xmlsecurity: implement support for building against system-xmlsec

The only remaining difference is that in the system-xmlsec case we work
with the default key manager, not with the one that's only added by our
xmlsec patches.

This works for me for the uses I know of (see
<https://lists.freedesktop.org/archives/libreoffice/2017-February/076947.html>
for the motivation): signing and verifying of different signatures (bad
signature, good with non-trusted CA, good with trusted CA) with
software-based certificates all behave as expected.

Change-Id: If3f3e2b8373ab7397db3f98070a5a2ce51fa7c06
Reviewed-on: https://gerrit.libreoffice.org/39075
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/39274
Reviewed-by: Michael Stahl <mstahl@redhat.com>
Reviewed-by: Rene Engelhard <rene@debian.org>
Tested-by: Rene Engelhard <rene@debian.org>

3 files changed, 18 insertions, 1 deletions

diff --git a/xmlsecurity/Library_xsec_xmlsec.mk b/xmlsecurity/Library_xsec_xmlsec.mk
index 639fe55f5add..5c3e20a9b970 100644
--- a/xmlsecurity/Library_xsec_xmlsec.mk
+++ b/xmlsecurity/Library_xsec_xmlsec.mk
@@ -46,12 +46,16 @@ $(eval $(call gb_Library_use_libraries,xsec_xmlsec,\
 	xo \
 ))
 
+ifeq ($(SYSTEM_XMLSEC),)
 $(eval $(call gb_Library_use_packages,xsec_xmlsec,\
 	xmlsec \
 ))
+endif
+
 $(eval $(call gb_Library_use_externals,xsec_xmlsec,\
 	boost_headers \
 	libxml2 \
+	xmlsec \
 	nss3 \
 ))
 ifneq ($(filter-out WNT MACOSX ANDROID IOS,$(OS)),)
@@ -130,12 +134,16 @@ $(eval $(call gb_Library_add_libs,xsec_xmlsec,\
 	$(call gb_UnpackedTarball_get_dir,xmlsec)/src/.libs/libxmlsec1.a \
 ))
 else
+
+ifeq ($(SYSTEM_XMLSEC),)
 $(eval $(call gb_Library_add_libs,xsec_xmlsec,\
 	$(call gb_UnpackedTarball_get_dir,xmlsec)/src/nss/.libs/libxmlsec1-nss.a \
 	$(call gb_UnpackedTarball_get_dir,xmlsec)/src/.libs/libxmlsec1.a \
 ))
 endif
 
+endif
+
 $(eval $(call gb_Library_use_externals,xsec_xmlsec,\
 	plc4 \
 ))
diff --git a/xmlsecurity/inc/xmlsec-wrapper.h b/xmlsecurity/inc/xmlsec-wrapper.h
index 4a8a6554311b..6047d516a9ce 100644
--- a/xmlsecurity/inc/xmlsec-wrapper.h
+++ b/xmlsecurity/inc/xmlsec-wrapper.h
@@ -25,7 +25,7 @@
 #include <sal/types.h>
 
 // Cf. xmlsec's configure.in (but which isn't used for MSVC):
-#if !defined _MSC_VER && SAL_TYPES_SIZEOFPOINTER != 4
+#if !defined _MSC_VER && SAL_TYPES_SIZEOFPOINTER != 4 && !defined SYSTEM_XMLSEC
 #define XMLSEC_NO_SIZE_T
 #endif
 
diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
index a5b29017d180..5273c1c444d3 100644
--- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
@@ -897,6 +897,7 @@ xmlSecKeysMngrPtr SecurityEnvironment_NssImpl::createKeysManager() {
     for (CIT_SLOTS islots = m_Slots.begin();islots != m_Slots.end(); ++islots, ++count)
         slots[count] = *islots;
 
+#ifndef SYSTEM_XMLSEC
     xmlSecKeysMngrPtr pKeysMngr = xmlSecNssAppliedKeysMngrCreate(slots, cSlots, m_pHandler ) ;
     if( pKeysMngr == nullptr )
         throw RuntimeException() ;
@@ -930,6 +931,14 @@ xmlSecKeysMngrPtr SecurityEnvironment_NssImpl::createKeysManager() {
             throw RuntimeException() ;
         }
     }
+#else // SYSTEM_XMLSEC
+    xmlSecKeysMngrPtr pKeysMngr = xmlSecKeysMngrCreate();
+    if (!pKeysMngr)
+        throw RuntimeException();
+
+    if (xmlSecNssAppDefaultKeysMngrInit(pKeysMngr) < 0)
+        throw RuntimeException();
+#endif // SYSTEM_XMLSEC
 
     // Adopt the private key of the signing certificate, if it has any.
     if (auto pCertificate = dynamic_cast<X509Certificate_NssImpl*>(m_xSigningCertificate.get()))