlSecKeysMngrPtr pKeysMngr } } +uno::Reference<security::XCertificate> SecurityEnvironment_NssImpl::createDERCertificateWithPrivateKey( + Sequence<sal_Int8> const & raDERCertificate, Sequence<sal_Int8> const & raPrivateKey) +{ + SECStatus nStatus = SECSuccess; + + PK11SlotInfo* pSlot = PK11_GetInternalKeySlot(); + if (!pSlot) + return uno::Reference<security::XCertificate>(); + + SECItem pDerPrivateKeyInfo; + pDerPrivateKeyInfo.data = reinterpret_cast<unsigned char *>(const_cast<sal_Int8 *>(raPrivateKey.getConstArray())); + pDerPrivateKeyInfo.len = raPrivateKey.getLength(); + + const unsigned int keyUsage = KU_KEY_ENCIPHERMENT | KU_DATA_ENCIPHERMENT | KU_DIGITAL_SIGNATURE; + SECKEYPrivateKey* pPrivateKey = nullptr; + + bool bPermanent = false; + bool bSensitive = false; + + nStatus = PK11_ImportDERPrivateKeyInfoAndReturnKey( + pSlot, &pDerPrivateKeyInfo, nullptr, nullptr, bPermanent, bSensitive, + keyUsage, &pPrivateKey, nullptr); + + if (nStatus != SECSuccess) + return uno::Reference<security::XCertificate>(); + + if (!pPrivateKey) + return uno::Reference<security::XCertificate>(); + + X509Certificate_NssImpl* pX509Certificate = createX509CertificateFromDER(raDERCertificate); + if (!pX509Certificate) + return uno::Reference<security::XCertificate>(); + + addCryptoSlot(pSlot); + + CERTCertificate* pCERTCertificate = const_cast<CERTCertificate*>(pX509Certificate->getNssCert()); + pCERTCertificate->slot = pSlot; + + return pX509Certificate; +} + /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx index 0e47cd9d4213..becde1168661 100644 --- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx +++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx @@ -31,11 +31,14 @@ #include <com/sun/star/lang/XServiceInfo.hpp> #include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp> +#include <com/sun/star/xml/crypto/XCertificateCreator.hpp> #include <com/sun/star/security/XCertificate.hpp> #include <com/sun/star/security/CertificateCharacters.hpp> #include <com/sun/star/security/CertificateValidity.hpp> #include <com/sun/star/lang/XUnoTunnel.hpp> +#include "x509certificate_nssimpl.hxx" + #include <osl/mutex.hxx> #include <pk11func.h> @@ -46,7 +49,8 @@ #include <xmlsec-wrapper.h> class SecurityEnvironment_NssImpl : public ::cppu::WeakImplHelper< - css::xml::crypto::XSecurityEnvironment , + css::xml::crypto::XSecurityEnvironment, + css::xml::crypto::XCertificateCreator, css::lang::XServiceInfo, css::lang::XUnoTunnel > { @@ -137,6 +141,10 @@ private: virtual css::uno::Reference< css::security::XCertificate > SAL_CALL createCertificateFromRaw( const css::uno::Sequence< sal_Int8 >& rawCertificate ) override ; virtual css::uno::Reference< css::security::XCertificate > SAL_CALL createCertificateFromAscii( const OUString& asciiCertificate ) override ; + // Methods of XCertificateCreator + css::uno::Reference<css::security::XCertificate> SAL_CALL createDERCertificateWithPrivateKey( + css::uno::Sequence<sal_Int8> const & raDERCertificate, + css::uno::Sequence<sal_Int8> const & raPrivateKey) override; //Native methods /// @throws css::uno::RuntimeException @@ -148,6 +156,8 @@ private: private: void updateSlots(); + X509Certificate_NssImpl* createX509CertificateFromDER(const css::uno::Sequence<sal_Int8>& aDerCertificate); + /// @throws css::uno::Exception /// @throws css::uno::RuntimeException void addCryptoSlot( PK11SlotInfo* aSlot ) ; |