diff options
| author | Norbert Thiebaud <nthiebaud@gmail.com> | 2011-08-21 18:12:16 -0500 |
|---|---|---|
| committer | Norbert Thiebaud <nthiebaud@gmail.com> | 2011-08-21 18:12:16 -0500 |
| commit | 0d4720d1e1ffcefc43ae2af59c7487ab0bfab2ce (patch) | |
| tree | 7cacea747b7ff3de52f69a8605ef486463201a9c /xmlsecurity | |
| parent | 57b992c0b57daba5f44b5c4cdb08e817f355ea01 (diff) | |
undo anything not wizard related in the previous merge-commit
Diffstat (limited to 'xmlsecurity')
52 files changed, 2218 insertions, 791 deletions
diff --git a/xmlsecurity/inc/xmlsecurity/digitalsignaturesdialog.hxx b/xmlsecurity/inc/xmlsecurity/digitalsignaturesdialog.hxx index dc9e4d454a22..7bc0a1b29de6 100644 --- a/xmlsecurity/inc/xmlsecurity/digitalsignaturesdialog.hxx +++ b/xmlsecurity/inc/xmlsecurity/digitalsignaturesdialog.hxx @@ -134,8 +134,8 @@ public: sal_Bool bReadOnly, const ::rtl::OUString& sODFVersion, bool bHasDocumentSignature); ~DigitalSignaturesDialog(); - // Initialize the dialog and the security environment, returns sal_True on success - sal_Bool Init( const rtl::OUString& rTokenName ); + // Initialize the dialog and the security environment, returns TRUE on success + sal_Bool Init(); // Set the storage which should be signed or verified void SetStorage( const cssu::Reference < css::embed::XStorage >& rxStore ); diff --git a/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx b/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx index 9e416fe37d0f..d0d3bbe8d012 100644 --- a/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx +++ b/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx @@ -133,10 +133,9 @@ public: XMLSignatureHelper(const com::sun::star::uno::Reference< com::sun::star::uno::XComponentContext >& mrCtx ); ~XMLSignatureHelper(); - // Initialize the security context with given crypto token. - // Empty string means default crypto token. - // Returns true for success. - bool Init( const rtl::OUString& rTokenPath ); + // Initialize the security context with default crypto token. + // Returns true for success. + bool Init(); // Set UriBinding to create input streams to open files. // Default implementation is capable to open files from disk. diff --git a/xmlsecurity/qa/certext/User_35_Root_11.crt b/xmlsecurity/qa/certext/User_35_Root_11.crt new file mode 100644 index 000000000000..0092d16c7a60 --- /dev/null +++ b/xmlsecurity/qa/certext/User_35_Root_11.crt @@ -0,0 +1,64 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4130 (0x1022) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11 + Validity + Not Before: Nov 8 10:51:39 2010 GMT + Not After : Nov 8 10:51:39 2011 GMT + Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=User 35 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:9b:36:00:64:f3:ce:93:97:62:19:fa:78:d9:6f: + 92:6a:b9:d2:9a:4e:06:2c:02:52:cd:93:50:84:28: + 19:42:a2:4a:34:e2:cd:e6:b0:39:7a:c8:4d:84:bc: + 71:51:ed:5d:6c:7e:f9:cc:01:5a:4b:73:50:a9:3b: + 5d:ad:cc:89:f7:dc:e0:dd:0a:ff:48:01:a9:34:19: + c0:6a:ee:4b:20:f4:cf:3c:94:c1:ae:88:0f:c9:42: + 1a:a6:47:31:fe:37:04:00:bb:ec:07:5f:cb:ee:70: + c4:c7:7c:6f:ee:03:19:76:de:0b:df:d0:48:91:67: + 55:9b:90:91:f4:ce:56:04:d5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Subject Key Identifier: + 91:47:AC:29:95:5D:EF:72:14:8F:82:45:07:E2:94:49:75:C6:7D:73 + X509v3 Authority Key Identifier: + keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55 + + X509v3 Subject Alternative Name: + DNS:alt.openoffice.org, IP Address:192.168.7.1, IP Address:13:0:0:0:0:0:0:17, email:my@other.address, Registered ID:1.2.3.4, othername:<unsupported>, DirName:/C=DE/O=OpenOffice.org/OU=Development/CN=User 32 Root 11, URI:http://my.url.here/ + Signature Algorithm: sha1WithRSAEncryption + 6e:80:e6:1e:86:3d:d2:65:a6:17:fa:80:2d:2e:dc:85:32:05: + a1:69:82:e1:79:d1:dc:de:69:cd:9e:f0:cc:90:75:a9:45:ee: + 73:46:fe:29:69:c0:99:bb:fc:3a:db:c0:5f:69:c6:b7:ea:9a: + 63:b2:8e:29:2c:a5:5a:88:88:94:75:4b:ab:0a:72:f6:3a:aa: + 5d:6b:3a:5c:b6:9b:57:f5:c1:51:af:df:3c:a6:8a:a3:da:70: + 66:61:49:12:06:78:98:9f:bc:78:3c:43:6d:08:94:aa:32:b6: + f3:cc:af:0d:29:fe:96:47:7d:fe:4a:61:48:90:11:0b:bd:0f: + a0:fd +-----BEGIN CERTIFICATE----- +MIIDajCCAtOgAwIBAgICECIwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx +EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD +VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDExMDgxMDUx +MzlaFw0xMTExMDgxMDUxMzlaMGAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i +dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l +bnQxEDAOBgNVBAMTB1VzZXIgMzUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +AJs2AGTzzpOXYhn6eNlvkmq50ppOBiwCUs2TUIQoGUKiSjTizeawOXrITYS8cVHt +XWx++cwBWktzUKk7Xa3Miffc4N0K/0gBqTQZwGruSyD0zzyUwa6ID8lCGqZHMf43 +BAC77Adfy+5wxMd8b+4DGXbeC9/QSJFnVZuQkfTOVgTVAgMBAAGjggExMIIBLTAL +BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJFHrCmVXe9yFI+CRQfilEl1xn1zMB8GA1Ud +IwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMIHdBgNVHREEgdUwgdKCEmFsdC5v +cGVub2ZmaWNlLm9yZ4cEwKgHAYcQABMAAAAAAAAAAAAAAAAAF4EQbXlAb3RoZXIu +YWRkcmVzc4gDKgMEoB4GAyoDBKAXDBVzb21lIG90aGVyIGlkZW50aWZpZXKkWDBW +MQswCQYDVQQGEwJERTEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT +C0RldmVsb3BtZW50MRgwFgYDVQQDEw9Vc2VyIDMyIFJvb3QgMTGGE2h0dHA6Ly9t +eS51cmwuaGVyZS8wDQYJKoZIhvcNAQEFBQADgYEAboDmHoY90mWmF/qALS7chTIF +oWmC4XnR3N5pzZ7wzJB1qUXuc0b+KWnAmbv8OtvAX2nGt+qaY7KOKSylWoiIlHVL +qwpy9jqqXWs6XLabV/XBUa/fPKaKo9pwZmFJEgZ4mJ+8eDxDbQiUqjK288yvDSn+ +lkd9/kphSJARC70PoP0= +-----END CERTIFICATE----- diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx index 89401fab3b1e..b503a391aff5 100644 --- a/xmlsecurity/source/component/documentdigitalsignatures.cxx +++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx @@ -221,7 +221,7 @@ sal_Bool DocumentDigitalSignatures::ImplViewSignatures( sal_Bool bChanges = sal_False; DigitalSignaturesDialog aSignaturesDialog( NULL, mxCtx, eMode, bReadOnly, m_sODFVersion, m_bHasDocumentSignature); - bool bInit = aSignaturesDialog.Init( rtl::OUString() ); + bool bInit = aSignaturesDialog.Init(); DBG_ASSERT( bInit, "Error initializing security context!" ); if ( bInit ) { @@ -277,7 +277,7 @@ DocumentDigitalSignatures::ImplVerifySignatures( XMLSignatureHelper aSignatureHelper( mxCtx ); - bool bInit = aSignatureHelper.Init( rtl::OUString() ); + bool bInit = aSignatureHelper.Init(); DBG_ASSERT( bInit, "Error initializing security context!" ); @@ -380,7 +380,7 @@ void DocumentDigitalSignatures::manageTrustedSources( ) throw (RuntimeException Reference< dcss::xml::crypto::XSecurityEnvironment > xSecEnv; XMLSignatureHelper aSignatureHelper( mxCtx ); - if ( aSignatureHelper.Init( rtl::OUString() ) ) + if ( aSignatureHelper.Init() ) xSecEnv = aSignatureHelper.GetSecurityEnvironment(); MacroSecurity aDlg( NULL, mxCtx, xSecEnv ); @@ -392,7 +392,7 @@ void DocumentDigitalSignatures::showCertificate( { XMLSignatureHelper aSignatureHelper( mxCtx ); - bool bInit = aSignatureHelper.Init( rtl::OUString() ); + bool bInit = aSignatureHelper.Init(); DBG_ASSERT( bInit, "Error initializing security context!" ); @@ -440,8 +440,6 @@ void DocumentDigitalSignatures::showCertificate( ::ucbhelper::ContentBroker* pBroker = NULL; //warning free code - //if ( aLocObj.GetProtocol() == INET_PROT_FILE && ( pBroker = ::ucbhelper::ContentBroker::get() ) ) - // xContentProvider = pBroker->getContentProviderInterface(); if ( aLocObj.GetProtocol() == INET_PROT_FILE) { pBroker = ::ucbhelper::ContentBroker::get(); diff --git a/xmlsecurity/source/dialogs/certificateviewer.cxx b/xmlsecurity/source/dialogs/certificateviewer.cxx index 1fb5c590602f..1c69f9c2161b 100644 --- a/xmlsecurity/source/dialogs/certificateviewer.cxx +++ b/xmlsecurity/source/dialogs/certificateviewer.cxx @@ -53,19 +53,10 @@ namespace css = ::com::sun::star; namespace { - void ShrinkToFit( FixedImage& _rImage ); - void AdjustPosAndSize( Control& _rCtrl, Point& _rStartIn_EndOut, long _nXOffset = 0 ); - void ShrinkToFit( FixedImage& _rImg ) { _rImg.SetSizePixel( _rImg.GetImage().GetSizePixel() ); } - - void AdjustPosAndSize( Control& _rCtrl, Point& _rStartIn_EndOut, long _nOffs ) - { - _rCtrl.SetPosPixel( _rStartIn_EndOut ); - _rStartIn_EndOut.X() += XmlSec::ShrinkToFitWidth( _rCtrl, _nOffs ); - } } CertificateViewer::CertificateViewer( @@ -300,12 +291,6 @@ CertificateViewerDetailsTP::CertificateViewerDetailsTP( Window* _pParent, Certif aLBEntry = pairIssuer.first; aDetails = pairIssuer.second; InsertElement( String( XMLSEC_RES( STR_ISSUER ) ), aLBEntry, aDetails ); - /* - aSeq = xCert->getIssuerUniqueID(); - aLBEntry = XmlSec::GetHexString( aSeq, pHexSep ); - aDetails = XmlSec::GetHexString( aSeq, pHexSep, nLineBreak ); - InsertElement( String( XMLSEC_RES( STR_ISSUER_ID ) ), aLBEntry, aDetails, true ); - */ DateTime aDateTime; utl::typeConvert( xCert->getNotValidBefore(), aDateTime ); @@ -324,12 +309,7 @@ CertificateViewerDetailsTP::CertificateViewerDetailsTP( Window* _pParent, Certif aLBEntry = pairSubject.first; aDetails = pairSubject.second; InsertElement( String( XMLSEC_RES( STR_SUBJECT ) ), aLBEntry, aDetails ); - /* - aSeq = xCert->getSubjectUniqueID(); - aLBEntry = XmlSec::GetHexString( aSeq, pHexSep ); - aDetails = XmlSec::GetHexString( aSeq, pHexSep, nLineBreak ); - InsertElement( String( XMLSEC_RES( STR_SUBJECT_ID ) ), aLBEntry, aDetails, true ); - */ + aLBEntry = aDetails = xCert->getSubjectPublicKeyAlgorithm(); InsertElement( String( XMLSEC_RES( STR_SUBJECT_PUBKEY_ALGO ) ), aLBEntry, aDetails ); aSeq = xCert->getSubjectPublicKeyValue(); diff --git a/xmlsecurity/source/dialogs/dialogs.hrc b/xmlsecurity/source/dialogs/dialogs.hrc index d315f7ccc020..e8f144577451 100644 --- a/xmlsecurity/source/dialogs/dialogs.hrc +++ b/xmlsecurity/source/dialogs/dialogs.hrc @@ -84,25 +84,19 @@ #define FI_STATE_NOTVALIDATED 12 #define FI_STATE_OLDSIGNATURE 16 -//#define DS_WIDTH DLGS_WIDTH -//#define DS_HEIGHT DLGS_HEIGHT #define DS_BTNWIDTH_1 70 #define DS_BTNSPACE_X RSC_SP_CTRL_X #define DS_WIDTH (RSC_SP_DLG_INNERBORDER_LEFT+RSC_SP_DLG_INNERBORDER_RIGHT+2*DS_BTNSPACE_X+3*DS_BTNWIDTH_1) #define DS_HEIGHT (DLGS_WIDTH*2/3) #define DS_COL_0 RSC_SP_DLG_INNERBORDER_LEFT -//#define DS_COL_MID (DS_WIDTH/2) -//#define DS_COL_3 (DS_COL_MID-(DS_BTNWIDTH_1/2)) -//#define DS_COL_4 (DS_COL_2+DS_BTNWIDTH_1) -//#define DS_COL_2 (DS_COL_3-DS_BTNSPACE_X) -//#define DS_COL_1 (DS_COL_2-DS_BTNWIDTH_1) + #define DS_COL_1 DS_COL_0 #define DS_COL_2 (DS_COL_1+DS_BTNWIDTH_1) #define DS_COL_3 (DS_COL_2+DS_BTNSPACE_X) #define DS_COL_4 (DS_COL_3+DS_BTNWIDTH_1) #define DS_COL_5 (DS_COL_4+DS_BTNSPACE_X) -//#define DS_COL_6 (DS_COL_5+DS_BTNWIDTH_1) + #define DS_COL_7 (DS_WIDTH-RSC_SP_DLG_INNERBORDER_RIGHT) #define DS_COL_6 DS_COL_7 @@ -242,8 +236,6 @@ #define CVP_ROW_3 (CVP_ROW_2+RSC_CD_PUSHBUTTON_HEIGHT) #define CVP_ROW_4 (CVP_ROW_3+RSC_CD_FIXEDTEXT_HEIGHT+RSC_SP_CTRL_DESC_Y) -//#define CV_ROW_0A (CV_ROW_0+RSC_SP_CTRL_DESC_Y+RSC_CD_FIXEDTEXT_HEIGHT) -//#define CV_ROW_2A (CV_ROW_2+RSC_SP_CTRL_DESC_Y+RSC_CD_FIXEDTEXT_HEIGHT) // --------- tab dialog macro security --------- diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx index b77bceab6b41..471e7fbb6f9e 100644 --- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx +++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx @@ -259,9 +259,9 @@ DigitalSignaturesDialog::~DigitalSignaturesDialog() { } -sal_Bool DigitalSignaturesDialog::Init( const rtl::OUString& rTokenName ) +sal_Bool DigitalSignaturesDialog::Init() { - bool bInit = maSignatureHelper.Init( rTokenName ); + bool bInit = maSignatureHelper.Init(); DBG_ASSERT( bInit, "Error initializing security context!" ); diff --git a/xmlsecurity/source/dialogs/macrosecurity.cxx b/xmlsecurity/source/dialogs/macrosecurity.cxx index cb06dc53c936..c50eb835a4fc 100644 --- a/xmlsecurity/source/dialogs/macrosecurity.cxx +++ b/xmlsecurity/source/dialogs/macrosecurity.cxx @@ -371,8 +371,6 @@ MacroSecurityTrustedSourcesTP::MacroSecurityTrustedSourcesTP( Window* _pParent, mbAuthorsReadonly = mpDlg->maSecOptions.IsReadOnly( SvtSecurityOptions::E_MACRO_TRUSTEDAUTHORS ); maTrustCertROFI.Show( mbAuthorsReadonly ); mbAuthorsReadonly ? maTrustCertLB.DisableTable() : maTrustCertLB.EnableTable(); -// unused button -// maAddCertPB.Enable( !mbAuthorsReadonly ); FillCertLB(); diff --git a/xmlsecurity/source/dialogs/resourcemanager.cxx b/xmlsecurity/source/dialogs/resourcemanager.cxx index 09d68d8ca595..73cb5676d783 100644 --- a/xmlsecurity/source/dialogs/resourcemanager.cxx +++ b/xmlsecurity/source/dialogs/resourcemanager.cxx @@ -53,9 +53,6 @@ namespace XmlSec if( !pResMgr ) { ByteString aName( "xmlsec" ); -// pResMgr = ResMgr::CreateResMgr( aName.GetBuffer(), Application::GetSettings().GetUILanguage() ); -// LanguageType aLang( LANGUAGE_ENGLISH_US ); -// pResMgr = ResMgr::CreateResMgr( aName.GetBuffer(), aLang ); // MT: Change to Locale pResMgr = ResMgr::CreateResMgr( aName.GetBuffer() ); } diff --git a/xmlsecurity/source/dialogs/stbcontrl.cxx b/xmlsecurity/source/dialogs/stbcontrl.cxx index 125ca1590068..db5e970ce406 100644 --- a/xmlsecurity/source/dialogs/stbcontrl.cxx +++ b/xmlsecurity/source/dialogs/stbcontrl.cxx @@ -95,13 +95,7 @@ void XmlSecStatusBarControl::StateChanged( sal_uInt16 nSID, SfxItemState eState, void XmlSecStatusBarControl::Command( const CommandEvent& rCEvt ) { // can / has to be done when integrated in Office! -// if( rCEvt.GetCommand() == .... ) - if( false ) - { -// GetBindings().GetDispatcher()->Execute( SID_PSZ_FUNCTION, SFX_CALLMODE_RECORD, &aItem, 0L ); - } - else - SfxStatusBarControl::Command( rCEvt ); + SfxStatusBarControl::Command( rCEvt ); } void XmlSecStatusBarControl::Paint( const UserDrawEvent& rUsrEvt ) diff --git a/xmlsecurity/source/dialogs/warnings.cxx b/xmlsecurity/source/dialogs/warnings.cxx index 995bb6abba8a..43c110a81a14 100644 --- a/xmlsecurity/source/dialogs/warnings.cxx +++ b/xmlsecurity/source/dialogs/warnings.cxx @@ -77,7 +77,6 @@ MacroWarning::MacroWarning( Window* _pParent, uno::Reference< dcss::xml::crypto: maViewSignsBtn.SetClickHdl( LINK( this, MacroWarning, ViewSignsBtnHdl ) ); maEnableBtn.SetClickHdl( LINK( this, MacroWarning, EnableBtnHdl ) ); -// maDisableBtn.SetClickHdl( LINK( this, MacroWarning, DisableBtnHdl ) ); if( mxCert.is() ) maSignsFI.SetText( XmlSec::GetContentPart( mxCert->getSubjectName() ) ); @@ -139,9 +138,4 @@ IMPL_LINK( MacroWarning, EnableBtnHdl, void*, EMPTYARG ) return 0; } -/*IMPL_LINK( MacroWarning, DisableBtnHdl, void*, EMPTYARG ) -{ - return 0; -}*/ - /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/source/framework/buffernode.cxx b/xmlsecurity/source/framework/buffernode.cxx index 3761b27fc090..5be0154ebe11 100644 --- a/xmlsecurity/source/framework/buffernode.cxx +++ b/xmlsecurity/source/framework/buffernode.cxx @@ -286,12 +286,6 @@ rtl::OUString BufferNode::printChildren() const } rc += rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "(" )); - /* - if (((ElementCollector*)(*ii))->isInternalNotificationSuppressed()) - { - rc += rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "*IN-Suppressed* " )); - } - */ rc += rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "SecID=" )); rc += rtl::OUString::valueOf(((ElementCollector*)(*ii))->getSecurityId()); rc += rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( ")" )); diff --git a/xmlsecurity/source/framework/elementcollector.cxx b/xmlsecurity/source/framework/elementcollector.cxx index 341a3fd3f920..2822c9746d39 100644 --- a/xmlsecurity/source/framework/elementcollector.cxx +++ b/xmlsecurity/source/framework/elementcollector.cxx @@ -91,13 +91,6 @@ ElementCollector::ElementCollector( m_type = cssxc::sax::ElementMarkType_ELEMENTCOLLECTOR; } -/* -bool ElementCollector::isInternalNotificationSuppressed() const -{ - return m_bInternalNotificationSuppressed; -} -*/ - cssxc::sax::ElementMarkPriority ElementCollector::getPriority() const { return m_nPriority; diff --git a/xmlsecurity/source/framework/elementcollector.hxx b/xmlsecurity/source/framework/elementcollector.hxx index d08044017e1b..72ed2c87026a 100644 --- a/xmlsecurity/source/framework/elementcollector.hxx +++ b/xmlsecurity/source/framework/elementcollector.hxx @@ -86,7 +86,6 @@ public: xReferenceResolvedListener); virtual ~ElementCollector() {}; - //bool isInternalNotificationSuppressed() const; com::sun::star::xml::crypto::sax::ElementMarkPriority getPriority() const; bool getModify() const; void notifyListener(); diff --git a/xmlsecurity/source/framework/securityengine.hxx b/xmlsecurity/source/framework/securityengine.hxx index 7a36d29bc35b..d6dc0b9117fd 100644 --- a/xmlsecurity/source/framework/securityengine.hxx +++ b/xmlsecurity/source/framework/securityengine.hxx @@ -105,7 +105,6 @@ protected: /* * the status of the operation */ - //bool m_bOperationSucceed; com::sun::star::xml::crypto::SecurityOperationStatus m_nStatus; /* diff --git a/xmlsecurity/source/framework/xmlencryptiontemplateimpl.cxx b/xmlsecurity/source/framework/xmlencryptiontemplateimpl.cxx index 56d69f2558d9..3399663e1332 100644 --- a/xmlsecurity/source/framework/xmlencryptiontemplateimpl.cxx +++ b/xmlsecurity/source/framework/xmlencryptiontemplateimpl.cxx @@ -135,9 +135,6 @@ Reference< XInterface > SAL_CALL XMLEncryptionTemplateImpl :: impl_createInstanc } Reference< XSingleServiceFactory > XMLEncryptionTemplateImpl :: impl_createFactory( const Reference< XMultiServiceFactory >& aServiceManager ) { - //Reference< XSingleServiceFactory > xFactory ; - //xFactory = ::cppu::createSingleFactory( aServiceManager , impl_getImplementationName , impl_createInstance , impl_getSupportedServiceNames ) ; - //return xFactory ; return ::cppu::createSingleFactory( aServiceManager , impl_getImplementationName() , impl_createInstance , impl_getSupportedServiceNames() ) ; } diff --git a/xmlsecurity/source/framework/xmlsignaturetemplateimpl.cxx b/xmlsecurity/source/framework/xmlsignaturetemplateimpl.cxx index 46d5b6f84226..21dd97381a6a 100644 --- a/xmlsecurity/source/framework/xmlsignaturetemplateimpl.cxx +++ b/xmlsecurity/source/framework/xmlsignaturetemplateimpl.cxx @@ -160,9 +160,6 @@ Reference< XInterface > SAL_CALL XMLSignatureTemplateImpl :: impl_createInstance } Reference< XSingleServiceFactory > XMLSignatureTemplateImpl :: impl_createFactory( const Reference< XMultiServiceFactory >& aServiceManager ) { - //Reference< XSingleServiceFactory > xFactory ; - //xFactory = ::cppu::createSingleFactory( aServiceManager , impl_getImplementationName , impl_createInstance , impl_getSupportedServiceNames ) ; - //return xFactory ; return ::cppu::createSingleFactory( aServiceManager , impl_getImplementationName() , impl_createInstance , impl_getSupportedServiceNames() ) ; } diff --git a/xmlsecurity/source/helper/xmlsignaturehelper.cxx b/xmlsecurity/source/helper/xmlsignaturehelper.cxx index 4e74ffd8877b..22a41bb3f4df 100644 --- a/xmlsecurity/source/helper/xmlsignaturehelper.cxx +++ b/xmlsecurity/source/helper/xmlsignaturehelper.cxx @@ -70,11 +70,9 @@ XMLSignatureHelper::XMLSignatureHelper( const uno::Reference< uno::XComponentCon XMLSignatureHelper::~XMLSignatureHelper() { - if ( mxSEInitializer.is() && mxSecurityContext.is() ) - mxSEInitializer->freeSecurityContext( mxSecurityContext ); } -bool XMLSignatureHelper::Init( const rtl::OUString& rTokenPath ) +bool XMLSignatureHelper::Init() { DBG_ASSERT( !mxSEInitializer.is(), "XMLSignatureHelper::Init - mxSEInitializer already set!" ); DBG_ASSERT( !mxSecurityContext.is(), "XMLSignatureHelper::Init - mxSecurityContext already set!" ); @@ -82,7 +80,7 @@ bool XMLSignatureHelper::Init( const rtl::OUString& rTokenPath ) ImplCreateSEInitializer(); if ( mxSEInitializer.is() ) - mxSecurityContext = mxSEInitializer->createSecurityContext( rTokenPath ); + mxSecurityContext = mxSEInitializer->createSecurityContext( ::rtl::OUString() ); return mxSecurityContext.is(); } @@ -402,7 +400,6 @@ sal_Int32 XMLSignatureHelper::GetSecurityEnvironmentNumber() return (mxSecurityContext.is()?(mxSecurityContext->getSecurityEnvironmentNumber()): 0); } - IMPL_LINK( XMLSignatureHelper, SignatureCreationResultListener, XMLSignatureCreationResult*, pResult ) { maCreationResults.insert( maCreationResults.begin() + maCreationResults.size(), *pResult ); diff --git a/xmlsecurity/source/helper/xmlsignaturehelper2.cxx b/xmlsecurity/source/helper/xmlsignaturehelper2.cxx index 9a073f141cd5..fed623cb22b1 100644 --- a/xmlsecurity/source/helper/xmlsignaturehelper2.cxx +++ b/xmlsecurity/source/helper/xmlsignaturehelper2.cxx @@ -32,6 +32,7 @@ #include <xmlsecurity/xmlsignaturehelper.hxx> #include <xmlsignaturehelper2.hxx> +#include <tools/solar.h> #include <unotools/streamhelper.hxx> #include <com/sun/star/embed/XStorage.hpp> diff --git a/xmlsecurity/source/xmlsec/diagnose.cxx b/xmlsecurity/source/xmlsec/diagnose.cxx index 05bf0275f3d1..88002aa1bcb2 100644 --- a/xmlsecurity/source/xmlsec/diagnose.cxx +++ b/xmlsecurity/source/xmlsec/diagnose.cxx @@ -34,8 +34,7 @@ namespace xmlsecurity { -struct UseDiagnose : public rtl::StaticWithInit< - const bool, UseDiagnose> +struct UseDiagnose : public rtl::StaticWithInit< bool, UseDiagnose> { bool operator () () const { diff --git a/xmlsecurity/source/xmlsec/makefile.mk b/xmlsecurity/source/xmlsec/makefile.mk index 44b668b84765..36b30f4f25a3 100644 --- a/xmlsecurity/source/xmlsec/makefile.mk +++ b/xmlsecurity/source/xmlsec/makefile.mk @@ -49,11 +49,11 @@ CFLAGS+=-DSYSTEM_LIBXML $(LIBXML_CFLAGS) .ENDIF .IF "$(CRYPTO_ENGINE)" == "mscrypto" -CDEFS += -DXMLSEC_CRYPTO_MSCRYPTO -DXMLSEC_NO_XSLT -.ELSE -CDEFS += -DXMLSEC_CRYPTO_NSS -DXMLSEC_NO_XSLT +CDEFS += -DXMLSEC_CRYPTO_MSCRYPTO .ENDIF +CDEFS += -DXMLSEC_NO_XSLT + # --- Files -------------------------------------------------------- SLOFILES = \ $(SLO)$/biginteger.obj \ diff --git a/xmlsecurity/source/xmlsec/mscrypt/makefile.mk b/xmlsecurity/source/xmlsec/mscrypt/makefile.mk index 20153edf18e6..2287266de3fa 100644 --- a/xmlsecurity/source/xmlsec/mscrypt/makefile.mk +++ b/xmlsecurity/source/xmlsec/mscrypt/makefile.mk @@ -63,7 +63,8 @@ SLOFILES = \ $(SLO)$/xmlsignature_mscryptimpl.obj \ $(SLO)$/x509certificate_mscryptimpl.obj \ $(SLO)$/seinitializer_mscryptimpl.obj \ - $(SLO)$/xsec_mscrypt.obj + $(SLO)$/xsec_mscrypt.obj \ + $(SLO)$/sanextension_mscryptimpl.obj .ENDIF diff --git a/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx new file mode 100644 index 000000000000..9c47a853d470 --- /dev/null +++ b/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx @@ -0,0 +1,182 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +// MARKER(update_precomp.py): autogen include statement, do not remove +#include "precompiled_xmlsecurity.hxx" +#include <sal/config.h> +#include <rtl/uuid.h> +#include <rtl/ustring.hxx> +#include <com/sun/star/security/ExtAltNameType.hpp> +#include <com/sun/star/security/CertAltNameEntry.hpp> +#include <com/sun/star/beans/NamedValue.hpp> +#include <com/sun/star/uno/Reference.hxx> +#include <comphelper/sequence.hxx> + + +#ifndef _SANEXTENSION_MSCRYPTIMPL_HXX_ +#include "sanextension_mscryptimpl.hxx" +#endif + +using namespace ::com::sun::star; +using namespace ::com::sun::star::uno ; +using namespace ::com::sun::star::security ; +using ::rtl::OUString ; + +using ::com::sun::star::security::XCertificateExtension ; + + +SanExtensionImpl :: SanExtensionImpl() : + m_critical( sal_False ) +{ +} + +SanExtensionImpl :: ~SanExtensionImpl() { +} + + +//Methods from XCertificateExtension +sal_Bool SAL_CALL SanExtensionImpl :: isCritical() throw( ::com::sun::star::uno::RuntimeException ) { + return m_critical ; +} + +::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL SanExtensionImpl :: getExtensionId() throw( ::com::sun::star::uno::RuntimeException ) { + return m_xExtnId ; +} + +::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL SanExtensionImpl :: getExtensionValue() throw( ::com::sun::star::uno::RuntimeException ) { + return m_xExtnValue ; +} + +//Methods from XSanExtension +::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > SAL_CALL SanExtensionImpl :: getAlternativeNames() throw( ::com::sun::star::uno::RuntimeException ){ + + if (!m_Entries.hasElements()) + { + CERT_ALT_NAME_INFO *subjectName; + DWORD size; + CryptDecodeObjectEx(X509_ASN_ENCODING, X509_ALTERNATE_NAME, (unsigned char*) m_xExtnValue.getArray(), m_xExtnValue.getLength(), CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,&subjectName, &size); + + CertAltNameEntry* arrCertAltNameEntry = new CertAltNameEntry[subjectName->cAltEntry]; + + for (unsigned int i = 0; i < (unsigned int)subjectName->cAltEntry; i++){ + PCERT_ALT_NAME_ENTRY pEntry = &subjectName->rgAltEntry[i]; + + switch(pEntry->dwAltNameChoice) { + case CERT_ALT_NAME_OTHER_NAME : + { + arrCertAltNameEntry[i].Type = ExtAltNameType_OTHER_NAME; + PCERT_OTHER_NAME pOtherName = pEntry->pOtherName; + + ::com::sun::star::beans::NamedValue otherNameProp; + otherNameProp.Name = ::rtl::OUString::createFromAscii(pOtherName->pszObjId); + + Sequence< sal_Int8 > otherName( pOtherName->Value.cbData ) ; + for( unsigned int n = 0; n < (unsigned int) pOtherName->Value.cbData ; n ++ ) + otherName[n] = *( pOtherName->Value.pbData + n ) ; + + otherNameProp.Value <<= otherName; + + arrCertAltNameEntry[i].Value <<= otherNameProp; + break; + } + case CERT_ALT_NAME_RFC822_NAME : + arrCertAltNameEntry[i].Type = ExtAltNameType_RFC822_NAME; + arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Unicode*)pEntry->pwszRfc822Name); + break; + case CERT_ALT_NAME_DNS_NAME : + arrCertAltNameEntry[i].Type = ExtAltNameType_DNS_NAME; + arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Unicode*)pEntry->pwszDNSName); + break; + case CERT_ALT_NAME_DIRECTORY_NAME : + { + arrCertAltNameEntry[i].Type = ExtAltNameType_DIRECTORY_NAME; + break; + } + case CERT_ALT_NAME_URL : + arrCertAltNameEntry[i].Type = ExtAltNameType_URL; + arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Unicode*)pEntry->pwszURL); + break; + case CERT_ALT_NAME_IP_ADDRESS : + { + arrCertAltNameEntry[i].Type = ExtAltNameType_IP_ADDRESS; + + Sequence< sal_Int8 > ipAddress( pEntry->IPAddress.cbData ) ; + for( unsigned int n = 0; n < pEntry->IPAddress.cbData ; n ++ ) + ipAddress[n] = *( pEntry->IPAddress.pbData + n ) ; + + arrCertAltNameEntry[i].Value <<= ipAddress; + break; + } + case CERT_ALT_NAME_REGISTERED_ID : + arrCertAltNameEntry[i].Type = ExtAltNameType_REGISTERED_ID; + arrCertAltNameEntry[i].Value <<= ::rtl::OUString::createFromAscii(pEntry->pszRegisteredID); + break; + } + } + m_Entries = ::comphelper::arrayToSequence< com::sun::star::security::CertAltNameEntry >(arrCertAltNameEntry, subjectName->cAltEntry); + + delete [] arrCertAltNameEntry; + } + + return m_Entries; +} + +//Helper method +void SanExtensionImpl :: setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) { + m_critical = critical ; + m_xExtnId = extnId ; + m_xExtnValue = extnValue ; +} + +void SanExtensionImpl :: setCertExtn( unsigned char* value, unsigned int vlen, unsigned char* id, unsigned int idlen, sal_Bool critical ) { + unsigned int i ; + if( value != NULL && vlen != 0 ) { + Sequence< sal_Int8 > extnv( vlen ) ; + for( i = 0; i < vlen ; i ++ ) + extnv[i] = *( value + i ) ; + + m_xExtnValue = extnv ; + } else { + m_xExtnValue = Sequence<sal_Int8>(); + } + + if( id != NULL && idlen != 0 ) { + Sequence< sal_Int8 > extnId( idlen ) ; + for( i = 0; i < idlen ; i ++ ) + extnId[i] = *( id + i ) ; + + m_xExtnId = extnId ; + } else { + m_xExtnId = Sequence<sal_Int8>(); + } + + m_critical = critical ; +} + +void SanExtensionImpl :: extractCertExt () { +} + diff --git a/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.hxx b/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.hxx new file mode 100644 index 000000000000..0fb3616486be --- /dev/null +++ b/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.hxx @@ -0,0 +1,84 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +#ifndef _SANEXTENSION_MSCRYPTIMPL_HXX_ +#define _SANEXTENSION_MSCRYPTIMPL_HXX_ + +#ifdef _MSC_VER +#pragma warning(push,1) +#endif +#include "Windows.h" +#include "WinCrypt.h" +#ifdef _MSC_VER +#pragma warning(pop) +#endif +#include <sal/config.h> +#include <rtl/ustring.hxx> +#include <cppuhelper/factory.hxx> +#include <cppuhelper/implbase1.hxx> +#include <com/sun/star/uno/Exception.hpp> +#include "com/sun/star/uno/SecurityException.hpp" +#include <com/sun/star/uno/Exception.hpp> +#include <com/sun/star/security/XCertificateExtension.hpp> +#include <com/sun/star/security/XSanExtension.hpp> +#include <com/sun/star/security/CertAltNameEntry.hpp> + +class SanExtensionImpl : public ::cppu::WeakImplHelper1< + ::com::sun::star::security::XSanExtension > +{ + private : + sal_Bool m_critical ; + ::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnId ; + ::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnValue ; + + ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > m_Entries; + + public : + SanExtensionImpl() ; + virtual ~SanExtensionImpl() ; + + //Methods from XCertificateExtension + virtual sal_Bool SAL_CALL isCritical() throw( ::com::sun::star::uno::RuntimeException ) ; + + virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getExtensionId() throw( ::com::sun::star::uno::RuntimeException ) ; + + virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getExtensionValue() throw( ::com::sun::star::uno::RuntimeException ) ; + + //Methods from XSanExtension + + virtual ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > SAL_CALL getAlternativeNames() throw( ::com::sun::star::uno::RuntimeException ) ; + + //Helper method + void setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) ; + + void setCertExtn( unsigned char* value, unsigned int vlen, unsigned char* id, unsigned int idlen, sal_Bool critical ) ; + + void extractCertExt() ; +} ; + +#endif // _CERTIFICATEEXTENSION_XMLSECIMPL_HXX_ + diff --git a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx index 94017fe97286..33587ab59d0b 100644 --- a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx +++ b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx @@ -43,7 +43,7 @@ #include "securityenvironment_mscryptimpl.hxx" #include "x509certificate_mscryptimpl.hxx" -#include <rtl/uuid.h> +#include <comphelper/servicehelper.hxx> #include <xmlsec/xmlsec.h> #include <xmlsec/keysmngr.h> @@ -230,17 +230,15 @@ sal_Int64 SAL_CALL SecurityEnvironment_MSCryptImpl :: getSomething( const Sequen } /* XUnoTunnel extension */ + + +namespace +{ + class theSecurityEnvironment_MSCryptImplUnoTunnelId : public rtl::Static< UnoTunnelIdInit, theSecurityEnvironment_MSCryptImplUnoTunnelId > {}; +} + const Sequence< sal_Int8>& SecurityEnvironment_MSCryptImpl :: getUnoTunnelId() { - static Sequence< sal_Int8 >* pSeq = 0 ; - if( !pSeq ) { - ::osl::Guard< ::osl::Mutex > aGuard( ::osl::Mutex::getGlobalMutex() ) ; - if( !pSeq ) { - static Sequence< sal_Int8> aSeq( 16 ) ; - rtl_createUuid( ( sal_uInt8* )aSeq.getArray() , 0 , sal_True ) ; - pSeq = &aSeq ; - } - } - return *pSeq ; + return theSecurityEnvironment_MSCryptImplUnoTunnelId::get().getSeq(); } /* XUnoTunnel extension */ diff --git a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.hxx b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.hxx index 8f0b7c7a9979..c35cd7621a79 100644 --- a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.hxx +++ b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.hxx @@ -57,6 +57,9 @@ #include <list> #include "xmlsec/xmlsec.h" +#include "sal/types.h" + + class SecurityEnvironment_MSCryptImpl : public ::cppu::WeakImplHelper4< ::com::sun::star::xml::crypto::XSecurityEnvironment , ::com::sun::star::lang::XInitialization , diff --git a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx index d5ab2898ee5a..ea2f8ce27e73 100644 --- a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx +++ b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx @@ -29,9 +29,10 @@ // MARKER(update_precomp.py): autogen include statement, do not remove #include "precompiled_xmlsecurity.hxx" #include <sal/config.h> -#include <rtl/uuid.h> +#include <comphelper/servicehelper.hxx> #include "x509certificate_mscryptimpl.hxx" #include "certificateextension_xmlsecimpl.hxx" +#include "sanextension_mscryptimpl.hxx" #include "oid.hxx" @@ -387,7 +388,13 @@ sal_Int16 SAL_CALL X509Certificate_MSCryptImpl :: getVersion() throw ( ::com::su for( unsigned int i = 0; i < m_pCertContext->pCertInfo->cExtension; i++ ) { pExtn = &(m_pCertContext->pCertInfo->rgExtension[i]) ; - xExtn = new CertificateExtension_XmlSecImpl() ; + + ::rtl::OUString objId = ::rtl::OUString::createFromAscii( pExtn->pszObjId ); + + if ( objId.equalsAscii("2.5.29.17") ) + xExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ; + else + xExtn = new CertificateExtension_XmlSecImpl() ; if( xExtn == NULL ) throw RuntimeException() ; @@ -482,17 +489,14 @@ sal_Int64 SAL_CALL X509Certificate_MSCryptImpl :: getSomething( const Sequence< } /* XUnoTunnel extension */ + +namespace +{ + class theX509Certificate_MSCryptImplUnoTunnelId : public rtl::Static< UnoTunnelIdInit, theX509Certificate_MSCryptImplUnoTunnelId > {}; +} + const Sequence< sal_Int8>& X509Certificate_MSCryptImpl :: getUnoTunnelId() { - static Sequence< sal_Int8 >* pSeq = 0 ; - if( !pSeq ) { - ::osl::Guard< ::osl::Mutex > aGuard( ::osl::Mutex::getGlobalMutex() ) ; - if( !pSeq ) { - static Sequence< sal_Int8> aSeq( 16 ) ; - rtl_createUuid( ( sal_uInt8* )aSeq.getArray() , 0 , sal_True ) ; - pSeq = &aSeq ; - } - } - return *pSeq ; + return theX509Certificate_MSCryptImplUnoTunnelId::get().getSeq(); } /* XUnoTunnel extension */ diff --git a/xmlsecurity/source/xmlsec/mscrypt/xmlsecuritycontext_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/xmlsecuritycontext_mscryptimpl.cxx index c9fed3227f0b..2a8983216e17 100644 --- a/xmlsecurity/source/xmlsec/mscrypt/xmlsecuritycontext_mscryptimpl.cxx +++ b/xmlsecurity/source/xmlsec/mscrypt/xmlsecuritycontext_mscryptimpl.cxx @@ -29,7 +29,6 @@ // MARKER(update_precomp.py): autogen include statement, do not remove #include "precompiled_xmlsecurity.hxx" #include <sal/config.h> -#include <rtl/uuid.h> #include "securityenvironment_mscryptimpl.hxx" #include "xmlsecuritycontext_mscryptimpl.hxx" @@ -132,126 +131,6 @@ void SAL_CALL XMLSecurityContext_MSCryptImpl::setDefaultSecurityEnvironmentIndex //dummy } -#if 0 -/* XXMLSecurityContext */ -void SAL_CALL XMLSecurityContext_MSCryptImpl :: setSecurityEnvironment( const Reference< XSecurityEnvironment >& aSecurityEnvironment ) throw( com::sun::star::security::SecurityInfrastructureException ) { - HCERTSTORE hkeyStore ; - HCERTSTORE hCertStore ; - HCRYPTKEY symKey ; - HCRYPTKEY pubKey ; - HCRYPTKEY priKey ; - unsigned int i ; - - if( !aSecurityEnvironment.is() ) - throw RuntimeException() ; - - m_xSecurityEnvironment = aSecurityEnvironment ; - - //Clear key manager - if( m_pKeysMngr != NULL ) { - xmlSecKeysMngrDestroy( m_pKeysMngr ) ; - m_pKeysMngr = NULL ; - } - - //Create key manager - Reference< XUnoTunnel > xEnvTunnel( m_xSecurityEnvironment , UNO_QUERY ) ; - if( !xEnvTunnel.is() ) { - throw RuntimeException() ; - } - - SecurityEnvironment_MSCryptImpl* pSecEnv = ( SecurityEnvironment_MSCryptImpl* )xEnvTunnel->getSomething( SecurityEnvironment_MSCryptImpl::getUnoTunnelId() ) ; - if( pSecEnv == NULL ) - throw RuntimeException() ; - - hkeyStore = pSecEnv->getCryptoSlot() ; - hCertStore = pSecEnv->getCertDb() ; - - /*- - * The following lines is based on the of xmlsec-mscrypto crypto engine - */ - m_pKeysMngr = xmlSecMSCryptoAppliedKeysMngrCreate( hkeyStore , hCertStore ) ; - if( m_pKeysMngr == NULL ) - throw RuntimeException() ; - - /*- - * Adopt symmetric key into keys manager - */ - for( i = 0 ; ( symKey = pSecEnv->getSymKey( i ) ) != NULL ; i ++ ) { - if( xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( m_pKeysMngr, symKey ) < 0 ) { - throw RuntimeException() ; - } - } - - /*- - * Adopt asymmetric public key into keys manager - */ - for( i = 0 ; ( pubKey = pSecEnv->getPubKey( i ) ) != NULL ; i ++ ) { - if( xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( m_pKeysMngr, pubKey ) < 0 ) { - throw RuntimeException() ; - } - } - - /*- - * Adopt asymmetric private key into keys manager - */ - for( i = 0 ; ( priKey = pSecEnv->getPriKey( i ) ) != NULL ; i ++ ) { - if( xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( m_pKeysMngr, priKey ) < 0 ) { - throw RuntimeException() ; - } - } - - /*- - * Adopt system default certificate store. - */ - if( pSecEnv->defaultEnabled() ) { - HCERTSTORE hSystemStore ; - - //Add system key store into the keys manager. - hSystemStore = CertOpenSystemStore( 0, "MY" ) ; - if( hSystemStore != NULL ) { - if( xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore( m_pKeysMngr, hSystemStore ) < 0 ) { - CertCloseStore( hSystemStore, CERT_CLOSE_STORE_CHECK_FLAG ) ; - throw RuntimeException() ; - } - } - - //Add system root store into the keys manager. - hSystemStore = CertOpenSystemStore( 0, "Root" ) ; - if( hSystemStore != NULL ) { - if( xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore( m_pKeysMngr, hSystemStore ) < 0 ) { - CertCloseStore( hSystemStore, CERT_CLOSE_STORE_CHECK_FLAG ) ; - throw RuntimeException() ; - } - } - - //Add system trusted store into the keys manager. - hSystemStore = CertOpenSystemStore( 0, "Trust" ) ; - if( hSystemStore != NULL ) { - if( xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore( m_pKeysMngr, hSystemStore ) < 0 ) { - CertCloseStore( hSystemStore, CERT_CLOSE_STORE_CHECK_FLAG ) ; - throw RuntimeException() ; - } - } - - //Add system CA store into the keys manager. - hSystemStore = CertOpenSystemStore( 0, "CA" ) ; - if( hSystemStore != NULL ) { - if( xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore( m_pKeysMngr, hSystemStore ) < 0 ) { - CertCloseStore( hSystemStore, CERT_CLOSE_STORE_CHECK_FLAG ) ; - throw RuntimeException() ; - } - } - } -} - -/* XXMLSecurityContext */ -Reference< XSecurityEnvironment > SAL_CALL XMLSecurityContext_MSCryptImpl :: getSecurityEnvironment() - throw (RuntimeException) -{ - return m_xSecurityEnvironment ; -} -#endif - /* XInitialization */ void SAL_CALL XMLSecurityContext_MSCryptImpl :: initialize( const Sequence< Any >& /*aArguments*/ ) throw( Exception, RuntimeException ) { // TBD @@ -302,44 +181,4 @@ Reference< XSingleServiceFactory > XMLSecurityContext_MSCryptImpl :: impl_create return ::cppu::createSingleFactory( aServiceManager , impl_getImplementationName() , impl_createInstance , impl_getSupportedServiceNames() ) ; } -#if 0 -/* XUnoTunnel */ -sal_Int64 SAL_CALL XMLSecurityContext_MSCryptImpl :: getSomething( const Sequence< sal_Int8 >& aIdentifier ) -throw (RuntimeException) -{ - if( aIdentifier.getLength() == 16 && 0 == rtl_compareMemory( getUnoTunnelId().getConstArray(), aIdentifier.getConstArray(), 16 ) ) { - return ( sal_Int64 )this ; - } - return 0 ; -} - -/* XUnoTunnel extension */ -const Sequence< sal_Int8>& XMLSecurityContext_MSCryptImpl :: getUnoTunnelId() { - static Sequence< sal_Int8 >* pSeq = 0 ; - if( !pSeq ) { - ::osl::Guard< ::osl::Mutex > aGuard( ::osl::Mutex::getGlobalMutex() ) ; - if( !pSeq ) { - static Sequence< sal_Int8> aSeq( 16 ) ; - rtl_createUuid( ( sal_uInt8* )aSeq.getArray() , 0 , sal_True ) ; - pSeq = &aSeq ; - } - } - return *pSeq ; -} - -/* XUnoTunnel extension */ -XMLSecurityContext_MSCryptImpl* XMLSecurityContext_MSCryptImpl :: getImplementation( const Reference< XInterface > xObj ) { - Reference< XUnoTunnel > xUT( xObj , UNO_QUERY ) ; - if( xUT.is() ) { - return ( XMLSecurityContext_MSCryptImpl* )xUT->getSomething( getUnoTunnelId() ) ; - } else - return NULL ; -} - -/* Native methods */ -xmlSecKeysMngrPtr XMLSecurityContext_MSCryptImpl :: keysManager() throw( Exception, RuntimeException ) { - return m_pKeysMngr ; -} -#endif - /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/source/xmlsec/nss/ciphercontext.cxx b/xmlsecurity/source/xmlsec/nss/ciphercontext.cxx new file mode 100644 index 000000000000..93a17e3514b7 --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/ciphercontext.cxx @@ -0,0 +1,276 @@ + /************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +#include <precompiled_xmlsecurity.hxx> + +#include <osl/time.h> +#include <rtl/random.h> +#include <rtl/ref.hxx> + +#include "ciphercontext.hxx" + +using namespace ::com::sun::star; + +uno::Reference< xml::crypto::XCipherContext > OCipherContext::Create( CK_MECHANISM_TYPE nNSSCipherID, const uno::Sequence< ::sal_Int8 >& aKey, const uno::Sequence< ::sal_Int8 >& aInitializationVector, bool bEncryption, bool bW3CPadding ) +{ + ::rtl::Reference< OCipherContext > xResult = new OCipherContext; + + xResult->m_pSlot = PK11_GetBestSlot( nNSSCipherID, NULL ); + if ( xResult->m_pSlot ) + { + SECItem aKeyItem = { siBuffer, const_cast< unsigned char* >( reinterpret_cast< const unsigned char* >( aKey.getConstArray() ) ), aKey.getLength() }; + xResult->m_pSymKey = PK11_ImportSymKey( xResult->m_pSlot, nNSSCipherID, PK11_OriginDerive, bEncryption ? CKA_ENCRYPT : CKA_DECRYPT, &aKeyItem, NULL ); + if ( xResult->m_pSymKey ) + { + SECItem aIVItem = { siBuffer, const_cast< unsigned char* >( reinterpret_cast< const unsigned char* >( aInitializationVector.getConstArray() ) ), aInitializationVector.getLength() }; + xResult->m_pSecParam = PK11_ParamFromIV( nNSSCipherID, &aIVItem ); + if ( xResult->m_pSecParam ) + { + xResult->m_pContext = PK11_CreateContextBySymKey( nNSSCipherID, bEncryption ? CKA_ENCRYPT : CKA_DECRYPT, xResult->m_pSymKey, xResult->m_pSecParam); + if ( xResult->m_pContext ) + { + xResult->m_bEncryption = bEncryption; + xResult->m_bW3CPadding = bW3CPadding; + xResult->m_bPadding = bW3CPadding || ( PK11_GetPadMechanism( nNSSCipherID ) == nNSSCipherID ); + xResult->m_nBlockSize = PK11_GetBlockSize( nNSSCipherID, xResult->m_pSecParam ); + if ( xResult->m_nBlockSize <= SAL_MAX_INT8 ) + return xResult.get(); + } + } + } + } + + return uno::Reference< xml::crypto::XCipherContext >(); +} + +void OCipherContext::Dispose() +{ + ::osl::MutexGuard aGuard( m_aMutex ); + + if ( m_pContext ) + { + PK11_DestroyContext( m_pContext, PR_TRUE ); + m_pContext = NULL; + } + + if ( m_pSecParam ) + { + SECITEM_FreeItem( m_pSecParam, PR_TRUE ); + m_pSecParam = NULL; + } + + if ( m_pSymKey ) + { + PK11_FreeSymKey( m_pSymKey ); + m_pSymKey = NULL; + } + + if ( m_pSlot ) + { + PK11_FreeSlot( m_pSlot ); + m_pSlot = NULL; + } + + m_bDisposed = true; +} + +uno::Sequence< ::sal_Int8 > SAL_CALL OCipherContext::convertWithCipherContext( const uno::Sequence< ::sal_Int8 >& aData ) + throw ( lang::IllegalArgumentException, lang::DisposedException, uno::RuntimeException) +{ + ::osl::MutexGuard aGuard( m_aMutex ); + + if ( m_bBroken ) + throw uno::RuntimeException(); + + if ( m_bDisposed ) + throw lang::DisposedException(); + + uno::Sequence< sal_Int8 > aToConvert; + if ( aData.getLength() ) + { + sal_Int32 nOldLastBlockLen = m_aLastBlock.getLength(); + OSL_ENSURE( nOldLastBlockLen <= m_nBlockSize, "Unexpected last block size!" ); + + sal_Int32 nAvailableData = nOldLastBlockLen + aData.getLength(); + sal_Int32 nToConvertLen = nAvailableData; + if ( m_bEncryption || !m_bW3CPadding ) + { + if ( nAvailableData % m_nBlockSize == 0 ) + nToConvertLen = nAvailableData; + else if ( nAvailableData < m_nBlockSize ) + nToConvertLen = 0; + else + nToConvertLen = nAvailableData - nAvailableData % m_nBlockSize; + } + else + { + // decryption with W3C padding needs at least one block for finalizing + if ( nAvailableData < m_nBlockSize * 2 ) + nToConvertLen = 0; + else + nToConvertLen = nAvailableData - nAvailableData % m_nBlockSize - m_nBlockSize; + } + + aToConvert.realloc( nToConvertLen ); + if ( nToConvertLen == 0 ) + { + m_aLastBlock.realloc( nOldLastBlockLen + aData.getLength() ); + rtl_copyMemory( m_aLastBlock.getArray() + nOldLastBlockLen, aData.getConstArray(), aData.getLength() ); + // aToConvert stays empty + } + else if ( nToConvertLen < nOldLastBlockLen ) + { + rtl_copyMemory( aToConvert.getArray(), m_aLastBlock.getConstArray(), nToConvertLen ); + rtl_copyMemory( m_aLastBlock.getArray(), m_aLastBlock.getConstArray() + nToConvertLen, nOldLastBlockLen - nToConvertLen ); + m_aLastBlock.realloc( nOldLastBlockLen - nToConvertLen + aData.getLength() ); + rtl_copyMemory( m_aLastBlock.getArray() + nOldLastBlockLen - nToConvertLen, aData.getConstArray(), aData.getLength() ); + } + else + { + rtl_copyMemory( aToConvert.getArray(), m_aLastBlock.getConstArray(), nOldLastBlockLen ); + if ( nToConvertLen > nOldLastBlockLen ) + rtl_copyMemory( aToConvert.getArray() + nOldLastBlockLen, aData.getConstArray(), nToConvertLen - nOldLastBlockLen ); + m_aLastBlock.realloc( nAvailableData - nToConvertLen ); + rtl_copyMemory( m_aLastBlock.getArray(), aData.getConstArray() + nToConvertLen - nOldLastBlockLen, nAvailableData - nToConvertLen ); + } + } + + uno::Sequence< sal_Int8 > aResult; + OSL_ENSURE( aToConvert.getLength() % m_nBlockSize == 0, "Unexpected size of the data to encrypt!" ); + if ( aToConvert.getLength() ) + { + int nResultLen = 0; + aResult.realloc( aToConvert.getLength() + m_nBlockSize ); + if ( PK11_CipherOp( m_pContext, reinterpret_cast< unsigned char* >( aResult.getArray() ), &nResultLen, aResult.getLength(), const_cast< unsigned char* >( reinterpret_cast< const unsigned char* >( aToConvert.getConstArray() ) ), aToConvert.getLength() ) != SECSuccess ) + { + m_bBroken = true; + Dispose(); + throw uno::RuntimeException(); + } + + m_nConverted += aToConvert.getLength(); + aResult.realloc( nResultLen ); + } + + return aResult; +} + +uno::Sequence< ::sal_Int8 > SAL_CALL OCipherContext::finalizeCipherContextAndDispose() + throw (lang::DisposedException, uno::RuntimeException) +{ + ::osl::MutexGuard aGuard( m_aMutex ); + + if ( m_bBroken ) + throw uno::RuntimeException(); + + if ( m_bDisposed ) + throw lang::DisposedException(); + + OSL_ENSURE( m_nBlockSize <= SAL_MAX_INT8, "Unexpected block size!" ); + OSL_ENSURE( m_nConverted % m_nBlockSize == 0, "Unexpected amount of bytes is already converted!" ); + sal_Int32 nSizeForPadding = ( m_nConverted + m_aLastBlock.getLength() ) % m_nBlockSize; + + // if it is decryption, the amount of data should be rounded to the block size even in case of padding + if ( ( !m_bPadding || !m_bEncryption ) && nSizeForPadding ) + throw uno::RuntimeException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "The data should contain complete blocks only." ) ), uno::Reference< uno::XInterface >() ); + + if ( m_bW3CPadding && m_bEncryption ) + { + // in this case the last block should be smaller than standtard block + // it will be increased with the padding + OSL_ENSURE( m_aLastBlock.getLength() < m_nBlockSize, "Unexpected size of cashed incomplete last block!" ); + + // W3CPadding handling for encryption + sal_Int32 nPaddingSize = m_nBlockSize - nSizeForPadding; + sal_Int32 nOldLastBlockLen = m_aLastBlock.getLength(); + m_aLastBlock.realloc( nOldLastBlockLen + nPaddingSize ); + + if ( nPaddingSize > 1 ) + { + TimeValue aTime; + osl_getSystemTime( &aTime ); + rtlRandomPool aRandomPool = rtl_random_createPool(); + rtl_random_addBytes( aRandomPool, &aTime, 8 ); + rtl_random_getBytes( aRandomPool, m_aLastBlock.getArray() + nOldLastBlockLen, nPaddingSize - 1 ); + rtl_random_destroyPool ( aRandomPool ); + } + m_aLastBlock[m_aLastBlock.getLength() - 1] = static_cast< sal_Int8 >( nPaddingSize ); + } + + // finally should the last block be smaller than two standard blocks + OSL_ENSURE( m_aLastBlock.getLength() < m_nBlockSize * 2 , "Unexpected size of cashed incomplete last block!" ); + + uno::Sequence< sal_Int8 > aResult; + if ( m_aLastBlock.getLength() ) + { + int nPrefResLen = 0; + aResult.realloc( m_aLastBlock.getLength() + m_nBlockSize ); + if ( PK11_CipherOp( m_pContext, reinterpret_cast< unsigned char* >( aResult.getArray() ), &nPrefResLen, aResult.getLength(), const_cast< unsigned char* >( reinterpret_cast< const unsigned char* >( m_aLastBlock.getConstArray() ) ), m_aLastBlock.getLength() ) != SECSuccess ) + { + m_bBroken = true; + Dispose(); + throw uno::RuntimeException(); + } + + aResult.realloc( nPrefResLen ); + m_aLastBlock.realloc( 0 ); + } + + sal_Int32 nPrefixLen = aResult.getLength(); + aResult.realloc( nPrefixLen + m_nBlockSize * 2 ); + unsigned nFinalLen = 0; + if ( PK11_DigestFinal( m_pContext, reinterpret_cast< unsigned char* >( aResult.getArray() + nPrefixLen ), &nFinalLen, aResult.getLength() - nPrefixLen ) != SECSuccess ) + { + m_bBroken = true; + Dispose(); + throw uno::RuntimeException(); + } + + aResult.realloc( nPrefixLen + nFinalLen ); + + if ( m_bW3CPadding && !m_bEncryption ) + { + // W3CPadding handling for decryption + // aResult should have anough data, since we let m_aLastBlock be big enough in case of decryption + OSL_ENSURE( aResult.getLength() >= m_nBlockSize, "Not enough data to handle the padding!" ); + + sal_Int8 nBytesToRemove = aResult[aResult.getLength() - 1]; + if ( nBytesToRemove <= 0 || nBytesToRemove > aResult.getLength() ) + { + m_bBroken = true; + Dispose(); + throw uno::RuntimeException(); + } + + aResult.realloc( aResult.getLength() - nBytesToRemove ); + } + + Dispose(); + + return aResult; +} + diff --git a/xmlsecurity/source/xmlsec/nss/ciphercontext.hxx b/xmlsecurity/source/xmlsec/nss/ciphercontext.hxx new file mode 100644 index 000000000000..1574a6238bd4 --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/ciphercontext.hxx @@ -0,0 +1,89 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +#ifndef _CIPHERCONTEXT_HXX +#define _CIPHERCONTEXT_HXX + +#include <com/sun/star/xml/crypto/XCipherContext.hpp> + +#include <cppuhelper/implbase1.hxx> +#include <osl/mutex.hxx> +#include <pk11pub.h> + +class OCipherContext : public cppu::WeakImplHelper1< ::com::sun::star::xml::crypto::XCipherContext > +{ +private: + ::osl::Mutex m_aMutex; + + PK11SlotInfo* m_pSlot; + PK11SymKey* m_pSymKey; + SECItem* m_pSecParam; + PK11Context* m_pContext; + + sal_Int32 m_nBlockSize; + ::com::sun::star::uno::Sequence< sal_Int8 > m_aLastBlock; + + bool m_bEncryption; + bool m_bPadding; + bool m_bW3CPadding; + sal_Int64 m_nConverted; + + bool m_bDisposed; + bool m_bBroken; + + void Dispose(); + + OCipherContext() + : m_pSlot( NULL ) + , m_pSymKey( NULL ) + , m_pSecParam( NULL ) + , m_pContext( NULL ) + , m_nBlockSize( 0 ) + , m_bEncryption( false ) + , m_bPadding( false ) + , m_bW3CPadding( false ) + , m_nConverted( 0 ) + , m_bDisposed( false ) + , m_bBroken( false ) + {} + +public: + + virtual ~OCipherContext() + { + Dispose(); + } + + static ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XCipherContext > Create( CK_MECHANISM_TYPE nNSSCipherID, const ::com::sun::star::uno::Sequence< ::sal_Int8 >& aKey, const ::com::sun::star::uno::Sequence< ::sal_Int8 >& aInitializationVector, bool bEncryption, bool bW3CPadding ); + + // XCipherContext + virtual ::com::sun::star::uno::Sequence< ::sal_Int8 > SAL_CALL convertWithCipherContext( const ::com::sun::star::uno::Sequence< ::sal_Int8 >& aData ) throw (::com::sun::star::lang::IllegalArgumentException, ::com::sun::star::lang::DisposedException, ::com::sun::star::uno::RuntimeException); + virtual ::com::sun::star::uno::Sequence< ::sal_Int8 > SAL_CALL finalizeCipherContextAndDispose( ) throw (::com::sun::star::lang::DisposedException, ::com::sun::star::uno::RuntimeException); +}; + +#endif + diff --git a/xmlsecurity/source/xmlsec/nss/digestcontext.cxx b/xmlsecurity/source/xmlsec/nss/digestcontext.cxx new file mode 100644 index 000000000000..4b3a0d094bd9 --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/digestcontext.cxx @@ -0,0 +1,101 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +#include <precompiled_xmlsecurity.hxx> + +#include <pk11pub.h> +#include "digestcontext.hxx" + +using namespace ::com::sun::star; + +ODigestContext::~ODigestContext() +{ + if ( m_pContext ) + { + PK11_DestroyContext( m_pContext, PR_TRUE ); + m_pContext = NULL; + } +} + +void SAL_CALL ODigestContext::updateDigest( const uno::Sequence< ::sal_Int8 >& aData ) + throw (lang::DisposedException, uno::RuntimeException) +{ + ::osl::MutexGuard aGuard( m_aMutex ); + + if ( m_bBroken ) + throw uno::RuntimeException(); + + if ( m_bDisposed ) + throw lang::DisposedException(); + + if ( !m_b1KData || m_nDigested < 1024 ) + { + uno::Sequence< sal_Int8 > aToDigest = aData; + if ( m_b1KData && m_nDigested + aData.getLength() > 1024 ) + aToDigest.realloc( 1024 - m_nDigested ); + + if ( PK11_DigestOp( m_pContext, reinterpret_cast< const unsigned char* >( aToDigest.getConstArray() ), aToDigest.getLength() ) != SECSuccess ) + { + PK11_DestroyContext( m_pContext, PR_TRUE ); + m_pContext = NULL; + m_bBroken = true; + throw uno::RuntimeException(); + } + + m_nDigested += aToDigest.getLength(); + } +} + +uno::Sequence< ::sal_Int8 > SAL_CALL ODigestContext::finalizeDigestAndDispose() + throw (lang::DisposedException, uno::RuntimeException) +{ + ::osl::MutexGuard aGuard( m_aMutex ); + + if ( m_bBroken ) + throw uno::RuntimeException(); + + if ( m_bDisposed ) + throw lang::DisposedException(); + + uno::Sequence< sal_Int8 > aResult( m_nDigestLength ); + unsigned int nResultLen = 0; + if ( PK11_DigestFinal( m_pContext, reinterpret_cast< unsigned char* >( aResult.getArray() ), &nResultLen, aResult.getLength() ) != SECSuccess ) + { + PK11_DestroyContext( m_pContext, PR_TRUE ); + m_pContext = NULL; + m_bBroken = true; + throw uno::RuntimeException(); + } + + PK11_DestroyContext( m_pContext, PR_TRUE ); + m_pContext = NULL; + m_bDisposed = true; + + aResult.realloc( nResultLen ); + return aResult; +} + diff --git a/xmlsecurity/source/xmlsec/nss/digestcontext.hxx b/xmlsecurity/source/xmlsec/nss/digestcontext.hxx new file mode 100644 index 000000000000..8f9ef475a485 --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/digestcontext.hxx @@ -0,0 +1,68 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +#ifndef _DIGESTCONTEXT_HXX +#define _DIGESTCONTEXT_HXX + +#include <com/sun/star/xml/crypto/XDigestContext.hpp> + +#include <cppuhelper/implbase1.hxx> +#include <osl/mutex.hxx> + +class ODigestContext : public cppu::WeakImplHelper1< ::com::sun::star::xml::crypto::XDigestContext > +{ +private: + ::osl::Mutex m_aMutex; + + PK11Context* m_pContext; + sal_Int32 m_nDigestLength; + bool m_b1KData; + sal_Int32 m_nDigested; + + bool m_bDisposed; + bool m_bBroken; + +public: + ODigestContext( PK11Context* pContext, sal_Int32 nDigestLength, bool b1KData ) + : m_pContext( pContext ) + , m_nDigestLength( nDigestLength ) + , m_b1KData( b1KData ) + , m_nDigested( 0 ) + , m_bDisposed( false ) + , m_bBroken( false ) + {} + + virtual ~ODigestContext(); + + + // XDigestContext + virtual void SAL_CALL updateDigest( const ::com::sun::star::uno::Sequence< ::sal_Int8 >& aData ) throw (::com::sun::star::lang::DisposedException, ::com::sun::star::uno::RuntimeException); + virtual ::com::sun::star::uno::Sequence< ::sal_Int8 > SAL_CALL finalizeDigestAndDispose() throw (::com::sun::star::lang::DisposedException, ::com::sun::star::uno::RuntimeException); +}; + +#endif + diff --git a/xmlsecurity/source/xmlsec/nss/makefile.mk b/xmlsecurity/source/xmlsec/nss/makefile.mk index de6a059573a2..ce088e2bb3dc 100644 --- a/xmlsecurity/source/xmlsec/nss/makefile.mk +++ b/xmlsecurity/source/xmlsec/nss/makefile.mk @@ -41,12 +41,6 @@ ENABLE_EXCEPTIONS = TRUE CFLAGS+=-DSYSTEM_LIBXML $(LIBXML_CFLAGS) .ENDIF -.IF "$(CRYPTO_ENGINE)" != "nss" -LIBTARGET=NO -.ENDIF - -.IF "$(CRYPTO_ENGINE)" == "nss" - .IF "$(WITH_MOZILLA)" == "NO" || "$(ENABLE_NSS_MODULE)"!="YES" .IF "$(SYSTEM_MOZILLA)" != "YES" @all: @@ -93,7 +87,11 @@ $(MOZ_INC)$/profile \ -I$(MOZ_INC)$/embed_base .ENDIF -CDEFS += -DXMLSEC_CRYPTO_NSS -DXMLSEC_NO_XSLT +.IF "$(CRYPTO_ENGINE)" == "nss" +CDEFS += -DXMLSEC_CRYPTO_NSS +.ENDIF + +CDEFS += -DXMLSEC_NO_XSLT # --- Files -------------------------------------------------------- @@ -109,17 +107,22 @@ SOLARINC += -I$(NSS_INC) .ENDIF SLOFILES = \ + $(SLO)$/nssinitializer.obj \ + $(SLO)$/digestcontext.obj \ + $(SLO)$/ciphercontext.obj \ + $(SLO)$/xsec_nss.obj + +.IF "$(CRYPTO_ENGINE)" == "nss" +SLOFILES += \ $(SLO)$/securityenvironment_nssimpl.obj \ + $(SLO)$/seinitializer_nssimpl.obj \ $(SLO)$/xmlencryption_nssimpl.obj \ $(SLO)$/xmlsecuritycontext_nssimpl.obj \ $(SLO)$/xmlsignature_nssimpl.obj \ $(SLO)$/x509certificate_nssimpl.obj \ - $(SLO)$/seinitializer_nssimpl.obj \ - $(SLO)$/xsec_nss.obj \ - $(SLO)$/secerror.obj - + $(SLO)$/sanextension_nssimpl.obj \ + $(SLO)$/secerror.obj - .ENDIF # --- Targets ------------------------------------------------------ diff --git a/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx b/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx new file mode 100644 index 000000000000..ded32952d410 --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx @@ -0,0 +1,521 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +// MARKER(update_precomp.py): autogen include statement, do not remove +#include "precompiled_xmlsecurity.hxx" + +/* + * Turn off DEBUG Assertions + */ +#ifdef _DEBUG + #define _DEBUG_WAS_DEFINED _DEBUG + #undef _DEBUG +#else + #undef _DEBUG_WAS_DEFINED +#endif + +/* + * and turn off the additional virtual methods which are part of some interfaces when compiled + * with debug + */ +#ifdef DEBUG + #define DEBUG_WAS_DEFINED DEBUG + #undef DEBUG +#else + #undef DEBUG_WAS_DEFINED +#endif + + +#include <com/sun/star/mozilla/XMozillaBootstrap.hpp> +#include <com/sun/star/xml/crypto/DigestID.hpp> +#include <com/sun/star/xml/crypto/CipherID.hpp> + +#include <sal/types.h> +#include <rtl/instance.hxx> +#include <rtl/bootstrap.hxx> +#include <rtl/string.hxx> +#include <rtl/strbuf.hxx> +#include <osl/file.hxx> +#include <osl/thread.h> +#include <tools/debug.hxx> +#include <rtl/logfile.hxx> + +#include "seinitializer_nssimpl.hxx" +#include "../diagnose.hxx" + +#include "securityenvironment_nssimpl.hxx" +#include "digestcontext.hxx" +#include "ciphercontext.hxx" + +#include <nspr.h> +#include <cert.h> +#include <nss.h> +#include <pk11pub.h> +#include <secmod.h> +#include <nssckbi.h> + + +namespace css = ::com::sun::star; +namespace cssu = css::uno; +namespace cssl = css::lang; +namespace cssxc = css::xml::crypto; + +using namespace xmlsecurity; +using namespace com::sun::star; +using ::rtl::OUString; +using ::rtl::OString; + +#define IMPLEMENTATION_NAME "com.sun.star.xml.security.bridge.xmlsec.NSSInitializer_NssImpl" + +#define ROOT_CERTS "Root Certs for OpenOffice.org" + +extern "C" void nsscrypto_finalize(); + + +namespace +{ + +bool nsscrypto_initialize( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF, bool & out_nss_init ); + +struct InitNSSInitialize +{ + css::uno::Reference< css::lang::XMultiServiceFactory > mxMSF; + + InitNSSInitialize( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF ) + : mxMSF( xMSF ) + { + } + + bool * operator()() + { + static bool bInitialized = false; + bool bNSSInit = false; + bInitialized = nsscrypto_initialize( mxMSF, bNSSInit ); + if (bNSSInit) + atexit(nsscrypto_finalize ); + return & bInitialized; + } +}; + +struct GetNSSInitStaticMutex +{ + ::osl::Mutex* operator()() + { + static ::osl::Mutex aNSSInitMutex; + return &aNSSInitMutex; + } +}; + +void deleteRootsModule() +{ + SECMODModule *RootsModule = 0; + SECMODModuleList *list = SECMOD_GetDefaultModuleList(); + SECMODListLock *lock = SECMOD_GetDefaultModuleListLock(); + SECMOD_GetReadLock(lock); + + while (!RootsModule && list) + { + SECMODModule *module = list->module; + + for (int i=0; i < module->slotCount; i++) + { + PK11SlotInfo *slot = module->slots[i]; + if (PK11_IsPresent(slot)) + { + if (PK11_HasRootCerts(slot)) + { + xmlsec_trace("The root certifificates module \"%s" + "\" is already loaded: \n%s", + module->commonName, module->dllName); + + RootsModule = SECMOD_ReferenceModule(module); + break; + } + } + } + list = list->next; + } + SECMOD_ReleaseReadLock(lock); + + if (RootsModule) + { + PRInt32 modType; + if (SECSuccess == SECMOD_DeleteModule(RootsModule->commonName, &modType)) + { + xmlsec_trace("Deleted module \"%s\".", RootsModule->commonName); + } + else + { + xmlsec_trace("Failed to delete \"%s\" : \n%s", + RootsModule->commonName, RootsModule->dllName); + } + SECMOD_DestroyModule(RootsModule); + RootsModule = 0; + } +} + +::rtl::OString getMozillaCurrentProfile( const css::uno::Reference< css::lang::XMultiServiceFactory > &rxMSF ) +{ + ::rtl::OString sResult; + // first, try to get the profile from "MOZILLA_CERTIFICATE_FOLDER" + char* pEnv = getenv( "MOZILLA_CERTIFICATE_FOLDER" ); + if ( pEnv ) + { + sResult = ::rtl::OString( pEnv ); + RTL_LOGFILE_PRODUCT_TRACE1( "XMLSEC: Using env MOZILLA_CERTIFICATE_FOLDER: %s", sResult.getStr() ); + } + else + { + mozilla::MozillaProductType productTypes[4] = { + mozilla::MozillaProductType_Thunderbird, + mozilla::MozillaProductType_Mozilla, + mozilla::MozillaProductType_Firefox, + mozilla::MozillaProductType_Default }; + int nProduct = 4; + + uno::Reference<uno::XInterface> xInstance = rxMSF->createInstance( + ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM("com.sun.star.mozilla.MozillaBootstrap")) ); + OSL_ENSURE( xInstance.is(), "failed to create instance" ); + + uno::Reference<mozilla::XMozillaBootstrap> xMozillaBootstrap + = uno::Reference<mozilla::XMozillaBootstrap>(xInstance,uno::UNO_QUERY); + OSL_ENSURE( xMozillaBootstrap.is(), "failed to create instance" ); + + if (xMozillaBootstrap.is()) + { + for (int i=0; i<nProduct; i++) + { + ::rtl::OUString profile = xMozillaBootstrap->getDefaultProfile(productTypes[i]); + + if (profile != NULL && profile.getLength()>0) + { + ::rtl::OUString sProfilePath = xMozillaBootstrap->getProfilePath( productTypes[i], profile ); + sResult = ::rtl::OUStringToOString( sProfilePath, osl_getThreadTextEncoding() ); + RTL_LOGFILE_PRODUCT_TRACE1( "XMLSEC: Using Mozilla Profile: %s", sResult.getStr() ); + } + } + } + + RTL_LOGFILE_PRODUCT_TRACE( "XMLSEC: No Mozilla Profile found!" ); + } + + return sResult; +} + +//Older versions of Firefox (FF), for example FF2, and Thunderbird (TB) 2 write +//the roots certificate module (libnssckbi.so), which they use, into the +//profile. This module will then already be loaded during NSS_Init (and the +//other init functions). This fails in two cases. First, FF3 was used to create +//the profile, or possibly used that profile before, and second the profile was +//used on a different platform. +// +//Then one needs to add the roots module oneself. This should be done with +//SECMOD_LoadUserModule rather then SECMOD_AddNewModule. The latter would write +//the location of the roots module to the profile, which makes FF2 and TB2 use +//it instead of there own module. +// +//When using SYSTEM_MOZILLA then the libnss3.so lib is typically found in +///usr/lib. This folder may, however, NOT contain the roots certificate +//module. That is, just providing the library name in SECMOD_LoadUserModule or +//SECMOD_AddNewModule will FAIL to load the mozilla unless the LD_LIBRARY_PATH +//contains an FF or TB installation. +//ATTENTION: DO NOT call this function directly instead use initNSS +//return true - whole initialization was successful +//param out_nss_init = true: at least the NSS initialization (NSS_InitReadWrite +//was successful and therefor NSS_Shutdown should be called when terminating. +bool nsscrypto_initialize( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF, bool & out_nss_init ) +{ + bool return_value = true; + + // this method must be called only once, no need for additional lock + rtl::OString sCertDir; + + (void) xMSF; +#ifdef XMLSEC_CRYPTO_NSS + if ( xMSF.is() ) + sCertDir = getMozillaCurrentProfile( xMSF ); +#endif + xmlsec_trace( "Using profile: %s", sCertDir.getStr() ); + + PR_Init( PR_USER_THREAD, PR_PRIORITY_NORMAL, 1 ) ; + + // there might be no profile + if ( sCertDir.getLength() > 0 ) + { + if( NSS_InitReadWrite( sCertDir.getStr() ) != SECSuccess ) + { + xmlsec_trace("Initializing NSS with profile failed."); + char * error = NULL; + + PR_GetErrorText(error); + if (error) + xmlsec_trace("%s",error); + return false ; + } + } + else + { + xmlsec_trace("Initializing NSS without profile."); + if ( NSS_NoDB_Init(NULL) != SECSuccess ) + { + xmlsec_trace("Initializing NSS without profile failed."); + char * error = NULL; + PR_GetErrorText(error); + if (error) + xmlsec_trace("%s",error); + return false ; + } + } + out_nss_init = true; + +#ifdef XMLSEC_CRYPTO_NSS +#if defined SYSTEM_MOZILLA + if (!SECMOD_HasRootCerts()) + { +#endif + deleteRootsModule(); + +#if defined SYSTEM_MOZILLA + OUString rootModule(RTL_CONSTASCII_USTRINGPARAM("libnssckbi"SAL_DLLEXTENSION)); +#else + OUString rootModule(RTL_CONSTASCII_USTRINGPARAM("${OOO_BASE_DIR}/program/libnssckbi"SAL_DLLEXTENSION)); +#endif + ::rtl::Bootstrap::expandMacros(rootModule); + + OUString rootModulePath; + if (::osl::File::E_None == ::osl::File::getSystemPathFromFileURL(rootModule, rootModulePath)) + { + ::rtl::OString ospath = ::rtl::OUStringToOString(rootModulePath, osl_getThreadTextEncoding()); + ::rtl::OStringBuffer pkcs11moduleSpec; + pkcs11moduleSpec.append("name=\""); + pkcs11moduleSpec.append(ROOT_CERTS); + pkcs11moduleSpec.append("\" library=\""); + pkcs11moduleSpec.append(ospath.getStr()); + pkcs11moduleSpec.append("\""); + + SECMODModule * RootsModule = + SECMOD_LoadUserModule( + const_cast<char*>(pkcs11moduleSpec.makeStringAndClear().getStr()), + 0, // no parent + PR_FALSE); // do not recurse + + if (RootsModule) + { + + bool found = RootsModule->loaded; + + SECMOD_DestroyModule(RootsModule); + RootsModule = 0; + if (found) + xmlsec_trace("Added new root certificate module " + "\""ROOT_CERTS"\" contained in \n%s", ospath.getStr()); + else + { + xmlsec_trace("FAILED to load the new root certificate module " + "\""ROOT_CERTS"\" contained in \n%s", ospath.getStr()); + return_value = false; + } + } + else + { + xmlsec_trace("FAILED to add new root certifice module: " + "\""ROOT_CERTS"\" contained in \n%s", ospath.getStr()); + return_value = false; + + } + } + else + { + xmlsec_trace("Adding new root certificate module failed."); + return_value = false; + } +#if SYSTEM_MOZILLA + } +#endif +#endif + + return return_value; +} + + +// must be extern "C" because we pass the function pointer to atexit +extern "C" void nsscrypto_finalize() +{ + SECMODModule *RootsModule = SECMOD_FindModule(ROOT_CERTS); + + if (RootsModule) + { + + if (SECSuccess == SECMOD_UnloadUserModule(RootsModule)) + { + xmlsec_trace("Unloaded module \""ROOT_CERTS"\"."); + } + else + { + xmlsec_trace("Failed unloadeding module \""ROOT_CERTS"\"."); + } + SECMOD_DestroyModule(RootsModule); + } + else + { + xmlsec_trace("Unloading module \""ROOT_CERTS + "\" failed because it was not found."); + } + PK11_LogoutAll(); + NSS_Shutdown(); +} +} // namespace + +ONSSInitializer::ONSSInitializer( + const css::uno::Reference< css::lang::XMultiServiceFactory > &rxMSF) + :mxMSF( rxMSF ) +{ +} + +ONSSInitializer::~ONSSInitializer() +{ +} + +bool ONSSInitializer::initNSS( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF ) +{ + return *rtl_Instance< bool, InitNSSInitialize, ::osl::MutexGuard, GetNSSInitStaticMutex > + ::create( InitNSSInitialize( xMSF ), GetNSSInitStaticMutex() ); +} + +css::uno::Reference< css::xml::crypto::XDigestContext > SAL_CALL ONSSInitializer::getDigestContext( ::sal_Int32 nDigestID, const css::uno::Sequence< css::beans::NamedValue >& aParams ) + throw (css::lang::IllegalArgumentException, css::uno::RuntimeException) +{ + SECOidTag nNSSDigestID = SEC_OID_UNKNOWN; + sal_Int32 nDigestLength = 0; + bool b1KData = false; + if ( nDigestID == css::xml::crypto::DigestID::SHA256 + || nDigestID == css::xml::crypto::DigestID::SHA256_1K ) + { + nNSSDigestID = SEC_OID_SHA256; + nDigestLength = 32; + b1KData = ( nDigestID == css::xml::crypto::DigestID::SHA256_1K ); + } + else if ( nDigestID == css::xml::crypto::DigestID::SHA1 + || nDigestID == css::xml::crypto::DigestID::SHA1_1K ) + { + nNSSDigestID = SEC_OID_SHA1; + nDigestLength = 20; + b1KData = ( nDigestID == css::xml::crypto::DigestID::SHA1_1K ); + } + else + throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected digest requested." ) ), css::uno::Reference< css::uno::XInterface >(), 1 ); + + if ( aParams.getLength() ) + throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected arguments provided for digest creation." ) ), css::uno::Reference< css::uno::XInterface >(), 2 ); + + css::uno::Reference< css::xml::crypto::XDigestContext > xResult; + if( initNSS( mxMSF ) ) + { + PK11Context* pContext = PK11_CreateDigestContext( nNSSDigestID ); + if ( pContext && PK11_DigestBegin( pContext ) == SECSuccess ) + xResult = new ODigestContext( pContext, nDigestLength, b1KData ); + } + + return xResult; +} + +css::uno::Reference< css::xml::crypto::XCipherContext > SAL_CALL ONSSInitializer::getCipherContext( ::sal_Int32 nCipherID, const css::uno::Sequence< ::sal_Int8 >& aKey, const css::uno::Sequence< ::sal_Int8 >& aInitializationVector, ::sal_Bool bEncryption, const css::uno::Sequence< css::beans::NamedValue >& aParams ) + throw (css::lang::IllegalArgumentException, css::uno::RuntimeException) +{ + CK_MECHANISM_TYPE nNSSCipherID = 0; + bool bW3CPadding = false; + if ( nCipherID == css::xml::crypto::CipherID::AES_CBC_W3C_PADDING ) + { + nNSSCipherID = CKM_AES_CBC; + bW3CPadding = true; + + if ( aKey.getLength() != 16 && aKey.getLength() != 24 && aKey.getLength() != 32 ) + throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected key length." ) ), css::uno::Reference< css::uno::XInterface >(), 2 ); + + if ( aParams.getLength() ) + throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected arguments provided for cipher creation." ) ), css::uno::Reference< css::uno::XInterface >(), 5 ); + } + else + throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected cipher requested." ) ), css::uno::Reference< css::uno::XInterface >(), 1 ); + + css::uno::Reference< css::xml::crypto::XCipherContext > xResult; + if( initNSS( mxMSF ) ) + { + if ( aInitializationVector.getLength() != PK11_GetIVLength( nNSSCipherID ) ) + throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected length of initialization vector." ) ), css::uno::Reference< css::uno::XInterface >(), 3 ); + + xResult = OCipherContext::Create( nNSSCipherID, aKey, aInitializationVector, bEncryption, bW3CPadding ); + } + + return xResult; +} + +rtl::OUString ONSSInitializer_getImplementationName () + throw (cssu::RuntimeException) +{ + + return rtl::OUString ( RTL_CONSTASCII_USTRINGPARAM ( IMPLEMENTATION_NAME ) ); +} + +sal_Bool SAL_CALL ONSSInitializer_supportsService( const rtl::OUString& ServiceName ) + throw (cssu::RuntimeException) +{ + return ServiceName.equalsAsciiL( RTL_CONSTASCII_STRINGPARAM ( NSS_SERVICE_NAME )); +} + +cssu::Sequence< rtl::OUString > SAL_CALL ONSSInitializer_getSupportedServiceNames( ) + throw (cssu::RuntimeException) +{ + cssu::Sequence < rtl::OUString > aRet(1); + rtl::OUString* pArray = aRet.getArray(); + pArray[0] = rtl::OUString ( RTL_CONSTASCII_USTRINGPARAM ( NSS_SERVICE_NAME ) ); + return aRet; +} + +cssu::Reference< cssu::XInterface > SAL_CALL ONSSInitializer_createInstance( const cssu::Reference< cssl::XMultiServiceFactory > & rSMgr) + throw( cssu::Exception ) +{ + return (cppu::OWeakObject*) new ONSSInitializer( rSMgr ); +} + +/* XServiceInfo */ +rtl::OUString SAL_CALL ONSSInitializer::getImplementationName() + throw (cssu::RuntimeException) +{ + return ONSSInitializer_getImplementationName(); +} +sal_Bool SAL_CALL ONSSInitializer::supportsService( const rtl::OUString& rServiceName ) + throw (cssu::RuntimeException) +{ + return ONSSInitializer_supportsService( rServiceName ); +} +cssu::Sequence< rtl::OUString > SAL_CALL ONSSInitializer::getSupportedServiceNames( ) + throw (cssu::RuntimeException) +{ + return ONSSInitializer_getSupportedServiceNames(); +} + diff --git a/xmlsecurity/source/xmlsec/nss/nssinitializer.hxx b/xmlsecurity/source/xmlsec/nss/nssinitializer.hxx new file mode 100644 index 000000000000..6e7fed190d60 --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/nssinitializer.hxx @@ -0,0 +1,90 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +#ifndef _NSSINITIALIZER_HXX +#define _NSSINITIALIZER_HXX + +#include <com/sun/star/xml/crypto/XDigestContextSupplier.hpp> +#include <com/sun/star/xml/crypto/XCipherContextSupplier.hpp> +#include <com/sun/star/lang/XServiceInfo.hpp> +#include <com/sun/star/lang/XMultiServiceFactory.hpp> + +#include <cppuhelper/implbase3.hxx> + +#define NSS_SERVICE_NAME "com.sun.star.xml.crypto.NSSInitializer" + +class ONSSInitializer : public cppu::WeakImplHelper3 +< + ::com::sun::star::xml::crypto::XDigestContextSupplier, + ::com::sun::star::xml::crypto::XCipherContextSupplier, + ::com::sun::star::lang::XServiceInfo +> +{ +protected: + ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory > mxMSF; + + ONSSInitializer() + {} + +public: + ONSSInitializer( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory > &rxMSF ); + virtual ~ONSSInitializer(); + + bool initNSS( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory > &xMSF ); + + /* XDigestContextSupplier */ + virtual ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XDigestContext > SAL_CALL getDigestContext( ::sal_Int32 nDigestID, const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue >& aParams ) throw (::com::sun::star::lang::IllegalArgumentException, ::com::sun::star::uno::RuntimeException); + + /* XCipherContextSupplier */ + virtual ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XCipherContext > SAL_CALL getCipherContext( ::sal_Int32 nCipherID, const ::com::sun::star::uno::Sequence< ::sal_Int8 >& aKey, const ::com::sun::star::uno::Sequence< ::sal_Int8 >& aInitializationVector, ::sal_Bool bEncryption, const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue >& aParams ) throw (::com::sun::star::lang::IllegalArgumentException, ::com::sun::star::uno::RuntimeException); + + /* XServiceInfo */ + virtual rtl::OUString SAL_CALL getImplementationName() + throw (::com::sun::star::uno::RuntimeException); + + virtual sal_Bool SAL_CALL supportsService( const rtl::OUString& ServiceName ) + throw (::com::sun::star::uno::RuntimeException); + + virtual ::com::sun::star::uno::Sequence< rtl::OUString > SAL_CALL getSupportedServiceNames() + throw (::com::sun::star::uno::RuntimeException); +}; + +rtl::OUString ONSSInitializer_getImplementationName() + throw ( ::com::sun::star::uno::RuntimeException ); + +sal_Bool SAL_CALL ONSSInitializer_supportsService( const rtl::OUString& ServiceName ) + throw ( ::com::sun::star::uno::RuntimeException ); + +com::sun::star::uno::Sequence< rtl::OUString > SAL_CALL ONSSInitializer_getSupportedServiceNames() + throw ( ::com::sun::star::uno::RuntimeException ); + +com::sun::star::uno::Reference< ::com::sun::star::uno::XInterface > +SAL_CALL ONSSInitializer_createInstance( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory > & rSMgr ) + throw ( ::com::sun::star::uno::Exception ); + +#endif + diff --git a/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.cxx new file mode 100644 index 000000000000..2c66321121db --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.cxx @@ -0,0 +1,244 @@ +/************************************************************************* +* +* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +* +* Copyright 2000, 2010 Oracle and/or its affiliates. +* +* OpenOffice.org - a multi-platform office productivity suite +* +* This file is part of OpenOffice.org. +* +* OpenOffice.org is free software: you can redistribute it and/or modify +* it under the terms of the GNU Lesser General Public License version 3 +* only, as published by the Free Software Foundation. +* +* OpenOffice.org is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU Lesser General Public License version 3 for more details +* (a copy is included in the LICENSE file that accompanied this code). +* +* You should have received a copy of the GNU Lesser General Public License +* version 3 along with OpenOffice.org. If not, see +* <http://www.openoffice.org/license.html> +* for a copy of the LGPLv3 License. +* +************************************************************************/ + +// MARKER(update_precomp.py): autogen include statement, do not remove +#include "precompiled_xmlsecurity.hxx" +#include <sal/config.h> +#include <rtl/uuid.h> +#include <rtl/ustring.hxx> +#include <com/sun/star/security/ExtAltNameType.hpp> +#include <com/sun/star/security/CertAltNameEntry.hpp> +#include <com/sun/star/beans/PropertyValue.hpp> +#include <com/sun/star/uno/Reference.hxx> +#include <comphelper/sequence.hxx> +#include <seccomon.h> +#include <cert.h> +#include <certt.h> +#include <secitem.h> +#include <secport.h> + + +#ifndef _SANEXTENSION_NSSIMPL_HXX_ +#include "sanextension_nssimpl.hxx" +#endif + +using namespace ::com::sun::star; +using namespace ::com::sun::star::uno ; +using namespace ::com::sun::star::security ; +using ::rtl::OUString ; + +using ::com::sun::star::security::XCertificateExtension ; + + +SanExtensionImpl :: SanExtensionImpl() : +m_critical( sal_False ) +{ +} + +SanExtensionImpl :: ~SanExtensionImpl() { +} + + +//Methods from XCertificateExtension +sal_Bool SAL_CALL SanExtensionImpl :: isCritical() throw( ::com::sun::star::uno::RuntimeException ) { + return m_critical ; +} + +::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL SanExtensionImpl :: getExtensionId() throw( ::com::sun::star::uno::RuntimeException ) { + return m_xExtnId ; +} + +::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL SanExtensionImpl :: getExtensionValue() throw( ::com::sun::star::uno::RuntimeException ) { + return m_xExtnValue ; +} + +namespace { + // Helper functions from nss/lib/certdb/genname.c + static int GetNamesLength(CERTGeneralName *names) + { + int length = 0; + CERTGeneralName *first; + + first = names; + if (names != NULL) { + do { + length++; + names = CERT_GetNextGeneralName(names); + } while (names != first); + } + return length; + } + +} + +//Methods from XSanExtension +::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > SAL_CALL SanExtensionImpl :: getAlternativeNames() throw( ::com::sun::star::uno::RuntimeException ){ + + if (!m_Entries.hasElements()) + { + SECItem item; + + item.type = siDERCertBuffer; + item.data = (unsigned char*) m_xExtnValue.getArray(); + item.len = m_xExtnValue.getLength(); + + PRArenaPool *arena; + CERTGeneralName *nameList; + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + + if (!arena) + return m_Entries; + + nameList = CERT_DecodeAltNameExtension(arena, &item); + + CERTGeneralName* current = nameList; + + int size = GetNamesLength(nameList); + CertAltNameEntry* arrCertAltNameEntry = new CertAltNameEntry[size]; + for(int i = 0; i < size ; i++){ + switch (current->type) { + case certOtherName: { + arrCertAltNameEntry[i].Type = ExtAltNameType_OTHER_NAME; + ::com::sun::star::beans::PropertyValue otherNameProp; + otherNameProp.Name = ::rtl::OUString::createFromAscii(CERT_GetOidString(¤t->name.OthName.oid)); + + Sequence< sal_Int8 > otherName( current->name.OthName.name.len ) ; + for( unsigned int r = 0; r < current->name.OthName.name.len ; r ++ ) + otherName[r] = *( current->name.OthName.name.data + r ) ; + + otherNameProp.Value <<= otherName; + + arrCertAltNameEntry[i].Value <<= otherNameProp; + break; + } + case certRFC822Name: + arrCertAltNameEntry[i].Type = ExtAltNameType_RFC822_NAME; + arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Char*)current->name.other.data, current->name.other.len, RTL_TEXTENCODING_ASCII_US); + break; + case certDNSName: + arrCertAltNameEntry[i].Type = ExtAltNameType_DNS_NAME; + arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Char*)current->name.other.data, current->name.other.len, RTL_TEXTENCODING_ASCII_US); + break; + case certX400Address: { + // unsupported + arrCertAltNameEntry[i].Type = ExtAltNameType_X400_ADDRESS; + break; + } + case certDirectoryName: { + // unsupported + arrCertAltNameEntry[i].Type = ExtAltNameType_DIRECTORY_NAME; + break; + } + case certEDIPartyName: { + // unsupported + arrCertAltNameEntry[i].Type = ExtAltNameType_EDI_PARTY_NAME; + break; + } + case certURI: + arrCertAltNameEntry[i].Type = ExtAltNameType_URL; + arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Char*)current->name.other.data, current->name.other.len, RTL_TEXTENCODING_ASCII_US); + break; + case certIPAddress: { + arrCertAltNameEntry[i].Type = ExtAltNameType_IP_ADDRESS; + + Sequence< sal_Int8 > ipAddress( current->name.other.len ) ; + for( unsigned int r = 0; r < current->name.other.len ; r ++ ) + ipAddress[r] = *( current->name.other.data + r ) ; + + arrCertAltNameEntry[i].Value <<= ipAddress; + break; + } + case certRegisterID: + arrCertAltNameEntry[i].Type = ExtAltNameType_REGISTERED_ID; + + + rtl::OString nssOid = ::rtl::OString(CERT_GetOidString(¤t->name.other)); + rtl::OString unoOid = removeOIDFromString(nssOid); + arrCertAltNameEntry[i].Value <<= rtl::OStringToOUString( unoOid, RTL_TEXTENCODING_ASCII_US ); + break; + } + current = CERT_GetNextGeneralName(current); + } + + m_Entries = ::comphelper::arrayToSequence< com::sun::star::security::CertAltNameEntry >(arrCertAltNameEntry, size); + + delete [] arrCertAltNameEntry; + + PORT_FreeArena(arena, PR_FALSE); + + + } + + return m_Entries; +} + +::rtl::OString SanExtensionImpl :: removeOIDFromString( const ::rtl::OString &oidString) + { + ::rtl::OString objID; + ::rtl::OString oid("OID."); + if (oidString.match(oid)) + objID = oidString.copy(oid.getLength()); + else + objID = oidString; + return objID; + + } +//Helper method +void SanExtensionImpl :: setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) { + m_critical = critical ; + m_xExtnId = extnId ; + m_xExtnValue = extnValue ; +} + +void SanExtensionImpl :: setCertExtn( unsigned char* value, unsigned int vlen, unsigned char* id, unsigned int idlen, sal_Bool critical ) { + unsigned int i ; + if( value != NULL && vlen != 0 ) { + Sequence< sal_Int8 > extnv( vlen ) ; + for( i = 0; i < vlen ; i ++ ) + extnv[i] = *( value + i ) ; + + m_xExtnValue = extnv ; + } else { + m_xExtnValue = Sequence<sal_Int8>(); + } + + if( id != NULL && idlen != 0 ) { + Sequence< sal_Int8 > extnId( idlen ) ; + for( i = 0; i < idlen ; i ++ ) + extnId[i] = *( id + i ) ; + + m_xExtnId = extnId ; + } else { + m_xExtnId = Sequence<sal_Int8>(); + } + + m_critical = critical ; +} + +void SanExtensionImpl :: extractCertExt () { +} + diff --git a/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.hxx new file mode 100644 index 000000000000..88425aa8d125 --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.hxx @@ -0,0 +1,77 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +#ifndef _SANEXTENSION_NSSIMPL_HXX_ +#define _SANEXTENSION_NSSIMPL_HXX_ + +#include <sal/config.h> +#include <rtl/ustring.hxx> +#include <cppuhelper/factory.hxx> +#include <cppuhelper/implbase1.hxx> +#include <com/sun/star/uno/Exception.hpp> +#include "com/sun/star/uno/SecurityException.hpp" +#include <com/sun/star/uno/Exception.hpp> +#include <com/sun/star/security/XCertificateExtension.hpp> +#include <com/sun/star/security/XSanExtension.hpp> +#include <com/sun/star/security/CertAltNameEntry.hpp> + +class SanExtensionImpl : public ::cppu::WeakImplHelper1< + ::com::sun::star::security::XSanExtension > +{ + private : + sal_Bool m_critical ; + ::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnId ; + ::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnValue ; + ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > m_Entries; + + ::rtl::OString removeOIDFromString( const ::rtl::OString &oid); + + public : + SanExtensionImpl() ; + virtual ~SanExtensionImpl() ; + + //Methods from XCertificateExtension + virtual sal_Bool SAL_CALL isCritical() throw( ::com::sun::star::uno::RuntimeException ) ; + + virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getExtensionId() throw( ::com::sun::star::uno::RuntimeException ) ; + + virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getExtensionValue() throw( ::com::sun::star::uno::RuntimeException ) ; + + //Methods from XSanExtension + + virtual ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > SAL_CALL getAlternativeNames() throw( ::com::sun::star::uno::RuntimeException ) ; + + //Helper method + void setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) ; + + void setCertExtn( unsigned char* value, unsigned int vlen, unsigned char* id, unsigned int idlen, sal_Bool critical ) ; + + void extractCertExt() ; +} ; + +#endif // _CERTIFICATEEXTENSION_XMLSECIMPL_HXX_ + diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx index a6a1af956728..cb740e5d3ede 100644 --- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx @@ -40,7 +40,7 @@ #include <sal/macros.h> #include "securityenvironment_nssimpl.hxx" #include "x509certificate_nssimpl.hxx" -#include <rtl/uuid.h> +#include <comphelper/servicehelper.hxx> #include "../diagnose.hxx" #include <sal/types.h> @@ -89,7 +89,29 @@ extern X509Certificate_NssImpl* NssPrivKeyToXCert( SECKEYPrivateKey* ) ; struct UsageDescription { SECCertificateUsage usage; - char const * const description; + char const* description; + + UsageDescription() + : usage( certificateUsageCheckAllUsages ) + , description( NULL ) + {} + + UsageDescription( SECCertificateUsage i_usage, char const* i_description ) + : usage( i_usage ) + , description( i_description ) + {} + + UsageDescription( const UsageDescription& aDescription ) + : usage( aDescription.usage ) + , description( aDescription.description ) + {} + + UsageDescription& operator =( const UsageDescription& aDescription ) + { + usage = aDescription.usage; + description = aDescription.description; + return *this; + } }; @@ -220,17 +242,14 @@ sal_Int64 SAL_CALL SecurityEnvironment_NssImpl :: getSomething( const Sequence< } /* XUnoTunnel extension */ + +namespace +{ + class theSecurityEnvironment_NssImplUnoTunnelId : public rtl::Static< UnoTunnelIdInit, theSecurityEnvironment_NssImplUnoTunnelId > {}; +} + const Sequence< sal_Int8>& SecurityEnvironment_NssImpl :: getUnoTunnelId() { - static Sequence< sal_Int8 >* pSeq = 0 ; - if( !pSeq ) { - ::osl::Guard< ::osl::Mutex > aGuard( ::osl::Mutex::getGlobalMutex() ) ; - if( !pSeq ) { - static Sequence< sal_Int8> aSeq( 16 ) ; - rtl_createUuid( ( sal_uInt8* )aSeq.getArray() , 0 , sal_True ) ; - pSeq = &aSeq ; - } - } - return *pSeq ; + return theSecurityEnvironment_NssImplUnoTunnelId::get().getSeq(); } /* XUnoTunnel extension */ @@ -868,14 +887,12 @@ verifyCertificate( const Reference< csss::XCertificate >& aCert, // certificateUsageAnyCA // certificateUsageProtectedObjectSigner - UsageDescription arUsages[] = - { - {certificateUsageSSLClient, "certificateUsageSSLClient" }, - {certificateUsageSSLServer, "certificateUsageSSLServer" }, - {certificateUsageSSLCA, "certificateUsageSSLCA" }, - {certificateUsageEmailSigner, "certificateUsageEmailSigner"}, //only usable for end certs - {certificateUsageEmailRecipient, "certificateUsageEmailRecipient"} - }; + UsageDescription arUsages[5]; + arUsages[0] = UsageDescription( certificateUsageSSLClient, "certificateUsageSSLClient" ); + arUsages[1] = UsageDescription( certificateUsageSSLServer, "certificateUsageSSLServer" ); + arUsages[2] = UsageDescription( certificateUsageSSLCA, "certificateUsageSSLCA" ); + arUsages[3] = UsageDescription( certificateUsageEmailSigner, "certificateUsageEmailSigner" ); + arUsages[4] = UsageDescription( certificateUsageEmailRecipient, "certificateUsageEmailRecipient" ); int numUsages = SAL_N_ELEMENTS(arUsages); for (int i = 0; i < numUsages; i++) diff --git a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx index 5bb2a9ecb567..1e521cf272fd 100644 --- a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx @@ -50,339 +50,45 @@ #undef DEBUG_WAS_DEFINED #endif - #include <sal/types.h> -#include "rtl/instance.hxx" -#include "rtl/bootstrap.hxx" -#include "rtl/string.hxx" -#include "rtl/strbuf.hxx" -#include "osl/file.hxx" -#include "osl/thread.h" +#include <rtl/bootstrap.hxx> +#include <rtl/string.hxx> +#include <rtl/strbuf.hxx> +#include <osl/file.hxx> +#include <osl/thread.h> #include <tools/debug.hxx> #include <rtl/logfile.hxx> #include "seinitializer_nssimpl.hxx" -#include "../diagnose.hxx" - #include "securityenvironment_nssimpl.hxx" -#include <com/sun/star/mozilla/XMozillaBootstrap.hpp> -#include "nspr.h" -#include "cert.h" -#include "nss.h" -#include "secmod.h" -#include "nssckbi.h" +#include <nspr.h> +#include <cert.h> +#include <nss.h> +#include <pk11pub.h> +#include <secmod.h> +#include <nssckbi.h> -namespace cssu = com::sun::star::uno; -namespace cssl = com::sun::star::lang; -namespace cssxc = com::sun::star::xml::crypto; +namespace css = ::com::sun::star; +namespace cssu = css::uno; +namespace cssl = css::lang; +namespace cssxc = css::xml::crypto; -using namespace xmlsecurity; using namespace com::sun::star; using ::rtl::OUString; using ::rtl::OString; -#define SERVICE_NAME "com.sun.star.xml.crypto.SEInitializer" +#define SE_SERVICE_NAME "com.sun.star.xml.crypto.SEInitializer" #define IMPLEMENTATION_NAME "com.sun.star.xml.security.bridge.xmlsec.SEInitializer_NssImpl" #define SECURITY_ENVIRONMENT "com.sun.star.xml.crypto.SecurityEnvironment" #define SECURITY_CONTEXT "com.sun.star.xml.crypto.XMLSecurityContext" - -#define ROOT_CERTS "Root Certs for OpenOffice.org" - - -extern "C" void nsscrypto_finalize(); - - -namespace -{ - -bool nsscrypto_initialize( const char * sProfile, bool & out_nss_init); - -struct InitNSSInitialize -{ - //path to the database folder - const OString m_sProfile; - InitNSSInitialize(const OString & sProfile): m_sProfile(sProfile) {}; - bool * operator()() - { - static bool bInitialized = false; - bool bNSSInit = false; - bInitialized = nsscrypto_initialize(m_sProfile.getStr(), bNSSInit); - if (bNSSInit) - atexit(nsscrypto_finalize ); - return & bInitialized; - - } -}; - -bool * initNSS(const OString & sProfile) -{ - return rtl_Instance< bool, InitNSSInitialize, - ::osl::MutexGuard, ::osl::GetGlobalMutex >::create( - InitNSSInitialize(sProfile), ::osl::GetGlobalMutex()); -} - -void deleteRootsModule() -{ - SECMODModule *RootsModule = 0; - SECMODModuleList *list = SECMOD_GetDefaultModuleList(); - SECMODListLock *lock = SECMOD_GetDefaultModuleListLock(); - SECMOD_GetReadLock(lock); - - while (!RootsModule && list) - { - SECMODModule *module = list->module; - - for (int i=0; i < module->slotCount; i++) - { - PK11SlotInfo *slot = module->slots[i]; - if (PK11_IsPresent(slot)) - { - if (PK11_HasRootCerts(slot)) - { - xmlsec_trace("The root certifificates module \"%s" - "\" is already loaded: \n%s", - module->commonName, module->dllName); - - RootsModule = SECMOD_ReferenceModule(module); - break; - } - } - } - list = list->next; - } - SECMOD_ReleaseReadLock(lock); - - if (RootsModule) - { - PRInt32 modType; - if (SECSuccess == SECMOD_DeleteModule(RootsModule->commonName, &modType)) - { - xmlsec_trace("Deleted module \"%s\".", RootsModule->commonName); - } - else - { - xmlsec_trace("Failed to delete \"%s\" : \n%s", - RootsModule->commonName, RootsModule->dllName); - } - SECMOD_DestroyModule(RootsModule); - RootsModule = 0; - } -} - -//Older versions of Firefox (FF), for example FF2, and Thunderbird (TB) 2 write -//the roots certificate module (libnssckbi.so), which they use, into the -//profile. This module will then already be loaded during NSS_Init (and the -//other init functions). This fails in two cases. First, FF3 was used to create -//the profile, or possibly used that profile before, and second the profile was -//used on a different platform. -// -//Then one needs to add the roots module oneself. This should be done with -//SECMOD_LoadUserModule rather then SECMOD_AddNewModule. The latter would write -//the location of the roots module to the profile, which makes FF2 and TB2 use -//it instead of there own module. -// -//When using SYSTEM_MOZILLA then the libnss3.so lib is typically found in -///usr/lib. This folder may, however, NOT contain the roots certificate -//module. That is, just providing the library name in SECMOD_LoadUserModule or -//SECMOD_AddNewModule will FAIL to load the mozilla unless the LD_LIBRARY_PATH -//contains an FF or TB installation. -//ATTENTION: DO NOT call this function directly instead use initNSS -//return true - whole initialization was successful -//param out_nss_init = true: at least the NSS initialization (NSS_InitReadWrite -//was successful and therefor NSS_Shutdown should be called when terminating. -bool nsscrypto_initialize( const char* token, bool & out_nss_init ) -{ - bool return_value = true; - - xmlsec_trace("Using profile: %s", token); - - PR_Init( PR_USER_THREAD, PR_PRIORITY_NORMAL, 1 ) ; - - //token may be an empty string - if (token != NULL && strlen(token) > 0) - { - if( NSS_InitReadWrite( token ) != SECSuccess ) - { - xmlsec_trace("Initializing NSS with profile failed."); - char * error = NULL; - - PR_GetErrorText(error); - if (error) - xmlsec_trace("%s",error); - return false ; - } - } - else - { - xmlsec_trace("Initializing NSS without profile."); - if ( NSS_NoDB_Init(NULL) != SECSuccess ) - { - xmlsec_trace("Initializing NSS without profile failed."); - char * error = NULL; - PR_GetErrorText(error); - if (error) - xmlsec_trace("%s",error); - return false ; - } - } - out_nss_init = true; - -#if defined SYSTEM_MOZILLA - if (!SECMOD_HasRootCerts()) - { -#endif - deleteRootsModule(); - -#if defined SYSTEM_MOZILLA - OUString rootModule(RTL_CONSTASCII_USTRINGPARAM("libnssckbi"SAL_DLLEXTENSION)); -#else - OUString rootModule(RTL_CONSTASCII_USTRINGPARAM("${OOO_BASE_DIR}/program/libnssckbi"SAL_DLLEXTENSION)); -#endif - ::rtl::Bootstrap::expandMacros(rootModule); - - OUString rootModulePath; - if (::osl::File::E_None == ::osl::File::getSystemPathFromFileURL(rootModule, rootModulePath)) - { - ::rtl::OString ospath = ::rtl::OUStringToOString(rootModulePath, osl_getThreadTextEncoding()); - ::rtl::OStringBuffer pkcs11moduleSpec; - pkcs11moduleSpec.append("name=\""); - pkcs11moduleSpec.append(ROOT_CERTS); - pkcs11moduleSpec.append("\" library=\""); - pkcs11moduleSpec.append(ospath.getStr()); - pkcs11moduleSpec.append("\""); - - SECMODModule * RootsModule = - SECMOD_LoadUserModule( - const_cast<char*>(pkcs11moduleSpec.makeStringAndClear().getStr()), - 0, // no parent - PR_FALSE); // do not recurse - - if (RootsModule) - { - - bool found = RootsModule->loaded; - - SECMOD_DestroyModule(RootsModule); - RootsModule = 0; - if (found) - xmlsec_trace("Added new root certificate module " - "\""ROOT_CERTS"\" contained in \n%s", ospath.getStr()); - else - { - xmlsec_trace("FAILED to load the new root certificate module " - "\""ROOT_CERTS"\" contained in \n%s", ospath.getStr()); - return_value = false; - } - } - else - { - xmlsec_trace("FAILED to add new root certifice module: " - "\""ROOT_CERTS"\" contained in \n%s", ospath.getStr()); - return_value = false; - - } - } - else - { - xmlsec_trace("Adding new root certificate module failed."); - return_value = false; - } -#if SYSTEM_MOZILLA - } -#endif - - return return_value; -} - - -// must be extern "C" because we pass the function pointer to atexit -extern "C" void nsscrypto_finalize() -{ - SECMODModule *RootsModule = SECMOD_FindModule(ROOT_CERTS); - - if (RootsModule) - { - - if (SECSuccess == SECMOD_UnloadUserModule(RootsModule)) - { - xmlsec_trace("Unloaded module \""ROOT_CERTS"\"."); - } - else - { - xmlsec_trace("Failed unloadeding module \""ROOT_CERTS"\"."); - } - SECMOD_DestroyModule(RootsModule); - } - else - { - xmlsec_trace("Unloading module \""ROOT_CERTS - "\" failed because it was not found."); - } - PK11_LogoutAll(); - NSS_Shutdown(); -} - - -bool getMozillaCurrentProfile( - const com::sun::star::uno::Reference< com::sun::star::lang::XMultiServiceFactory > &rxMSF, - rtl::OUString& profilePath) -{ - /* - * first, try to get the profile from "MOZILLA_CERTIFICATE_FOLDER" - */ - char * env = getenv("MOZILLA_CERTIFICATE_FOLDER"); - if (env) - { - profilePath = rtl::OUString::createFromAscii( env ); - RTL_LOGFILE_PRODUCT_TRACE1( "XMLSEC: Using env MOZILLA_CERTIFICATE_FOLDER: %s", rtl::OUStringToOString( profilePath, RTL_TEXTENCODING_ASCII_US ).getStr() ); - return true; - } - else - { - mozilla::MozillaProductType productTypes[4] = { - mozilla::MozillaProductType_Thunderbird, - mozilla::MozillaProductType_Mozilla, - mozilla::MozillaProductType_Firefox, - mozilla::MozillaProductType_Default }; - - uno::Reference<uno::XInterface> xInstance = rxMSF->createInstance( - ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM("com.sun.star.mozilla.MozillaBootstrap")) ); - OSL_ENSURE( xInstance.is(), "failed to create instance" ); - - uno::Reference<mozilla::XMozillaBootstrap> xMozillaBootstrap - = uno::Reference<mozilla::XMozillaBootstrap>(xInstance,uno::UNO_QUERY); - OSL_ENSURE( xMozillaBootstrap.is(), "failed to create instance" ); - - if (xMozillaBootstrap.is()) - { int nProduct = 4; - for (int i=0; i<nProduct; i++) - { - ::rtl::OUString profile = xMozillaBootstrap->getDefaultProfile(productTypes[i]); - - if (profile != NULL && profile.getLength()>0) - { - profilePath = xMozillaBootstrap->getProfilePath(productTypes[i],profile); - RTL_LOGFILE_PRODUCT_TRACE1( "XMLSEC: Using Mozilla Profile: %s", rtl::OUStringToOString( profilePath, RTL_TEXTENCODING_ASCII_US ).getStr() ); - return true; - } - } - } - - RTL_LOGFILE_PRODUCT_TRACE( "XMLSEC: No Mozilla Profile found!" ); - return false; - } -} - -} // namespace - SEInitializer_NssImpl::SEInitializer_NssImpl( - const com::sun::star::uno::Reference< com::sun::star::lang::XMultiServiceFactory > &rxMSF) - :mxMSF( rxMSF ) + const css::uno::Reference< css::lang::XMultiServiceFactory > &rxMSF ) { + mxMSF = rxMSF; } SEInitializer_NssImpl::~SEInitializer_NssImpl() @@ -391,36 +97,13 @@ SEInitializer_NssImpl::~SEInitializer_NssImpl() /* XSEInitializer */ cssu::Reference< cssxc::XXMLSecurityContext > SAL_CALL - SEInitializer_NssImpl::createSecurityContext( - const rtl::OUString& sCertDB ) + SEInitializer_NssImpl::createSecurityContext( const ::rtl::OUString& ) throw (cssu::RuntimeException) { CERTCertDBHandle *pCertHandle = NULL ; - rtl::OString sCertDir; - if( sCertDB.getLength() ) - { - sCertDir = rtl::OUStringToOString(sCertDB, RTL_TEXTENCODING_ASCII_US); - } - else - { - static rtl::OString* pDefaultCertDir = NULL; - if ( !pDefaultCertDir ) - { - pDefaultCertDir = new rtl::OString; - rtl::OUString ouCertDir; - - if ( getMozillaCurrentProfile(mxMSF, ouCertDir) ) - *pDefaultCertDir = rtl::OUStringToOString(ouCertDir, RTL_TEXTENCODING_ASCII_US); - } - sCertDir = *pDefaultCertDir; - - } - - if( ! *initNSS( sCertDir.getStr() ) ) - { + if( !initNSS( mxMSF ) ) return NULL; - } pCertHandle = CERT_GetDefaultCertDB() ; @@ -477,18 +160,18 @@ rtl::OUString SEInitializer_NssImpl_getImplementationName () sal_Bool SAL_CALL SEInitializer_NssImpl_supportsService( const rtl::OUString& ServiceName ) throw (cssu::RuntimeException) { - return ServiceName.equalsAsciiL( RTL_CONSTASCII_STRINGPARAM ( SERVICE_NAME )); + return ServiceName.equalsAsciiL( RTL_CONSTASCII_STRINGPARAM ( SE_SERVICE_NAME )) || ServiceName.equalsAsciiL( RTL_CONSTASCII_STRINGPARAM ( NSS_SERVICE_NAME )); } cssu::Sequence< rtl::OUString > SAL_CALL SEInitializer_NssImpl_getSupportedServiceNames( ) throw (cssu::RuntimeException) { - cssu::Sequence < rtl::OUString > aRet(1); + cssu::Sequence < rtl::OUString > aRet(2); rtl::OUString* pArray = aRet.getArray(); - pArray[0] = rtl::OUString ( RTL_CONSTASCII_USTRINGPARAM ( SERVICE_NAME ) ); + pArray[0] = rtl::OUString ( RTL_CONSTASCII_USTRINGPARAM ( SE_SERVICE_NAME ) ); + pArray[1] = rtl::OUString ( RTL_CONSTASCII_USTRINGPARAM ( NSS_SERVICE_NAME ) ); return aRet; } -#undef SERVICE_NAME cssu::Reference< cssu::XInterface > SAL_CALL SEInitializer_NssImpl_createInstance( const cssu::Reference< cssl::XMultiServiceFactory > & rSMgr) throw( cssu::Exception ) diff --git a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx index 6012a0317c5b..776c2ffd4a78 100644 --- a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx +++ b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx @@ -31,46 +31,28 @@ #include <com/sun/star/xml/crypto/XXMLSecurityContext.hpp> #include <com/sun/star/xml/crypto/XSEInitializer.hpp> -#include <com/sun/star/lang/XUnoTunnel.hpp> -#include <com/sun/star/lang/XServiceInfo.hpp> -#include <com/sun/star/lang/XMultiServiceFactory.hpp> -#include <cppuhelper/implbase2.hxx> + +#include <cppuhelper/implbase1.hxx> #include <libxml/tree.h> -class SEInitializer_NssImpl : public cppu::WeakImplHelper2 +#include "nssinitializer.hxx" + +class SEInitializer_NssImpl : public cppu::ImplInheritanceHelper1 < - com::sun::star::xml::crypto::XSEInitializer, - com::sun::star::lang::XServiceInfo + ONSSInitializer, + ::com::sun::star::xml::crypto::XSEInitializer > -/****** SEInitializer_NssImpl.hxx/CLASS SEInitializer_NssImpl *********** - * - * NAME - * SEInitializer_NssImpl -- Class to initialize a Security Context - * instance - * - * FUNCTION - * Use this class to initialize a XmlSec based Security Context - * instance. After this instance is used up, use this class to free this - * instance. - * - * AUTHOR - * Michael Mi - * Email: michael.mi@sun.com - ******************************************************************************/ { -private: - com::sun::star::uno::Reference< com::sun::star::lang::XMultiServiceFactory > mxMSF; - public: - SEInitializer_NssImpl(const com::sun::star::uno::Reference< com::sun::star::lang::XMultiServiceFactory > &rxMSF); + SEInitializer_NssImpl( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory > &rxMSF ); virtual ~SEInitializer_NssImpl(); /* XSEInitializer */ - virtual com::sun::star::uno::Reference< - com::sun::star::xml::crypto::XXMLSecurityContext > - SAL_CALL createSecurityContext( const rtl::OUString& certDB ) - throw (com::sun::star::uno::RuntimeException); + virtual ::com::sun::star::uno::Reference< + ::com::sun::star::xml::crypto::XXMLSecurityContext > + SAL_CALL createSecurityContext( const ::rtl::OUString& ) + throw (::com::sun::star::uno::RuntimeException); virtual void SAL_CALL freeSecurityContext( const com::sun::star::uno::Reference< com::sun::star::xml::crypto::XXMLSecurityContext >& securityContext ) @@ -78,27 +60,27 @@ public: /* XServiceInfo */ virtual rtl::OUString SAL_CALL getImplementationName( ) - throw (com::sun::star::uno::RuntimeException); + throw (::com::sun::star::uno::RuntimeException); virtual sal_Bool SAL_CALL supportsService( const rtl::OUString& ServiceName ) - throw (com::sun::star::uno::RuntimeException); + throw (::com::sun::star::uno::RuntimeException); - virtual com::sun::star::uno::Sequence< rtl::OUString > SAL_CALL getSupportedServiceNames( ) - throw (com::sun::star::uno::RuntimeException); + virtual ::com::sun::star::uno::Sequence< rtl::OUString > SAL_CALL getSupportedServiceNames( ) + throw (::com::sun::star::uno::RuntimeException); }; rtl::OUString SEInitializer_NssImpl_getImplementationName() - throw ( com::sun::star::uno::RuntimeException ); + throw ( ::com::sun::star::uno::RuntimeException ); sal_Bool SAL_CALL SEInitializer_NssImpl_supportsService( const rtl::OUString& ServiceName ) - throw ( com::sun::star::uno::RuntimeException ); + throw ( ::com::sun::star::uno::RuntimeException ); com::sun::star::uno::Sequence< rtl::OUString > SAL_CALL SEInitializer_NssImpl_getSupportedServiceNames( ) - throw ( com::sun::star::uno::RuntimeException ); + throw ( ::com::sun::star::uno::RuntimeException ); -com::sun::star::uno::Reference< com::sun::star::uno::XInterface > -SAL_CALL SEInitializer_NssImpl_createInstance( const com::sun::star::uno::Reference< com::sun::star::lang::XMultiServiceFactory > & rSMgr) - throw ( com::sun::star::uno::Exception ); +com::sun::star::uno::Reference< ::com::sun::star::uno::XInterface > +SAL_CALL SEInitializer_NssImpl_createInstance( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory > & rSMgr) + throw ( ::com::sun::star::uno::Exception ); #endif diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx index 3fe691f4acda..61a52adf7735 100644 --- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx @@ -41,11 +41,12 @@ #include "pk11func.h" #include <sal/config.h> -#include <rtl/uuid.h> +#include <comphelper/servicehelper.hxx> #include "x509certificate_nssimpl.hxx" #include "certificateextension_xmlsecimpl.hxx" +#include "sanextension_nssimpl.hxx" using namespace ::com::sun::star::uno ; using namespace ::com::sun::star::security ; @@ -120,13 +121,13 @@ sal_Int16 SAL_CALL X509Certificate_NssImpl :: getVersion() throw ( ::com::sun::s //Convert the time to readable local time PR_ExplodeTime( notBefore, PR_LocalTimeParameters, &explTime ) ; - dateTime.HundredthSeconds = explTime.tm_usec / 1000 ; - dateTime.Seconds = explTime.tm_sec ; - dateTime.Minutes = explTime.tm_min ; - dateTime.Hours = explTime.tm_hour ; - dateTime.Day = explTime.tm_mday ; - dateTime.Month = explTime.tm_month+1 ; - dateTime.Year = explTime.tm_year ; + dateTime.HundredthSeconds = static_cast< sal_Int16 >( explTime.tm_usec / 1000 ); + dateTime.Seconds = static_cast< sal_Int16 >( explTime.tm_sec ); + dateTime.Minutes = static_cast< sal_Int16 >( explTime.tm_min ); + dateTime.Hours = static_cast< sal_Int16 >( explTime.tm_hour ); + dateTime.Day = static_cast< sal_Int16 >( explTime.tm_mday ); + dateTime.Month = static_cast< sal_Int16 >( explTime.tm_month+1 ); + dateTime.Year = static_cast< sal_Int16 >( explTime.tm_year ); return dateTime ; } else { @@ -149,13 +150,13 @@ sal_Int16 SAL_CALL X509Certificate_NssImpl :: getVersion() throw ( ::com::sun::s //Convert the time to readable local time PR_ExplodeTime( notAfter, PR_LocalTimeParameters, &explTime ) ; - dateTime.HundredthSeconds = explTime.tm_usec / 1000 ; - dateTime.Seconds = explTime.tm_sec ; - dateTime.Minutes = explTime.tm_min ; - dateTime.Hours = explTime.tm_hour ; - dateTime.Day = explTime.tm_mday ; - dateTime.Month = explTime.tm_month+1 ; - dateTime.Year = explTime.tm_year ; + dateTime.HundredthSeconds = static_cast< sal_Int16 >( explTime.tm_usec / 1000 ); + dateTime.Seconds = static_cast< sal_Int16 >( explTime.tm_sec ); + dateTime.Minutes = static_cast< sal_Int16 >( explTime.tm_min ); + dateTime.Hours = static_cast< sal_Int16 >( explTime.tm_hour ); + dateTime.Day = static_cast< sal_Int16 >( explTime.tm_mday ); + dateTime.Month = static_cast< sal_Int16 >( explTime.tm_month+1 ); + dateTime.Year = static_cast< sal_Int16 >( explTime.tm_year ); return dateTime ; } else { @@ -198,12 +199,27 @@ sal_Int16 SAL_CALL X509Certificate_NssImpl :: getVersion() throw ( ::com::sun::s Sequence< Reference< XCertificateExtension > > xExtns( len ) ; for( extns = m_pCert->extensions, len = 0; *extns != NULL; extns ++, len ++ ) { - pExtn = new CertificateExtension_XmlSecImpl() ; + const SECItem id = (*extns)->id; + ::rtl::OString oidString(CERT_GetOidString(&id)); + + // remove "OID." prefix if existing + ::rtl::OString objID; + ::rtl::OString oid("OID."); + if (oidString.match(oid)) + objID = oidString.copy(oid.getLength()); + else + objID = oidString; + + if ( objID.equals("2.5.29.17") ) + pExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ; + else + pExtn = new CertificateExtension_XmlSecImpl() ; + if( (*extns)->critical.data == NULL ) crit = sal_False ; else crit = ( (*extns)->critical.data[0] == 0xFF ) ? sal_True : sal_False ; - pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (*extns)->id.data, (*extns)->id.len, crit ) ; + pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (unsigned char*)objID.getStr(), objID.getLength(), crit ) ; xExtns[len] = pExtn ; } @@ -227,7 +243,12 @@ sal_Int16 SAL_CALL X509Certificate_NssImpl :: getVersion() throw ( ::com::sun::s pExtn = NULL ; for( extns = m_pCert->extensions; *extns != NULL; extns ++ ) { if( SECITEM_CompareItem( &idItem, &(*extns)->id ) == SECEqual ) { - pExtn = new CertificateExtension_XmlSecImpl() ; + const SECItem id = (*extns)->id; + ::rtl::OString objId(CERT_GetOidString(&id)); + if ( objId.equals("OID.2.5.29.17") ) + pExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ; + else + pExtn = new CertificateExtension_XmlSecImpl() ; if( (*extns)->critical.data == NULL ) crit = sal_False ; else @@ -304,17 +325,14 @@ sal_Int64 SAL_CALL X509Certificate_NssImpl :: getSomething( const Sequence< sal_ } /* XUnoTunnel extension */ + +namespace +{ + class theX509Certificate_NssImplUnoTunnelId : public rtl::Static< UnoTunnelIdInit, theX509Certificate_NssImplUnoTunnelId > {}; +} + const Sequence< sal_Int8>& X509Certificate_NssImpl :: getUnoTunnelId() { - static Sequence< sal_Int8 >* pSeq = 0 ; - if( !pSeq ) { - ::osl::Guard< ::osl::Mutex > aGuard( ::osl::Mutex::getGlobalMutex() ) ; - if( !pSeq ) { - static Sequence< sal_Int8> aSeq( 16 ) ; - rtl_createUuid( ( sal_uInt8* )aSeq.getArray() , 0 , sal_True ) ; - pSeq = &aSeq ; - } - } - return *pSeq ; + return theX509Certificate_NssImplUnoTunnelId::get().getSeq(); } /* XUnoTunnel extension */ diff --git a/xmlsecurity/source/xmlsec/nss/xsec_nss.cxx b/xmlsecurity/source/xmlsec/nss/xsec_nss.cxx index 466652ab25bb..171c7bc365a3 100644 --- a/xmlsecurity/source/xmlsec/nss/xsec_nss.cxx +++ b/xmlsecurity/source/xmlsec/nss/xsec_nss.cxx @@ -57,21 +57,41 @@ void* SAL_CALL nss_component_getFactory( const sal_Char* pImplName , void* pServ void* pRet = 0; Reference< XSingleServiceFactory > xFactory ; - if( pImplName != NULL && pServiceManager != NULL ) { - if( XMLSignature_NssImpl::impl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) { + if( pImplName != NULL && pServiceManager != NULL ) + { +#ifdef XMLSEC_CRYPTO_NSS + if( SEInitializer_NssImpl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) + { + xFactory = Reference< XSingleServiceFactory >( createSingleFactory( + reinterpret_cast< XMultiServiceFactory * >( pServiceManager ), + OUString::createFromAscii( pImplName ), + SEInitializer_NssImpl_createInstance, SEInitializer_NssImpl_getSupportedServiceNames() ) ); + } + else if( XMLSignature_NssImpl::impl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) + { xFactory = XMLSignature_NssImpl::impl_createFactory( reinterpret_cast< XMultiServiceFactory* >( pServiceManager ) ) ; - } else if( XMLSecurityContext_NssImpl::impl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) { + } + else if( XMLSecurityContext_NssImpl::impl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) + { xFactory = XMLSecurityContext_NssImpl::impl_createFactory( reinterpret_cast< XMultiServiceFactory* >( pServiceManager ) ) ; - } else if( SecurityEnvironment_NssImpl::impl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) { + } + else if( SecurityEnvironment_NssImpl::impl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) + { xFactory = SecurityEnvironment_NssImpl::impl_createFactory( reinterpret_cast< XMultiServiceFactory* >( pServiceManager ) ) ; - } else if( XMLEncryption_NssImpl::impl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) { + } + else if( XMLEncryption_NssImpl::impl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) + { xFactory = XMLEncryption_NssImpl::impl_createFactory( reinterpret_cast< XMultiServiceFactory* >( pServiceManager ) ) ; - } else if( SEInitializer_NssImpl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) { + } +#else + if( ONSSInitializer_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) + { xFactory = Reference< XSingleServiceFactory >( createSingleFactory( reinterpret_cast< XMultiServiceFactory * >( pServiceManager ), OUString::createFromAscii( pImplName ), - SEInitializer_NssImpl_createInstance, SEInitializer_NssImpl_getSupportedServiceNames() ) ); + ONSSInitializer_createInstance, ONSSInitializer_getSupportedServiceNames() ) ); } +#endif } if( xFactory.is() ) { diff --git a/xmlsecurity/source/xmlsec/saxhelper.cxx b/xmlsecurity/source/xmlsec/saxhelper.cxx index 8a8a00b22d24..9463251d3c0b 100644 --- a/xmlsecurity/source/xmlsec/saxhelper.cxx +++ b/xmlsecurity/source/xmlsec/saxhelper.cxx @@ -2,7 +2,7 @@ /************************************************************************* * * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * + * * Copyright 2000, 2010 Oracle and/or its affiliates. * * OpenOffice.org - a multi-platform office productivity suite @@ -46,7 +46,7 @@ namespace cssxcsax = com::sun::star::xml::csax; * The return value is NULL terminated. The application has the responsibilty to * deallocte the return value. */ -xmlChar* ous_to_xmlstr( const rtl::OUString& oustr ) +xmlChar* ous_to_xmlstr( const rtl::OUString& oustr ) { rtl::OString ostr = rtl::OUStringToOString( oustr , RTL_TEXTENCODING_UTF8 ) ; return xmlStrndup( ( xmlChar* )ostr.getStr(), ( int )ostr.getLength() ) ; @@ -56,7 +56,7 @@ xmlChar* ous_to_xmlstr( const rtl::OUString& oustr ) * The return value is NULL terminated. The application has the responsibilty to * deallocte the return value. */ -xmlChar* ous_to_nxmlstr( const rtl::OUString& oustr, int& length ) +xmlChar* ous_to_nxmlstr( const rtl::OUString& oustr, int& length ) { rtl::OString ostr = rtl::OUStringToOString( oustr , RTL_TEXTENCODING_UTF8 ) ; length = ostr.getLength(); @@ -68,16 +68,16 @@ xmlChar* ous_to_nxmlstr( const rtl::OUString& oustr, int& length ) * The return value and the referenced value must be NULL terminated. * The application has the responsibilty to deallocte the return value. */ -const xmlChar** attrlist_to_nxmlstr( const cssu::Sequence< cssxcsax::XMLAttribute >& aAttributes ) +const xmlChar** attrlist_to_nxmlstr( const cssu::Sequence< cssxcsax::XMLAttribute >& aAttributes ) { xmlChar* attname = NULL ; xmlChar* attvalue = NULL ; const xmlChar** attrs = NULL ; rtl::OUString oustr ; - + sal_Int32 nLength = aAttributes.getLength();; - if( nLength != 0 ) + if( nLength != 0 ) { attrs = ( const xmlChar** )xmlMalloc( ( nLength * 2 + 2 ) * sizeof( xmlChar* ) ) ; } @@ -86,12 +86,12 @@ const xmlChar** attrlist_to_nxmlstr( const cssu::Sequence< cssxcsax::XMLAttribut return NULL ; } - for( int i = 0 , j = 0 ; j < nLength ; ++j ) + for( int i = 0 , j = 0 ; j < nLength ; ++j ) { attname = ous_to_xmlstr( aAttributes[j].sName ) ; attvalue = ous_to_xmlstr( aAttributes[j].sValue ) ; - if( attname != NULL && attvalue != NULL ) + if( attname != NULL && attvalue != NULL ) { attrs[i++] = attname ; attrs[i++] = attvalue ; @@ -122,7 +122,7 @@ SAXHelper::SAXHelper( ) { xmlInitParser() ; LIBXML_TEST_VERSION ; - + /* * compile error: * xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS ; @@ -140,27 +140,27 @@ SAXHelper::SAXHelper( ) * * mmi : re-initialize the SAX handler to version 1 */ - + xmlSAXVersion(m_pParserCtxt->sax, 1); /* end */ - if( m_pParserCtxt->inputTab[0] != NULL ) + if( m_pParserCtxt->inputTab[0] != NULL ) { m_pParserCtxt->inputTab[0] = NULL ; } - - if( m_pParserCtxt == NULL ) + + if( m_pParserCtxt == NULL ) { #ifndef XMLSEC_NO_XSLT - xsltCleanupGlobals() ; + xsltCleanupGlobals() ; #endif // see issue i74334, we cannot call xmlCleanupParser when libxml is still used -// in other parts of the office. -// xmlCleanupParser() ; +// in other parts of the office. +// xmlCleanupParser() ; throw cssu::RuntimeException() ; } - else if( m_pParserCtxt->sax == NULL ) + else if( m_pParserCtxt->sax == NULL ) { xmlFreeParserCtxt( m_pParserCtxt ) ; @@ -168,8 +168,8 @@ SAXHelper::SAXHelper( ) xsltCleanupGlobals() ; #endif // see issue i74334, we cannot call xmlCleanupParser when libxml is still used -// in other parts of the office. -// xmlCleanupParser() ; +// in other parts of the office. +// xmlCleanupParser() ; m_pParserCtxt = NULL ; throw cssu::RuntimeException() ; } @@ -191,7 +191,7 @@ SAXHelper::SAXHelper( ) * destruct the xml tree. */ SAXHelper::~SAXHelper() { - if( m_pParserCtxt != NULL ) + if( m_pParserCtxt != NULL ) { /* * In the situation that no object refer the Document, this destructor @@ -206,14 +206,14 @@ SAXHelper::~SAXHelper() { m_pParserCtxt = NULL ; } - if( m_pSaxHandler != NULL ) + if( m_pSaxHandler != NULL ) { xmlFree( m_pSaxHandler ) ; m_pSaxHandler = NULL ; } // see issue i74334, we cannot call xmlCleanupParser when libxml is still used -// in other parts of the office. -// xmlCleanupParser() ; +// in other parts of the office. +// xmlCleanupParser() ; } xmlNodePtr SAXHelper::getCurrentNode() @@ -230,7 +230,7 @@ void SAXHelper::setCurrentNode(const xmlNodePtr pNode) * node, in order to make compatibility. */ m_pParserCtxt->nodeTab[m_pParserCtxt->nodeNr - 1] - = m_pParserCtxt->node + = m_pParserCtxt->node = pNode; } @@ -243,14 +243,14 @@ xmlDocPtr SAXHelper::getDocument() * XDocumentHandler -- start an xml document */ void SAXHelper::startDocument( void ) - throw( cssxs::SAXException , cssu::RuntimeException ) + throw( cssxs::SAXException , cssu::RuntimeException ) { /* * Adjust inputTab */ xmlParserInputPtr pInput = xmlNewInputStream( m_pParserCtxt ) ; - if( m_pParserCtxt->inputTab != NULL && m_pParserCtxt->inputMax != 0 ) + if( m_pParserCtxt->inputTab != NULL && m_pParserCtxt->inputMax != 0 ) { m_pParserCtxt->inputTab[0] = pInput ; m_pParserCtxt->input = pInput ; @@ -258,7 +258,7 @@ void SAXHelper::startDocument( void ) m_pSaxHandler->startDocument( m_pParserCtxt ) ; - if( m_pParserCtxt == NULL || m_pParserCtxt->myDoc == NULL ) + if( m_pParserCtxt == NULL || m_pParserCtxt->myDoc == NULL ) { throw cssu::RuntimeException() ; } @@ -267,8 +267,8 @@ void SAXHelper::startDocument( void ) /** * XDocumentHandler -- end an xml document */ -void SAXHelper::endDocument( void ) - throw( cssxs::SAXException , cssu::RuntimeException ) +void SAXHelper::endDocument( void ) + throw( cssxs::SAXException , cssu::RuntimeException ) { m_pSaxHandler->endDocument( m_pParserCtxt ) ; } @@ -279,33 +279,33 @@ void SAXHelper::endDocument( void ) void SAXHelper::startElement( const rtl::OUString& aName, const cssu::Sequence< cssxcsax::XMLAttribute >& aAttributes ) - throw( cssxs::SAXException , cssu::RuntimeException ) + throw( cssxs::SAXException , cssu::RuntimeException ) { const xmlChar* fullName = NULL ; const xmlChar** attrs = NULL ; fullName = ous_to_xmlstr( aName ) ; attrs = attrlist_to_nxmlstr( aAttributes ) ; - + if( fullName != NULL || attrs != NULL ) { m_pSaxHandler->startElement( m_pParserCtxt , fullName , attrs ) ; } - if( fullName != NULL ) + if( fullName != NULL ) { xmlFree( ( xmlChar* )fullName ) ; fullName = NULL ; } - - if( attrs != NULL ) + + if( attrs != NULL ) { - for( int i = 0 ; attrs[i] != NULL ; ++i ) + for( int i = 0 ; attrs[i] != NULL ; ++i ) { xmlFree( ( xmlChar* )attrs[i] ) ; attrs[i] = NULL ; } - + xmlFree( ( void* ) attrs ) ; attrs = NULL ; } @@ -315,14 +315,14 @@ void SAXHelper::startElement( * XDocumentHandler -- end an xml element */ void SAXHelper::endElement( const rtl::OUString& aName ) - throw( cssxs::SAXException , cssu::RuntimeException ) + throw( cssxs::SAXException , cssu::RuntimeException ) { xmlChar* fullname = NULL ; fullname = ous_to_xmlstr( aName ) ; m_pSaxHandler->endElement( m_pParserCtxt , fullname ) ; - if( fullname != NULL ) + if( fullname != NULL ) { xmlFree( ( xmlChar* )fullname ) ; fullname = NULL ; @@ -333,7 +333,7 @@ void SAXHelper::endElement( const rtl::OUString& aName ) * XDocumentHandler -- an xml element or cdata characters */ void SAXHelper::characters( const rtl::OUString& aChars ) - throw( cssxs::SAXException , cssu::RuntimeException ) + throw( cssxs::SAXException , cssu::RuntimeException ) { const xmlChar* chars = NULL ; int length = 0 ; @@ -341,7 +341,7 @@ void SAXHelper::characters( const rtl::OUString& aChars ) chars = ous_to_nxmlstr( aChars, length ) ; m_pSaxHandler->characters( m_pParserCtxt , chars , length ) ; - if( chars != NULL ) + if( chars != NULL ) { xmlFree( ( xmlChar* )chars ) ; } @@ -350,8 +350,8 @@ void SAXHelper::characters( const rtl::OUString& aChars ) /** * XDocumentHandler -- ignorable xml white space */ -void SAXHelper::ignorableWhitespace( const rtl::OUString& aWhitespaces ) - throw( cssxs::SAXException , cssu::RuntimeException ) +void SAXHelper::ignorableWhitespace( const rtl::OUString& aWhitespaces ) + throw( cssxs::SAXException , cssu::RuntimeException ) { const xmlChar* chars = NULL ; int length = 0 ; @@ -359,7 +359,7 @@ void SAXHelper::ignorableWhitespace( const rtl::OUString& aWhitespaces ) chars = ous_to_nxmlstr( aWhitespaces, length ) ; m_pSaxHandler->ignorableWhitespace( m_pParserCtxt , chars , length ) ; - if( chars != NULL ) + if( chars != NULL ) { xmlFree( ( xmlChar* )chars ) ; } @@ -371,7 +371,7 @@ void SAXHelper::ignorableWhitespace( const rtl::OUString& aWhitespaces ) void SAXHelper::processingInstruction( const rtl::OUString& aTarget, const rtl::OUString& aData ) - throw( cssxs::SAXException , cssu::RuntimeException ) + throw( cssxs::SAXException , cssu::RuntimeException ) { xmlChar* target = NULL ; xmlChar* data = NULL ; @@ -381,13 +381,13 @@ void SAXHelper::processingInstruction( m_pSaxHandler->processingInstruction( m_pParserCtxt , target , data ) ; - if( target != NULL ) + if( target != NULL ) { xmlFree( ( xmlChar* )target ) ; target = NULL ; } - - if( data != NULL ) + + if( data != NULL ) { xmlFree( ( xmlChar* )data ) ; data = NULL ; @@ -400,7 +400,7 @@ void SAXHelper::processingInstruction( */ void SAXHelper::setDocumentLocator( const cssu::Reference< cssxs::XLocator > &) - throw( cssxs::SAXException , cssu::RuntimeException ) + throw( cssxs::SAXException , cssu::RuntimeException ) { } diff --git a/xmlsecurity/source/xmlsec/xsec_xmlsec.cxx b/xmlsecurity/source/xmlsec/xsec_xmlsec.cxx index 2b59be2dadff..d7d919920067 100644 --- a/xmlsecurity/source/xmlsec/xsec_xmlsec.cxx +++ b/xmlsecurity/source/xmlsec/xsec_xmlsec.cxx @@ -94,9 +94,7 @@ Reference< XInterface > SerialNumberAdapterImpl_createInstance( extern "C" { -#if defined( XMLSEC_CRYPTO_NSS ) extern void* nss_component_getFactory( const sal_Char*, void*, void* ); -#endif #if defined( XMLSEC_CRYPTO_MSCRYPTO ) extern void* mscrypt_component_getFactory( const sal_Char*, void*, void* ); @@ -135,11 +133,9 @@ SAL_DLLPUBLIC_EXPORT void* SAL_CALL xsec_xmlsec_component_getFactory( const sal_ xFactory->acquire() ; pRet = xFactory.get() ; } else { -#if defined( XMLSEC_CRYPTO_NSS ) pRet = nss_component_getFactory( pImplName, pServiceManager, pRegistryKey ) ; if( pRet != NULL ) return pRet ; -#endif #if defined( XMLSEC_CRYPTO_MSCRYPTO ) pRet = mscrypt_component_getFactory( pImplName, pServiceManager, pRegistryKey ) ; diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt b/xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt index 7061a98fa15f..f6c52e5ac22f 100755 --- a/xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt +++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt @@ -32,3 +32,4 @@ V 350113102213Z 101E unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/C V 350113102601Z 101F unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x003\x000\x00<\x00 \x00>\x00#\x00;\x00 \x00"\x00+\x00" V 350113102847Z 1020 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x003\x001\x00 \x00\\x00"\x00a\x00,\x00b\x00"\x00+\x00C\x00N\x00=\x00U\x00S\x00,\x00 \x00>\x00 \x00\\x00\\x00d\x00e\x00 \x00< V 350113104059Z 1021 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x001\x004\x00 \x00"\x00,\x00m\x00i\x00d\x00d\x00l\x00e\x00 \x00q\x00u\x00o\x00t\x00e +V 111108105139Z 1022 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=User 35 diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1022.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1022.pem new file mode 100644 index 000000000000..6902605756af --- /dev/null +++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1022.pem @@ -0,0 +1,64 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4130 (0x1022) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11 + Validity + Not Before: Nov 8 10:51:39 2010 GMT + Not After : Nov 8 10:51:39 2011 GMT + Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=User 35 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:9b:36:00:64:f3:ce:93:97:62:19:fa:78:d9:6f: + 92:6a:b9:d2:9a:4e:06:2c:02:52:cd:93:50:84:28: + 19:42:a2:4a:34:e2:cd:e6:b0:39:7a:c8:4d:84:bc: + 71:51:ed:5d:6c:7e:f9:cc:01:5a:4b:73:50:a9:3b: + 5d:ad:cc:89:f7:dc:e0:dd:0a:ff:48:01:a9:34:19: + c0:6a:ee:4b:20:f4:cf:3c:94:c1:ae:88:0f:c9:42: + 1a:a6:47:31:fe:37:04:00:bb:ec:07:5f:cb:ee:70: + c4:c7:7c:6f:ee:03:19:76:de:0b:df:d0:48:91:67: + 55:9b:90:91:f4:ce:56:04:d5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Subject Key Identifier: + 91:47:AC:29:95:5D:EF:72:14:8F:82:45:07:E2:94:49:75:C6:7D:73 + X509v3 Authority Key Identifier: + keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55 + + X509v3 Subject Alternative Name: + DNS:alt.openoffice.org, IP Address:192.168.7.1, IP Address:13:0:0:0:0:0:0:17, email:my@other.address, Registered ID:1.2.3.4, othername:<unsupported>, DirName:/C=DE/O=OpenOffice.org/OU=Development/CN=User 32 Root 11, URI:http://my.url.here/ + Signature Algorithm: sha1WithRSAEncryption + 6e:80:e6:1e:86:3d:d2:65:a6:17:fa:80:2d:2e:dc:85:32:05: + a1:69:82:e1:79:d1:dc:de:69:cd:9e:f0:cc:90:75:a9:45:ee: + 73:46:fe:29:69:c0:99:bb:fc:3a:db:c0:5f:69:c6:b7:ea:9a: + 63:b2:8e:29:2c:a5:5a:88:88:94:75:4b:ab:0a:72:f6:3a:aa: + 5d:6b:3a:5c:b6:9b:57:f5:c1:51:af:df:3c:a6:8a:a3:da:70: + 66:61:49:12:06:78:98:9f:bc:78:3c:43:6d:08:94:aa:32:b6: + f3:cc:af:0d:29:fe:96:47:7d:fe:4a:61:48:90:11:0b:bd:0f: + a0:fd +-----BEGIN CERTIFICATE----- +MIIDajCCAtOgAwIBAgICECIwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx +EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD +VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDExMDgxMDUx +MzlaFw0xMTExMDgxMDUxMzlaMGAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i +dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l +bnQxEDAOBgNVBAMTB1VzZXIgMzUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +AJs2AGTzzpOXYhn6eNlvkmq50ppOBiwCUs2TUIQoGUKiSjTizeawOXrITYS8cVHt +XWx++cwBWktzUKk7Xa3Miffc4N0K/0gBqTQZwGruSyD0zzyUwa6ID8lCGqZHMf43 +BAC77Adfy+5wxMd8b+4DGXbeC9/QSJFnVZuQkfTOVgTVAgMBAAGjggExMIIBLTAL +BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJFHrCmVXe9yFI+CRQfilEl1xn1zMB8GA1Ud +IwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMIHdBgNVHREEgdUwgdKCEmFsdC5v +cGVub2ZmaWNlLm9yZ4cEwKgHAYcQABMAAAAAAAAAAAAAAAAAF4EQbXlAb3RoZXIu +YWRkcmVzc4gDKgMEoB4GAyoDBKAXDBVzb21lIG90aGVyIGlkZW50aWZpZXKkWDBW +MQswCQYDVQQGEwJERTEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT +C0RldmVsb3BtZW50MRgwFgYDVQQDEw9Vc2VyIDMyIFJvb3QgMTGGE2h0dHA6Ly9t +eS51cmwuaGVyZS8wDQYJKoZIhvcNAQEFBQADgYEAboDmHoY90mWmF/qALS7chTIF +oWmC4XnR3N5pzZ7wzJB1qUXuc0b+KWnAmbv8OtvAX2nGt+qaY7KOKSylWoiIlHVL +qwpy9jqqXWs6XLabV/XBUa/fPKaKo9pwZmFJEgZ4mJ+8eDxDbQiUqjK288yvDSn+ +lkd9/kphSJARC70PoP0= +-----END CERTIFICATE----- diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/serial b/xmlsecurity/test_docs/CAs/Root_11/demoCA/serial index c7781419a38b..b70608fe859d 100755 --- a/xmlsecurity/test_docs/CAs/Root_11/demoCA/serial +++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/serial @@ -1 +1 @@ -1022 +1023 diff --git a/xmlsecurity/test_docs/CAs/Root_11/openssl.cfg b/xmlsecurity/test_docs/CAs/Root_11/openssl.cfg index 8bf98da50e74..9d98db508b63 100755 --- a/xmlsecurity/test_docs/CAs/Root_11/openssl.cfg +++ b/xmlsecurity/test_docs/CAs/Root_11/openssl.cfg @@ -178,13 +178,16 @@ authorityKeyIdentifier=keyid,issuer # An alternative to produce certificates that aren't # deprecated according to PKIX. # subjectAltName=email:move -subjectAltName=dirName:dn_subjectAlt -# Copy subject details -# issuerAltName=issuer:copy - - -[dn_subjectAlt] -CN=User 14 Root 11 +subjectAltName=DNS:alt.openoffice.org,IP:192.168.7.1,IP:13::17,email:my@other.address,RID:1.2.3.4,otherName:1.2.3.4;UTF8:some other identifier,dirName:dir_sect,URI:http://my.url.here/ +# Copy subject details +# issuerAltName=issuer:copy + + +[dir_sect] +C=DE +O=OpenOffice.org +OU=Development +CN=User 32 Root 11 [ v3_req ] diff --git a/xmlsecurity/test_docs/certs/end_certs/User_35_Root_11.crt b/xmlsecurity/test_docs/certs/end_certs/User_35_Root_11.crt new file mode 100644 index 000000000000..0092d16c7a60 --- /dev/null +++ b/xmlsecurity/test_docs/certs/end_certs/User_35_Root_11.crt @@ -0,0 +1,64 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4130 (0x1022) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11 + Validity + Not Before: Nov 8 10:51:39 2010 GMT + Not After : Nov 8 10:51:39 2011 GMT + Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=User 35 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:9b:36:00:64:f3:ce:93:97:62:19:fa:78:d9:6f: + 92:6a:b9:d2:9a:4e:06:2c:02:52:cd:93:50:84:28: + 19:42:a2:4a:34:e2:cd:e6:b0:39:7a:c8:4d:84:bc: + 71:51:ed:5d:6c:7e:f9:cc:01:5a:4b:73:50:a9:3b: + 5d:ad:cc:89:f7:dc:e0:dd:0a:ff:48:01:a9:34:19: + c0:6a:ee:4b:20:f4:cf:3c:94:c1:ae:88:0f:c9:42: + 1a:a6:47:31:fe:37:04:00:bb:ec:07:5f:cb:ee:70: + c4:c7:7c:6f:ee:03:19:76:de:0b:df:d0:48:91:67: + 55:9b:90:91:f4:ce:56:04:d5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Subject Key Identifier: + 91:47:AC:29:95:5D:EF:72:14:8F:82:45:07:E2:94:49:75:C6:7D:73 + X509v3 Authority Key Identifier: + keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55 + + X509v3 Subject Alternative Name: + DNS:alt.openoffice.org, IP Address:192.168.7.1, IP Address:13:0:0:0:0:0:0:17, email:my@other.address, Registered ID:1.2.3.4, othername:<unsupported>, DirName:/C=DE/O=OpenOffice.org/OU=Development/CN=User 32 Root 11, URI:http://my.url.here/ + Signature Algorithm: sha1WithRSAEncryption + 6e:80:e6:1e:86:3d:d2:65:a6:17:fa:80:2d:2e:dc:85:32:05: + a1:69:82:e1:79:d1:dc:de:69:cd:9e:f0:cc:90:75:a9:45:ee: + 73:46:fe:29:69:c0:99:bb:fc:3a:db:c0:5f:69:c6:b7:ea:9a: + 63:b2:8e:29:2c:a5:5a:88:88:94:75:4b:ab:0a:72:f6:3a:aa: + 5d:6b:3a:5c:b6:9b:57:f5:c1:51:af:df:3c:a6:8a:a3:da:70: + 66:61:49:12:06:78:98:9f:bc:78:3c:43:6d:08:94:aa:32:b6: + f3:cc:af:0d:29:fe:96:47:7d:fe:4a:61:48:90:11:0b:bd:0f: + a0:fd +-----BEGIN CERTIFICATE----- +MIIDajCCAtOgAwIBAgICECIwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx +EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD +VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDExMDgxMDUx +MzlaFw0xMTExMDgxMDUxMzlaMGAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i +dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l +bnQxEDAOBgNVBAMTB1VzZXIgMzUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +AJs2AGTzzpOXYhn6eNlvkmq50ppOBiwCUs2TUIQoGUKiSjTizeawOXrITYS8cVHt +XWx++cwBWktzUKk7Xa3Miffc4N0K/0gBqTQZwGruSyD0zzyUwa6ID8lCGqZHMf43 +BAC77Adfy+5wxMd8b+4DGXbeC9/QSJFnVZuQkfTOVgTVAgMBAAGjggExMIIBLTAL +BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJFHrCmVXe9yFI+CRQfilEl1xn1zMB8GA1Ud +IwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMIHdBgNVHREEgdUwgdKCEmFsdC5v +cGVub2ZmaWNlLm9yZ4cEwKgHAYcQABMAAAAAAAAAAAAAAAAAF4EQbXlAb3RoZXIu +YWRkcmVzc4gDKgMEoB4GAyoDBKAXDBVzb21lIG90aGVyIGlkZW50aWZpZXKkWDBW +MQswCQYDVQQGEwJERTEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT +C0RldmVsb3BtZW50MRgwFgYDVQQDEw9Vc2VyIDMyIFJvb3QgMTGGE2h0dHA6Ly9t +eS51cmwuaGVyZS8wDQYJKoZIhvcNAQEFBQADgYEAboDmHoY90mWmF/qALS7chTIF +oWmC4XnR3N5pzZ7wzJB1qUXuc0b+KWnAmbv8OtvAX2nGt+qaY7KOKSylWoiIlHVL +qwpy9jqqXWs6XLabV/XBUa/fPKaKo9pwZmFJEgZ4mJ+8eDxDbQiUqjK288yvDSn+ +lkd9/kphSJARC70PoP0= +-----END CERTIFICATE----- diff --git a/xmlsecurity/util/makefile.mk b/xmlsecurity/util/makefile.mk index ff5a952fc2e4..de84faa27bcd 100644 --- a/xmlsecurity/util/makefile.mk +++ b/xmlsecurity/util/makefile.mk @@ -81,10 +81,10 @@ SHL2LIBS= \ .IF "$(CRYPTO_ENGINE)" == "mscrypto" SHL2LIBS += \ $(SLB)$/xs_mscrypt.lib -.ELSE +.ENDIF + SHL2LIBS += \ $(SLB)$/xs_nss.lib -.ENDIF .ENDIF @@ -118,19 +118,22 @@ SHL2STDLIBS += $(MOZ_NSS_LIBS) .IF "$(CRYPTO_ENGINE)" == "mscrypto" SHL2STDLIBS+= $(MSCRYPTOLIBS) +# SHL2STDLIBS+= $(XMLSECLIB) $(LIBXML2LIB) $(NSS3LIB) $(NSPR4LIB) $(PLC4LIB) +SHL2STDLIBS+= $(NSS3LIB) $(NSPR4LIB) .ELSE SHL2STDLIBS+= $(NSSCRYPTOLIBS) .ENDIF + SHL2IMPLIB = $(SHL2TARGET) SHL2DEF = $(MISC)$/$(SHL2TARGET).def DEF2NAME = $(SHL2TARGET) .IF "$(CRYPTO_ENGINE)" == "mscrypto" DEF2EXPORTFILE = exports_xsmscrypt.dxp -.ELSE -DEF2EXPORTFILE = exports_xsnss.dxp .ENDIF +DEF2EXPORTFILE = exports_xsnss.dxp + SRSFILELIST= \ $(SRS)$/component.srs \ $(SRS)$/dialogs.srs diff --git a/xmlsecurity/util/xsec_xmlsec.component b/xmlsecurity/util/xsec_xmlsec.component index 9d8a1713f70c..01d69bb61b5d 100644 --- a/xmlsecurity/util/xsec_xmlsec.component +++ b/xmlsecurity/util/xsec_xmlsec.component @@ -32,6 +32,7 @@ <service name="com.sun.star.security.SerialNumberAdapter"/> </implementation> <implementation name="com.sun.star.xml.security.bridge.xmlsec.SEInitializer_NssImpl"> + <service name="com.sun.star.xml.crypto.NSSInitializer"/> <service name="com.sun.star.xml.crypto.SEInitializer"/> </implementation> <implementation name="com.sun.star.xml.security.bridge.xmlsec.SecurityEnvironment_NssImpl"> diff --git a/xmlsecurity/util/xsec_xmlsec.windows.component b/xmlsecurity/util/xsec_xmlsec.windows.component index 43f193a0db31..cb877c20c6f4 100644 --- a/xmlsecurity/util/xsec_xmlsec.windows.component +++ b/xmlsecurity/util/xsec_xmlsec.windows.component @@ -31,6 +31,9 @@ <implementation name="com.sun.star.security.SerialNumberAdapter"> <service name="com.sun.star.security.SerialNumberAdapter"/> </implementation> + <implementation name="com.sun.star.xml.security.bridge.xmlsec.NSSInitializer_NssImpl"> + <service name="com.sun.star.xml.crypto.NSSInitializer"/> + </implementation> <implementation name="com.sun.star.xml.security.bridge.xmlsec.SEInitializer_MSCryptImpl"> <service name="com.sun.star.xml.crypto.SEInitializer"/> </implementation> |