diff options
Diffstat (limited to 'xmlsecurity/source/xmlsec/nss')
18 files changed, 4927 insertions, 0 deletions
diff --git a/xmlsecurity/source/xmlsec/nss/certerrors.h b/xmlsecurity/source/xmlsec/nss/certerrors.h new file mode 100644 index 000000000000..9b9801f21f59 --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/certerrors.h @@ -0,0 +1,384 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2008 by Sun Microsystems, Inc. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * $RCSfile: securityenvironment_nssimpl.cxx,v $ + * $Revision: 1.23 $ + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + + +{SEC_ERROR_IO, "An I/O error occurred during security authorization."}, + +{SEC_ERROR_LIBRARY_FAILURE, "security library failure."}, + +{SEC_ERROR_BAD_DATA, "security library: received bad data."}, + +{SEC_ERROR_OUTPUT_LEN, "security library: output length error."}, + +{SEC_ERROR_INPUT_LEN, "security library has experienced an input length error."}, + +{SEC_ERROR_INVALID_ARGS, "security library: invalid arguments."}, + +{SEC_ERROR_INVALID_ALGORITHM, "security library: invalid algorithm."}, + +{SEC_ERROR_INVALID_AVA, "security library: invalid AVA."}, + +{SEC_ERROR_INVALID_TIME, "Improperly formatted time string."}, + +{SEC_ERROR_BAD_DER, "security library: improperly formatted DER-encoded message."}, + +{SEC_ERROR_BAD_SIGNATURE, "Peer's certificate has an invalid signature."}, + +{SEC_ERROR_EXPIRED_CERTIFICATE, "Peer's Certificate has expired."}, + +{SEC_ERROR_REVOKED_CERTIFICATE, "Peer's Certificate has been revoked."}, + +{SEC_ERROR_UNKNOWN_ISSUER, "Peer's Certificate issuer is not recognized."}, + +{SEC_ERROR_BAD_KEY, "Peer's public key is invalid."}, + +{SEC_ERROR_BAD_PASSWORD, "The security password entered is incorrect."}, + +{SEC_ERROR_RETRY_PASSWORD, "New password entered incorrectly. Please try again."}, + +{SEC_ERROR_NO_NODELOCK, "security library: no nodelock."}, + +{SEC_ERROR_BAD_DATABASE, "security library: bad database."}, + +{SEC_ERROR_NO_MEMORY, "security library: memory allocation failure."}, + +{SEC_ERROR_UNTRUSTED_ISSUER, "Peer's certificate issuer has been marked as not trusted by the user."}, + +{SEC_ERROR_UNTRUSTED_CERT, "Peer's certificate has been marked as not trusted by the user."}, + +{SEC_ERROR_DUPLICATE_CERT, "Certificate already exists in your database."}, + +{SEC_ERROR_DUPLICATE_CERT_NAME, "Downloaded certificate's name duplicates one already in your database."}, + +{SEC_ERROR_ADDING_CERT, "Error adding certificate to database."}, + +{SEC_ERROR_FILING_KEY, "Error refiling the key for this certificate."}, + +{SEC_ERROR_NO_KEY, "The private key for this certificate cannot be found in key database"}, + +{SEC_ERROR_CERT_VALID, "This certificate is valid."}, + +{SEC_ERROR_CERT_NOT_VALID, "This certificate is not valid."}, + +{SEC_ERROR_CERT_NO_RESPONSE, "Cert Library: No Response"}, + +{SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE, "The certificate issuer's certificate has expired. Check your system date and time."}, + +{SEC_ERROR_CRL_EXPIRED, "The CRL for the certificate's issuer has expired. Update it or check your system date and time."}, + +{SEC_ERROR_CRL_BAD_SIGNATURE, "The CRL for the certificate's issuer has an invalid signature."}, + +{SEC_ERROR_CRL_INVALID, "New CRL has an invalid format."}, + +{SEC_ERROR_EXTENSION_VALUE_INVALID, "Certificate extension value is invalid."}, + +{SEC_ERROR_EXTENSION_NOT_FOUND, "Certificate extension not found."}, + +{SEC_ERROR_CA_CERT_INVALID, "Issuer certificate is invalid."}, + +{SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID, "Certificate path length constraint is invalid."}, + +{SEC_ERROR_CERT_USAGES_INVALID, "Certificate usages field is invalid."}, + +{SEC_INTERNAL_ONLY, "**Internal ONLY module**"}, + +{SEC_ERROR_INVALID_KEY, "The key does not support the requested operation."}, + +{SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION, "Certificate contains unknown critical extension."}, + +{SEC_ERROR_OLD_CRL, "New CRL is not later than the current one."}, + +{SEC_ERROR_NO_EMAIL_CERT, "Not encrypted or signed: you do not yet have an email certificate."}, + +{SEC_ERROR_NO_RECIPIENT_CERTS_QUERY, "Not encrypted: you do not have certificates for each of the recipients."}, + +{SEC_ERROR_NOT_A_RECIPIENT, "Cannot decrypt: you are not a recipient, or matching certificate and \ +private key not found."}, + +{SEC_ERROR_PKCS7_KEYALG_MISMATCH, "Cannot decrypt: key encryption algorithm does not match your certificate."}, + +{SEC_ERROR_PKCS7_BAD_SIGNATURE, "Signature verification failed: no signer found, too many signers found, \ +or improper or corrupted data."}, + +{SEC_ERROR_UNSUPPORTED_KEYALG, "Unsupported or unknown key algorithm."}, + +{SEC_ERROR_DECRYPTION_DISALLOWED, "Cannot decrypt: encrypted using a disallowed algorithm or key size."}, + + +/* Fortezza Alerts */ +{XP_SEC_FORTEZZA_BAD_CARD, "Fortezza card has not been properly initialized. \ +Please remove it and return it to your issuer."}, + +{XP_SEC_FORTEZZA_NO_CARD, "No Fortezza cards Found"}, + +{XP_SEC_FORTEZZA_NONE_SELECTED, "No Fortezza card selected"}, + +{XP_SEC_FORTEZZA_MORE_INFO, "Please select a personality to get more info on"}, + +{XP_SEC_FORTEZZA_PERSON_NOT_FOUND, "Personality not found"}, + +{XP_SEC_FORTEZZA_NO_MORE_INFO, "No more information on that Personality"}, + +{XP_SEC_FORTEZZA_BAD_PIN, "Invalid Pin"}, + +{XP_SEC_FORTEZZA_PERSON_ERROR, "Couldn't initialize Fortezza personalities."}, +/* end fortezza alerts. */ + +{SEC_ERROR_NO_KRL, "No KRL for this site's certificate has been found."}, + +{SEC_ERROR_KRL_EXPIRED, "The KRL for this site's certificate has expired."}, + +{SEC_ERROR_KRL_BAD_SIGNATURE, "The KRL for this site's certificate has an invalid signature."}, + +{SEC_ERROR_REVOKED_KEY, "The key for this site's certificate has been revoked."}, + +{SEC_ERROR_KRL_INVALID, "New KRL has an invalid format."}, + +{SEC_ERROR_NEED_RANDOM, "security library: need random data."}, + +{SEC_ERROR_NO_MODULE, "security library: no security module can perform the requested operation."}, + +{SEC_ERROR_NO_TOKEN, "The security card or token does not exist, needs to be initialized, or has been removed."}, + +{SEC_ERROR_READ_ONLY, "security library: read-only database."}, + +{SEC_ERROR_NO_SLOT_SELECTED, "No slot or token was selected."}, + +{SEC_ERROR_CERT_NICKNAME_COLLISION, "A certificate with the same nickname already exists."}, + +{SEC_ERROR_KEY_NICKNAME_COLLISION, "A key with the same nickname already exists."}, + +{SEC_ERROR_SAFE_NOT_CREATED, "error while creating safe object"}, + +{SEC_ERROR_BAGGAGE_NOT_CREATED, "error while creating baggage object"}, + +{XP_JAVA_REMOVE_PRINCIPAL_ERROR, "Couldn't remove the principal"}, + +{XP_JAVA_DELETE_PRIVILEGE_ERROR, "Couldn't delete the privilege"}, + +{XP_JAVA_CERT_NOT_EXISTS_ERROR, "This principal doesn't have a certificate"}, + +{SEC_ERROR_BAD_EXPORT_ALGORITHM, "Required algorithm is not allowed."}, + +{SEC_ERROR_EXPORTING_CERTIFICATES, "Error attempting to export certificates."}, + +{SEC_ERROR_IMPORTING_CERTIFICATES, "Error attempting to import certificates."}, + +{SEC_ERROR_PKCS12_DECODING_PFX, "Unable to import. Decoding error. File not valid."}, + +{SEC_ERROR_PKCS12_INVALID_MAC, "Unable to import. Invalid MAC. Incorrect password or corrupt file."}, + +{SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM, "Unable to import. MAC algorithm not supported."}, + +{SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE, "Unable to import. Only password integrity and privacy modes supported."}, + +{SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE, "Unable to import. File structure is corrupt."}, + +{SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM, "Unable to import. Encryption algorithm not supported."}, + +{SEC_ERROR_PKCS12_UNSUPPORTED_VERSION, "Unable to import. File version not supported."}, + +{SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT, "Unable to import. Incorrect privacy password."}, + +{SEC_ERROR_PKCS12_CERT_COLLISION, "Unable to import. Same nickname already exists in database."}, + +{SEC_ERROR_USER_CANCELLED, "The user pressed cancel."}, + +{SEC_ERROR_PKCS12_DUPLICATE_DATA, "Not imported, already in database."}, + +{SEC_ERROR_MESSAGE_SEND_ABORTED, "Message not sent."}, + +{SEC_ERROR_INADEQUATE_KEY_USAGE, "Certificate key usage inadequate for attempted operation."}, + +{SEC_ERROR_INADEQUATE_CERT_TYPE, "Certificate type not approved for application."}, + +{SEC_ERROR_CERT_ADDR_MISMATCH, "Address in signing certificate does not match address in message headers."}, + +{SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY, "Unable to import. Error attempting to import private key."}, + +{SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN, "Unable to import. Error attempting to import certificate chain."}, + +{SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME, "Unable to export. Unable to locate certificate or key by nickname."}, + +{SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY, "Unable to export. Private Key could not be located and exported."}, + +{SEC_ERROR_PKCS12_UNABLE_TO_WRITE, "Unable to export. Unable to write the export file."}, + +{SEC_ERROR_PKCS12_UNABLE_TO_READ, "Unable to import. Unable to read the import file."}, + +{SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED, "Unable to export. Key database corrupt or deleted."}, + +{SEC_ERROR_KEYGEN_FAIL, "Unable to generate public/private key pair."}, + +{SEC_ERROR_INVALID_PASSWORD, "Password entered is invalid. Please pick a different one."}, + +{SEC_ERROR_RETRY_OLD_PASSWORD, "Old password entered incorrectly. Please try again."}, + +{SEC_ERROR_BAD_NICKNAME, "Certificate nickname already in use."}, + +{SEC_ERROR_NOT_FORTEZZA_ISSUER, "Peer FORTEZZA chain has a non-FORTEZZA Certificate."}, + +{SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY, "A sensitive key cannot be moved to the slot where it is needed."}, + +{SEC_ERROR_JS_INVALID_MODULE_NAME, "Invalid module name."}, + +{SEC_ERROR_JS_INVALID_DLL, "Invalid module path/filename"}, + +{SEC_ERROR_JS_ADD_MOD_FAILURE, "Unable to add module"}, + +{SEC_ERROR_JS_DEL_MOD_FAILURE, "Unable to delete module"}, + +{SEC_ERROR_OLD_KRL, "New KRL is not later than the current one."}, + +{SEC_ERROR_CKL_CONFLICT, "New CKL has different issuer than current CKL. Delete current CKL."}, + +{SEC_ERROR_CERT_NOT_IN_NAME_SPACE, "The Certifying Authority for this certificate is not permitted to issue a \ +certificate with this name."}, + +{SEC_ERROR_KRL_NOT_YET_VALID, "The key revocation list for this certificate is not yet valid."}, + +{SEC_ERROR_CRL_NOT_YET_VALID, "The certificate revocation list for this certificate is not yet valid."}, + +{SEC_ERROR_UNKNOWN_CERT, "The requested certificate could not be found."}, + +{SEC_ERROR_UNKNOWN_SIGNER, "The signer's certificate could not be found."}, + +{SEC_ERROR_CERT_BAD_ACCESS_LOCATION, "The location for the certificate status server has invalid format."}, + +{SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE, "The OCSP response cannot be fully decoded; it is of an unknown type."}, + +{SEC_ERROR_OCSP_BAD_HTTP_RESPONSE, "The OCSP server returned unexpected/invalid HTTP data."}, + +{SEC_ERROR_OCSP_MALFORMED_REQUEST, "The OCSP server found the request to be corrupted or improperly formed."}, + +{SEC_ERROR_OCSP_SERVER_ERROR, "The OCSP server experienced an internal error."}, + +{SEC_ERROR_OCSP_TRY_SERVER_LATER, "The OCSP server suggests trying again later."}, + +{SEC_ERROR_OCSP_REQUEST_NEEDS_SIG, "The OCSP server requires a signature on this request."}, + +{SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST, "The OCSP server has refused this request as unauthorized."}, + +{SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS, "The OCSP server returned an unrecognizable status."}, + +{SEC_ERROR_OCSP_UNKNOWN_CERT, "The OCSP server has no status for the certificate."}, + +{SEC_ERROR_OCSP_NOT_ENABLED, "You must enable OCSP before performing this operation."}, + +{SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER, "You must set the OCSP default responder before performing this operation."}, + +{SEC_ERROR_OCSP_MALFORMED_RESPONSE, "The response from the OCSP server was corrupted or improperly formed."}, + +{SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE, "The signer of the OCSP response is not authorized to give status for \ +this certificate."}, + +{SEC_ERROR_OCSP_FUTURE_RESPONSE, "The OCSP response is not yet valid (contains a date in the future},."}, + +{SEC_ERROR_OCSP_OLD_RESPONSE, "The OCSP response contains out-of-date information."}, + +{SEC_ERROR_DIGEST_NOT_FOUND, "The CMS or PKCS #7 Digest was not found in signed message."}, + +{SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE, "The CMS or PKCS #7 Message type is unsupported."}, + +{SEC_ERROR_MODULE_STUCK, "PKCS #11 module could not be removed because it is still in use."}, + +{SEC_ERROR_BAD_TEMPLATE, "Could not decode ASN.1 data. Specified template was invalid."}, + +{SEC_ERROR_CRL_NOT_FOUND, "No matching CRL was found."}, + +{SEC_ERROR_REUSED_ISSUER_AND_SERIAL, "You are attempting to import a cert with the same issuer/serial as \ +an existing cert, but that is not the same cert."}, + +{SEC_ERROR_BUSY, "NSS could not shutdown. Objects are still in use."}, + +{SEC_ERROR_EXTRA_INPUT, "DER-encoded message contained extra unused data."}, + +{SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE, "Unsupported elliptic curve."}, + +{SEC_ERROR_UNSUPPORTED_EC_POINT_FORM, "Unsupported elliptic curve point form."}, + +{SEC_ERROR_UNRECOGNIZED_OID, "Unrecognized Object Identifier."}, + +{SEC_ERROR_OCSP_INVALID_SIGNING_CERT, "Invalid OCSP signing certificate in OCSP response."}, + +{SEC_ERROR_REVOKED_CERTIFICATE_CRL, "Certificate is revoked in issuer's certificate revocation list."}, + +{SEC_ERROR_REVOKED_CERTIFICATE_OCSP, "Issuer's OCSP responder reports certificate is revoked."}, + +{SEC_ERROR_CRL_INVALID_VERSION, "Issuer's Certificate Revocation List has an unknown version number."}, + +{SEC_ERROR_CRL_V1_CRITICAL_EXTENSION, "Issuer's V1 Certificate Revocation List has a critical extension."}, + +{SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION, "Issuer's V2 Certificate Revocation List has an unknown critical extension."}, + +{SEC_ERROR_UNKNOWN_OBJECT_TYPE, "Unknown object type specified."}, + +{SEC_ERROR_INCOMPATIBLE_PKCS11, "PKCS #11 driver violates the spec in an incompatible way."}, + +{SEC_ERROR_NO_EVENT, "No new slot event is available at this time."}, + +{SEC_ERROR_CRL_ALREADY_EXISTS, "CRL already exists."}, + +{SEC_ERROR_NOT_INITIALIZED, "NSS is not initialized."}, + +{SEC_ERROR_TOKEN_NOT_LOGGED_IN, "The operation failed because the PKCS#11 token is not logged in."}, + +{SEC_ERROR_OCSP_RESPONDER_CERT_INVALID, "Configured OCSP responder's certificate is invalid."}, + +{SEC_ERROR_OCSP_BAD_SIGNATURE, "OCSP response has an invalid signature."}, + +{SEC_ERROR_OUT_OF_SEARCH_LIMITS, "Cert validation search is out of search limits"}, + +{SEC_ERROR_INVALID_POLICY_MAPPING, "Policy mapping contains anypolicy"}, + +{SEC_ERROR_POLICY_VALIDATION_FAILED, "Cert chain fails policy validation"}, + +{SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE, "Unknown location type in cert AIA extension"}, + +{SEC_ERROR_BAD_HTTP_RESPONSE, "Server returned bad HTTP response"}, + +{SEC_ERROR_BAD_LDAP_RESPONSE, "Server returned bad LDAP response"}, + +{SEC_ERROR_FAILED_TO_ENCODE_DATA, "Failed to encode data with ASN1 encoder"}, + +{SEC_ERROR_BAD_INFO_ACCESS_LOCATION, "Bad information access location in cert extension"}, + +{SEC_ERROR_LIBPKIX_INTERNAL, "Libpkix internal error occured during cert validation."}, + +{SEC_ERROR_PKCS11_GENERAL_ERROR, "A PKCS #11 module returned CKR_GENERAL_ERROR, indicating that an unrecoverable error has occurred."}, + +{SEC_ERROR_PKCS11_FUNCTION_FAILED, "A PKCS #11 module returned CKR_FUNCTION_FAILED, indicating that the requested function could not be performed. Trying the same operation again might succeed."}, + +{SEC_ERROR_PKCS11_DEVICE_ERROR, "A PKCS #11 module returned CKR_DEVICE_ERROR, indicating that a problem has occurred with the token or slot."}, + +{SEC_ERROR_BAD_INFO_ACCESS_METHOD, "Unknown information access method in certificate extension."}, + +{SEC_ERROR_CRL_IMPORT_FAILED, "Error attempting to import a CRL."}, + diff --git a/xmlsecurity/source/xmlsec/nss/makefile.mk b/xmlsecurity/source/xmlsec/nss/makefile.mk new file mode 100644 index 000000000000..227b6de88477 --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/makefile.mk @@ -0,0 +1,142 @@ +#************************************************************************* +# +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# Copyright 2000, 2010 Oracle and/or its affiliates. +# +# OpenOffice.org - a multi-platform office productivity suite +# +# This file is part of OpenOffice.org. +# +# OpenOffice.org is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License version 3 +# only, as published by the Free Software Foundation. +# +# OpenOffice.org is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License version 3 for more details +# (a copy is included in the LICENSE file that accompanied this code). +# +# You should have received a copy of the GNU Lesser General Public License +# version 3 along with OpenOffice.org. If not, see +# <http://www.openoffice.org/license.html> +# for a copy of the LGPLv3 License. +# +#************************************************************************* + +PRJ=..$/..$/.. + +PRJNAME = xmlsecurity +TARGET = xs_nss + +ENABLE_EXCEPTIONS = TRUE + +# --- Settings ----------------------------------------------------- + +.INCLUDE : settings.mk +.INCLUDE : $(PRJ)$/util$/target.pmk + +.IF "$(SYSTEM_LIBXML)" == "YES" +CFLAGS+=-DSYSTEM_LIBXML $(LIBXML_CFLAGS) +.ENDIF + +.IF "$(CRYPTO_ENGINE)" != "nss" +LIBTARGET=NO +.ENDIF + +.IF "$(CRYPTO_ENGINE)" == "nss" + +.IF "$(WITH_MOZILLA)" == "NO" || "$(ENABLE_NSS_MODULE)"!="YES" +.IF "$(SYSTEM_MOZILLA)" != "YES" +@all: + @echo "No mozilla -> no nss -> no libxmlsec -> no xmlsecurity/nss" +.ENDIF +.ENDIF + +.IF "$(SYSTEM_MOZILLA)" != "YES" +MOZ_INC = $(SOLARVERSION)$/$(INPATH)$/inc$(UPDMINOREXT)$/mozilla +NSS_INC = $(MOZ_INC)$/nss +NSPR_INC = $(MOZ_INC)$/nspr +.ELSE +# MOZ_INC already defined from environment +NSS_INC = $(MOZ_NSS_CFLAGS) +NSPR_INC = $(MOZ_INC)$/nspr +.ENDIF + +.IF "$(GUI)"=="UNX" +.IF "$(COMNAME)"=="sunpro5" +CFLAGS += -features=tmplife +#This flag is needed to build mozilla 1.7 code +.ENDIF # "$(COMNAME)"=="sunpro5" +.ENDIF + +.IF "$(GUI)" == "WNT" +.IF "$(DBG_LEVEL)" == "0" +INCPRE += \ +-I$(MOZ_INC)$/profile \ +-I$(MOZ_INC)$/string \ +-I$(MOZ_INC)$/embed_base +CFLAGS += -GR- -W3 -Gy -MD -UDEBUG +.ELSE +INCPRE += \ +-I$(MOZ_INC)$/profile \ +-I$(MOZ_INC)$/string \ +-I$(MOZ_INC)$/embed_base +CFLAGS += -Zi -GR- -W3 -Gy -MDd -UNDEBUG +.ENDIF +.ENDIF +.IF "$(GUI)" == "UNX" +INCPOST += \ +$(MOZ_INC)$/profile \ +-I$(MOZ_INC)$/string \ +-I$(MOZ_INC)$/embed_base +#.IF "$(OS)" == "LINUX" +#CFLAGS += -fPIC -g +#CFLAGSCXX += \ +# -fno-rtti -Wall -Wconversion -Wpointer-arith \ +# -Wbad-function-cast -Wcast-align -Woverloaded-virtual -Wsynth \ +# -Wno-long-long -pthread +#CDEFS += -DTRACING +#.ELIF "$(OS)" == "NETBSD" +#CFLAGS += -fPIC +#CFLAGSCXX += \ +# -fno-rtti -Wall -Wconversion -Wpointer-arith \ +# -Wbad-function-cast -Wcast-align -Woverloaded-virtual -Wsynth \ +# -Wno-long-long +#CDEFS += -DTRACING +#.ENDIF +.ENDIF + +CDEFS += -DXMLSEC_CRYPTO_NSS -DXMLSEC_NO_XSLT + +# --- Files -------------------------------------------------------- + +SOLARINC += \ + -I$(MOZ_INC) \ +-I$(NSPR_INC) \ +-I$(PRJ)$/source$/xmlsec + +.IF "$(SYSTEM_MOZILLA)" == "YES" +SOLARINC += -DSYSTEM_MOZILLA $(NSS_INC) +.ELSE +SOLARINC += -I$(NSS_INC) +.ENDIF + +SLOFILES = \ + $(SLO)$/securityenvironment_nssimpl.obj \ + $(SLO)$/xmlencryption_nssimpl.obj \ + $(SLO)$/xmlsecuritycontext_nssimpl.obj \ + $(SLO)$/xmlsignature_nssimpl.obj \ + $(SLO)$/x509certificate_nssimpl.obj \ + $(SLO)$/seinitializer_nssimpl.obj \ + $(SLO)$/xsec_nss.obj \ + $(SLO)$/secerror.obj + + + +.ENDIF + +# --- Targets ------------------------------------------------------ + +.INCLUDE : target.mk diff --git a/xmlsecurity/source/xmlsec/nss/nssrenam.h b/xmlsecurity/source/xmlsec/nss/nssrenam.h new file mode 100644 index 000000000000..1742e1492d35 --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/nssrenam.h @@ -0,0 +1,49 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 2001 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +#ifndef __nssrenam_h_ +#define __nssrenam_h_ + +#define CERT_NewTempCertificate __CERT_NewTempCertificate +#define PK11_CreateContextByRawKey __PK11_CreateContextByRawKey +#define PK11_GetKeyData __PK11_GetKeyData +#define nss_InitLock __nss_InitLock +#define CERT_ClosePermCertDB __CERT_ClosePermCertDB +#define CERT_DecodeDERCertificate __CERT_DecodeDERCertificate +#define CERT_TraversePermCertsForNickname __CERT_TraversePermCertsForNickname +#define CERT_TraversePermCertsForSubject __CERT_TraversePermCertsForSubject +#define PBE_CreateContext __PBE_CreateContext +#define PBE_DestroyContext __PBE_DestroyContext +#define PBE_GenerateBits __PBE_GenerateBits + +#endif /* __nssrenam_h_ */ diff --git a/xmlsecurity/source/xmlsec/nss/secerror.cxx b/xmlsecurity/source/xmlsec/nss/secerror.cxx new file mode 100644 index 000000000000..4a9ee3622bc4 --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/secerror.cxx @@ -0,0 +1,165 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2008 by Sun Microsystems, Inc. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * $RCSfile: securityenvironment_nssimpl.cxx,v $ + * $Revision: 1.23 $ + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + + +#include "secerr.h" +#include "sslerr.h" +#include "nspr.h" +#include "certt.h" + +#include "../diagnose.hxx" + +using namespace xmlsecurity; + +struct ErrDesc { + PRErrorCode errNum; + const char * errString; +}; + + + +const ErrDesc allDesc[] = { + +#include "certerrors.h" + +}; + + + +/* Returns a UTF-8 encoded constant error string for "errNum". + * Returns NULL of errNum is unknown. + */ +const char * +getCertError(PRErrorCode errNum) +{ + static char sEmpty[] = ""; + const int numDesc = sizeof(allDesc) / sizeof(ErrDesc); + for (int i = 0; i < numDesc; i++) + { + if (allDesc[i].errNum == errNum) + return allDesc[i].errString; + } + + return sEmpty; +} + +void +printChainFailure(CERTVerifyLog *log) +{ + unsigned long errorFlags = 0; + unsigned int depth = (unsigned int)-1; + const char * specificError = NULL; + const char * issuer = NULL; + CERTVerifyLogNode *node = NULL; + + if (log->count > 0) + { + xmlsec_trace("Bad certifcation path:"); + for (node = log->head; node; node = node->next) + { + if (depth != node->depth) + { + depth = node->depth; + xmlsec_trace("Certificate: %d. %s %s:", depth, + node->cert->subjectName, + depth ? "[Certificate Authority]": ""); + } + xmlsec_trace(" ERROR %ld: %s", node->error, + getCertError(node->error)); + specificError = NULL; + issuer = NULL; + switch (node->error) + { + case SEC_ERROR_INADEQUATE_KEY_USAGE: + errorFlags = (unsigned long)node->arg; + switch (errorFlags) + { + case KU_DIGITAL_SIGNATURE: + specificError = "Certificate cannot sign."; + break; + case KU_KEY_ENCIPHERMENT: + specificError = "Certificate cannot encrypt."; + break; + case KU_KEY_CERT_SIGN: + specificError = "Certificate cannot sign other certs."; + break; + default: + specificError = "[unknown usage]."; + break; + } + case SEC_ERROR_INADEQUATE_CERT_TYPE: + errorFlags = (unsigned long)node->arg; + switch (errorFlags) + { + case NS_CERT_TYPE_SSL_CLIENT: + case NS_CERT_TYPE_SSL_SERVER: + specificError = "Certificate cannot be used for SSL."; + break; + case NS_CERT_TYPE_SSL_CA: + specificError = "Certificate cannot be used as an SSL CA."; + break; + case NS_CERT_TYPE_EMAIL: + specificError = "Certificate cannot be used for SMIME."; + break; + case NS_CERT_TYPE_EMAIL_CA: + specificError = "Certificate cannot be used as an SMIME CA."; + break; + case NS_CERT_TYPE_OBJECT_SIGNING: + specificError = "Certificate cannot be used for object signing."; + break; + case NS_CERT_TYPE_OBJECT_SIGNING_CA: + specificError = "Certificate cannot be used as an object signing CA."; + break; + default: + specificError = "[unknown usage]."; + break; + } + case SEC_ERROR_UNKNOWN_ISSUER: + specificError = "Unknown issuer:"; + issuer = node->cert->issuerName; + break; + case SEC_ERROR_UNTRUSTED_ISSUER: + specificError = "Untrusted issuer:"; + issuer = node->cert->issuerName; + break; + case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: + specificError = "Expired issuer certificate:"; + issuer = node->cert->issuerName; + break; + default: + break; + } + if (specificError) + xmlsec_trace("%s", specificError); + if (issuer) + xmlsec_trace("%s", issuer); + } + } +} diff --git a/xmlsecurity/source/xmlsec/nss/secerror.hxx b/xmlsecurity/source/xmlsec/nss/secerror.hxx new file mode 100644 index 000000000000..732fef5fd03e --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/secerror.hxx @@ -0,0 +1,40 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2008 by Sun Microsystems, Inc. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * $RCSfile: securityenvironment_nssimpl.hxx,v $ + * $Revision: 1.9 $ + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +#ifndef _XSECERROR_HXX_ +#define _XSECERROR_HXX_ + +const char * +getCertError(PRErrorCode errNum); + +void +printChainFailure(CERTVerifyLog *log); +#endif // _XSECERROR_HXX_ + diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx new file mode 100644 index 000000000000..f004d0195f88 --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx @@ -0,0 +1,1148 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + + +// MARKER(update_precomp.py): autogen include statement, do not remove +#include "precompiled_xmlsecurity.hxx" + +//todo before commit: nssrenam.h is not delivered!!! +#include "nssrenam.h" +#include "cert.h" +#include "secerr.h" +#include "ocsp.h" + +#include <sal/config.h> +#include "securityenvironment_nssimpl.hxx" +#include "x509certificate_nssimpl.hxx" +#include <rtl/uuid.h> +#include "../diagnose.hxx" + +#include <sal/types.h> +//For reasons that escape me, this is what xmlsec does when size_t is not 4 +#if SAL_TYPES_SIZEOFPOINTER != 4 +# define XMLSEC_NO_SIZE_T +#endif +#include <xmlsec/xmlsec.h> +#include <xmlsec/keysmngr.h> +#include <xmlsec/crypto.h> +#include <xmlsec/base64.h> +#include <xmlsec/strings.h> + +#include <tools/string.hxx> +#include <rtl/ustrbuf.hxx> +#include <comphelper/processfactory.hxx> +#include <cppuhelper/servicefactory.hxx> +#include <comphelper/docpasswordrequest.hxx> +#include <xmlsecurity/biginteger.hxx> +#include <rtl/logfile.h> +#include <com/sun/star/task/XInteractionHandler.hpp> +#include <vector> +#include "boost/scoped_array.hpp" + +#include "secerror.hxx" + +// MM : added for password exception +#include <com/sun/star/security/NoPasswordException.hpp> +namespace csss = ::com::sun::star::security; +using namespace xmlsecurity; +using namespace ::com::sun::star::security; +using namespace com::sun::star; +using namespace ::com::sun::star::uno ; +using namespace ::com::sun::star::lang ; +using ::com::sun::star::lang::XMultiServiceFactory ; +using ::com::sun::star::lang::XSingleServiceFactory ; +using ::rtl::OUString ; + +using ::com::sun::star::xml::crypto::XSecurityEnvironment ; +using ::com::sun::star::security::XCertificate ; + +extern X509Certificate_NssImpl* NssCertToXCert( CERTCertificate* cert ) ; +extern X509Certificate_NssImpl* NssPrivKeyToXCert( SECKEYPrivateKey* ) ; + + +struct UsageDescription +{ + SECCertificateUsage usage; + char const * const description; +}; + + + +char* GetPasswordFunction( PK11SlotInfo* pSlot, PRBool bRetry, void* /*arg*/ ) +{ + uno::Reference< lang::XMultiServiceFactory > xMSF( ::comphelper::getProcessServiceFactory() ); + if ( xMSF.is() ) + { + uno::Reference < task::XInteractionHandler > xInteractionHandler( + xMSF->createInstance( rtl::OUString::createFromAscii("com.sun.star.task.InteractionHandler") ), uno::UNO_QUERY ); + + if ( xInteractionHandler.is() ) + { + task::PasswordRequestMode eMode = bRetry ? task::PasswordRequestMode_PASSWORD_REENTER : task::PasswordRequestMode_PASSWORD_ENTER; + ::comphelper::DocPasswordRequest* pPasswordRequest = new ::comphelper::DocPasswordRequest( + ::comphelper::DocPasswordRequestType_STANDARD, eMode, ::rtl::OUString::createFromAscii(PK11_GetTokenName(pSlot)) ); + + uno::Reference< task::XInteractionRequest > xRequest( pPasswordRequest ); + xInteractionHandler->handle( xRequest ); + + if ( pPasswordRequest->isPassword() ) + { + ByteString aPassword = ByteString( String( pPasswordRequest->getPassword() ), gsl_getSystemTextEncoding() ); + sal_uInt16 nLen = aPassword.Len(); + char* pPassword = (char*) PORT_Alloc( nLen+1 ) ; + pPassword[nLen] = 0; + memcpy( pPassword, aPassword.GetBuffer(), nLen ); + return pPassword; + } + } + } + return NULL; +} + +SecurityEnvironment_NssImpl :: SecurityEnvironment_NssImpl( const Reference< XMultiServiceFactory >& ) : +m_pHandler( NULL ) , m_tSymKeyList() , m_tPubKeyList() , m_tPriKeyList() { + + PK11_SetPasswordFunc( GetPasswordFunction ) ; +} + +SecurityEnvironment_NssImpl :: ~SecurityEnvironment_NssImpl() { + + PK11_SetPasswordFunc( NULL ) ; + + for (CIT_SLOTS i = m_Slots.begin(); i != m_Slots.end(); i++) + { + PK11_FreeSlot(*i); + } + + if( !m_tSymKeyList.empty() ) { + std::list< PK11SymKey* >::iterator symKeyIt ; + + for( symKeyIt = m_tSymKeyList.begin() ; symKeyIt != m_tSymKeyList.end() ; symKeyIt ++ ) + PK11_FreeSymKey( *symKeyIt ) ; + } + + if( !m_tPubKeyList.empty() ) { + std::list< SECKEYPublicKey* >::iterator pubKeyIt ; + + for( pubKeyIt = m_tPubKeyList.begin() ; pubKeyIt != m_tPubKeyList.end() ; pubKeyIt ++ ) + SECKEY_DestroyPublicKey( *pubKeyIt ) ; + } + + if( !m_tPriKeyList.empty() ) { + std::list< SECKEYPrivateKey* >::iterator priKeyIt ; + + for( priKeyIt = m_tPriKeyList.begin() ; priKeyIt != m_tPriKeyList.end() ; priKeyIt ++ ) + SECKEY_DestroyPrivateKey( *priKeyIt ) ; + } +} + +/* XInitialization */ +void SAL_CALL SecurityEnvironment_NssImpl :: initialize( const Sequence< Any >& ) throw( Exception, RuntimeException ) { + // TBD +} ; + +/* XServiceInfo */ +OUString SAL_CALL SecurityEnvironment_NssImpl :: getImplementationName() throw( RuntimeException ) { + return impl_getImplementationName() ; +} + +/* XServiceInfo */ +sal_Bool SAL_CALL SecurityEnvironment_NssImpl :: supportsService( const OUString& serviceName) throw( RuntimeException ) { + Sequence< OUString > seqServiceNames = getSupportedServiceNames() ; + const OUString* pArray = seqServiceNames.getConstArray() ; + for( sal_Int32 i = 0 ; i < seqServiceNames.getLength() ; i ++ ) { + if( *( pArray + i ) == serviceName ) + return sal_True ; + } + return sal_False ; +} + +/* XServiceInfo */ +Sequence< OUString > SAL_CALL SecurityEnvironment_NssImpl :: getSupportedServiceNames() throw( RuntimeException ) { + return impl_getSupportedServiceNames() ; +} + +//Helper for XServiceInfo +Sequence< OUString > SecurityEnvironment_NssImpl :: impl_getSupportedServiceNames() { + ::osl::Guard< ::osl::Mutex > aGuard( ::osl::Mutex::getGlobalMutex() ) ; + Sequence< OUString > seqServiceNames( 1 ) ; + seqServiceNames.getArray()[0] = OUString::createFromAscii( "com.sun.star.xml.crypto.SecurityEnvironment" ) ; + return seqServiceNames ; +} + +OUString SecurityEnvironment_NssImpl :: impl_getImplementationName() throw( RuntimeException ) { + return OUString::createFromAscii( "com.sun.star.xml.security.bridge.xmlsec.SecurityEnvironment_NssImpl" ) ; +} + +//Helper for registry +Reference< XInterface > SAL_CALL SecurityEnvironment_NssImpl :: impl_createInstance( const Reference< XMultiServiceFactory >& aServiceManager ) throw( RuntimeException ) { + return Reference< XInterface >( *new SecurityEnvironment_NssImpl( aServiceManager ) ) ; +} + +Reference< XSingleServiceFactory > SecurityEnvironment_NssImpl :: impl_createFactory( const Reference< XMultiServiceFactory >& aServiceManager ) { + //Reference< XSingleServiceFactory > xFactory ; + //xFactory = ::cppu::createSingleFactory( aServiceManager , impl_getImplementationName , impl_createInstance , impl_getSupportedServiceNames ) ; + //return xFactory ; + return ::cppu::createSingleFactory( aServiceManager , impl_getImplementationName() , impl_createInstance , impl_getSupportedServiceNames() ) ; +} + +/* XUnoTunnel */ +sal_Int64 SAL_CALL SecurityEnvironment_NssImpl :: getSomething( const Sequence< sal_Int8 >& aIdentifier ) + throw( RuntimeException ) +{ + if( aIdentifier.getLength() == 16 && 0 == rtl_compareMemory( getUnoTunnelId().getConstArray(), aIdentifier.getConstArray(), 16 ) ) { + return sal::static_int_cast<sal_Int64>(reinterpret_cast<sal_uIntPtr>(this)); + } + return 0 ; +} + +/* XUnoTunnel extension */ +const Sequence< sal_Int8>& SecurityEnvironment_NssImpl :: getUnoTunnelId() { + static Sequence< sal_Int8 >* pSeq = 0 ; + if( !pSeq ) { + ::osl::Guard< ::osl::Mutex > aGuard( ::osl::Mutex::getGlobalMutex() ) ; + if( !pSeq ) { + static Sequence< sal_Int8> aSeq( 16 ) ; + rtl_createUuid( ( sal_uInt8* )aSeq.getArray() , 0 , sal_True ) ; + pSeq = &aSeq ; + } + } + return *pSeq ; +} + +/* XUnoTunnel extension */ +SecurityEnvironment_NssImpl* SecurityEnvironment_NssImpl :: getImplementation( const Reference< XInterface > xObj ) { + Reference< XUnoTunnel > xUT( xObj , UNO_QUERY ) ; + if( xUT.is() ) { + return reinterpret_cast<SecurityEnvironment_NssImpl*>( + sal::static_int_cast<sal_uIntPtr>(xUT->getSomething( getUnoTunnelId() ))) ; + } else + return NULL ; +} + + +::rtl::OUString SecurityEnvironment_NssImpl::getSecurityEnvironmentInformation() throw( ::com::sun::star::uno::RuntimeException ) +{ + rtl::OUString result; + ::rtl::OUStringBuffer buff; + for (CIT_SLOTS is = m_Slots.begin(); is != m_Slots.end(); is++) + { + buff.append(rtl::OUString::createFromAscii(PK11_GetTokenName(*is))); + buff.appendAscii("\n"); + } + return buff.makeStringAndClear(); +} + +void SecurityEnvironment_NssImpl::addCryptoSlot( PK11SlotInfo* aSlot) throw( Exception , RuntimeException ) +{ + PK11_ReferenceSlot(aSlot); + m_Slots.push_back(aSlot); +} + +CERTCertDBHandle* SecurityEnvironment_NssImpl :: getCertDb() throw( Exception , RuntimeException ) { + return m_pHandler ; +} + +//Could we have multiple cert dbs? +void SecurityEnvironment_NssImpl :: setCertDb( CERTCertDBHandle* aCertDb ) throw( Exception , RuntimeException ) { + m_pHandler = aCertDb ; +} + +void SecurityEnvironment_NssImpl :: adoptSymKey( PK11SymKey* aSymKey ) throw( Exception , RuntimeException ) { + PK11SymKey* symkey ; + std::list< PK11SymKey* >::iterator keyIt ; + + if( aSymKey != NULL ) { + //First try to find the key in the list + for( keyIt = m_tSymKeyList.begin() ; keyIt != m_tSymKeyList.end() ; keyIt ++ ) { + if( *keyIt == aSymKey ) + return ; + } + + //If we do not find the key in the list, add a new node + symkey = PK11_ReferenceSymKey( aSymKey ) ; + if( symkey == NULL ) + throw RuntimeException() ; + + try { + m_tSymKeyList.push_back( symkey ) ; + } catch ( Exception& ) { + PK11_FreeSymKey( symkey ) ; + } + } +} + +void SecurityEnvironment_NssImpl :: rejectSymKey( PK11SymKey* aSymKey ) throw( Exception , RuntimeException ) { + PK11SymKey* symkey ; + std::list< PK11SymKey* >::iterator keyIt ; + + if( aSymKey != NULL ) { + for( keyIt = m_tSymKeyList.begin() ; keyIt != m_tSymKeyList.end() ; keyIt ++ ) { + if( *keyIt == aSymKey ) { + symkey = *keyIt ; + PK11_FreeSymKey( symkey ) ; + m_tSymKeyList.erase( keyIt ) ; + break ; + } + } + } +} + +PK11SymKey* SecurityEnvironment_NssImpl :: getSymKey( unsigned int position ) throw( Exception , RuntimeException ) { + PK11SymKey* symkey ; + std::list< PK11SymKey* >::iterator keyIt ; + unsigned int pos ; + + symkey = NULL ; + for( pos = 0, keyIt = m_tSymKeyList.begin() ; pos < position && keyIt != m_tSymKeyList.end() ; pos ++ , keyIt ++ ) ; + + if( pos == position && keyIt != m_tSymKeyList.end() ) + symkey = *keyIt ; + + return symkey ; +} + +void SecurityEnvironment_NssImpl :: adoptPubKey( SECKEYPublicKey* aPubKey ) throw( Exception , RuntimeException ) { + SECKEYPublicKey* pubkey ; + std::list< SECKEYPublicKey* >::iterator keyIt ; + + if( aPubKey != NULL ) { + //First try to find the key in the list + for( keyIt = m_tPubKeyList.begin() ; keyIt != m_tPubKeyList.end() ; keyIt ++ ) { + if( *keyIt == aPubKey ) + return ; + } + + //If we do not find the key in the list, add a new node + pubkey = SECKEY_CopyPublicKey( aPubKey ) ; + if( pubkey == NULL ) + throw RuntimeException() ; + + try { + m_tPubKeyList.push_back( pubkey ) ; + } catch ( Exception& ) { + SECKEY_DestroyPublicKey( pubkey ) ; + } + } +} + +void SecurityEnvironment_NssImpl :: rejectPubKey( SECKEYPublicKey* aPubKey ) throw( Exception , RuntimeException ) { + SECKEYPublicKey* pubkey ; + std::list< SECKEYPublicKey* >::iterator keyIt ; + + if( aPubKey != NULL ) { + for( keyIt = m_tPubKeyList.begin() ; keyIt != m_tPubKeyList.end() ; keyIt ++ ) { + if( *keyIt == aPubKey ) { + pubkey = *keyIt ; + SECKEY_DestroyPublicKey( pubkey ) ; + m_tPubKeyList.erase( keyIt ) ; + break ; + } + } + } +} + +SECKEYPublicKey* SecurityEnvironment_NssImpl :: getPubKey( unsigned int position ) throw( Exception , RuntimeException ) { + SECKEYPublicKey* pubkey ; + std::list< SECKEYPublicKey* >::iterator keyIt ; + unsigned int pos ; + + pubkey = NULL ; + for( pos = 0, keyIt = m_tPubKeyList.begin() ; pos < position && keyIt != m_tPubKeyList.end() ; pos ++ , keyIt ++ ) ; + + if( pos == position && keyIt != m_tPubKeyList.end() ) + pubkey = *keyIt ; + + return pubkey ; +} + +void SecurityEnvironment_NssImpl :: adoptPriKey( SECKEYPrivateKey* aPriKey ) throw( Exception , RuntimeException ) { + SECKEYPrivateKey* prikey ; + std::list< SECKEYPrivateKey* >::iterator keyIt ; + + if( aPriKey != NULL ) { + //First try to find the key in the list + for( keyIt = m_tPriKeyList.begin() ; keyIt != m_tPriKeyList.end() ; keyIt ++ ) { + if( *keyIt == aPriKey ) + return ; + } + + //If we do not find the key in the list, add a new node + prikey = SECKEY_CopyPrivateKey( aPriKey ) ; + if( prikey == NULL ) + throw RuntimeException() ; + + try { + m_tPriKeyList.push_back( prikey ) ; + } catch ( Exception& ) { + SECKEY_DestroyPrivateKey( prikey ) ; + } + } +} + +void SecurityEnvironment_NssImpl :: rejectPriKey( SECKEYPrivateKey* aPriKey ) throw( Exception , RuntimeException ) { + SECKEYPrivateKey* prikey ; + std::list< SECKEYPrivateKey* >::iterator keyIt ; + + if( aPriKey != NULL ) { + for( keyIt = m_tPriKeyList.begin() ; keyIt != m_tPriKeyList.end() ; keyIt ++ ) { + if( *keyIt == aPriKey ) { + prikey = *keyIt ; + SECKEY_DestroyPrivateKey( prikey ) ; + m_tPriKeyList.erase( keyIt ) ; + break ; + } + } + } +} + +SECKEYPrivateKey* SecurityEnvironment_NssImpl :: getPriKey( unsigned int position ) throw( ::com::sun::star::uno::Exception , ::com::sun::star::uno::RuntimeException ) { + SECKEYPrivateKey* prikey ; + std::list< SECKEYPrivateKey* >::iterator keyIt ; + unsigned int pos ; + + prikey = NULL ; + for( pos = 0, keyIt = m_tPriKeyList.begin() ; pos < position && keyIt != m_tPriKeyList.end() ; pos ++ , keyIt ++ ) ; + + if( pos == position && keyIt != m_tPriKeyList.end() ) + prikey = *keyIt ; + + return prikey ; +} + +void SecurityEnvironment_NssImpl::updateSlots() +{ + //In case new tokens are present then we can obtain the corresponding slot + PK11SlotList * soltList = NULL; + PK11SlotListElement * soltEle = NULL; + PK11SlotInfo * pSlot = NULL; + PK11SymKey * pSymKey = NULL; + + osl::MutexGuard guard(m_mutex); + + m_Slots.clear(); + m_tSymKeyList.clear(); + + soltList = PK11_GetAllTokens( CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, NULL ) ; + if( soltList != NULL ) + { + for( soltEle = soltList->head ; soltEle != NULL; soltEle = soltEle->next ) + { + pSlot = soltEle->slot ; + + if(pSlot != NULL) + { + RTL_LOGFILE_TRACE2( "XMLSEC: Found a slot: SlotName=%s, TokenName=%s", PK11_GetSlotName(pSlot), PK11_GetTokenName(pSlot) ); + +//The following code which is commented out checks if a slot, that is a smart card for example, is +// able to generate a symmetric key of type CKM_DES3_CBC. If this fails then this token +// will not be used. This key is possibly used for the encryption service. However, all +// interfaces and services used for public key signature and encryption are not published +// and the encryption is not used in OOo. Therefore it does not do any harm to remove +// this code, hence allowing smart cards which cannot generate this type of key. +// +// By doing this, the encryption may fail if a smart card is being used which does not +// support this key generation. +// + pSymKey = PK11_KeyGen( pSlot , CKM_DES3_CBC, NULL, 128, NULL ) ; +// if( pSymKey == NULL ) +// { +// PK11_FreeSlot( pSlot ) ; +// RTL_LOGFILE_TRACE( "XMLSEC: Error - pSymKey is NULL" ); +// continue; +// } + addCryptoSlot(pSlot); + PK11_FreeSlot( pSlot ) ; + pSlot = NULL; + + if (pSymKey != NULL) + { + adoptSymKey( pSymKey ) ; + PK11_FreeSymKey( pSymKey ) ; + pSymKey = NULL; + } + + }// end of if(pSlot != NULL) + }// end of for + }// end of if( soltList != NULL ) + +} + + +Sequence< Reference < XCertificate > > +SecurityEnvironment_NssImpl::getPersonalCertificates() throw( SecurityException , RuntimeException ) +{ + sal_Int32 length ; + X509Certificate_NssImpl* xcert ; + std::list< X509Certificate_NssImpl* > certsList ; + + updateSlots(); + //firstly, we try to find private keys in slot + for (CIT_SLOTS is = m_Slots.begin(); is != m_Slots.end(); is++) + { + PK11SlotInfo *slot = *is; + SECKEYPrivateKeyList* priKeyList ; + SECKEYPrivateKeyListNode* curPri ; + + if( PK11_NeedLogin(slot ) ) { + SECStatus nRet = PK11_Authenticate(slot, PR_TRUE, NULL); + //PK11_Authenticate may fail in case the a slot has not been initialized. + //this is the case if the user has a new profile, so that they have never + //added a personal certificate. + if( nRet != SECSuccess && PORT_GetError() != SEC_ERROR_IO) { + throw NoPasswordException(); + } + } + + priKeyList = PK11_ListPrivateKeysInSlot(slot) ; + if( priKeyList != NULL ) { + for( curPri = PRIVKEY_LIST_HEAD( priKeyList ); + !PRIVKEY_LIST_END( curPri, priKeyList ) && curPri != NULL ; + curPri = PRIVKEY_LIST_NEXT( curPri ) ) { + xcert = NssPrivKeyToXCert( curPri->key ) ; + if( xcert != NULL ) + certsList.push_back( xcert ) ; + } + } + + SECKEY_DestroyPrivateKeyList( priKeyList ) ; + } + + //secondly, we try to find certificate from registered private keys. + if( !m_tPriKeyList.empty() ) { + std::list< SECKEYPrivateKey* >::iterator priKeyIt ; + + for( priKeyIt = m_tPriKeyList.begin() ; priKeyIt != m_tPriKeyList.end() ; priKeyIt ++ ) { + xcert = NssPrivKeyToXCert( *priKeyIt ) ; + if( xcert != NULL ) + certsList.push_back( xcert ) ; + } + } + + length = certsList.size() ; + if( length != 0 ) { + int i ; + std::list< X509Certificate_NssImpl* >::iterator xcertIt ; + Sequence< Reference< XCertificate > > certSeq( length ) ; + + for( i = 0, xcertIt = certsList.begin(); xcertIt != certsList.end(); xcertIt ++, i++ ) { + certSeq[i] = *xcertIt ; + } + + return certSeq ; + } + + return Sequence< Reference < XCertificate > > (); +} + +Reference< XCertificate > SecurityEnvironment_NssImpl :: getCertificate( const OUString& issuerName, const Sequence< sal_Int8 >& serialNumber ) throw( SecurityException , RuntimeException ) +{ + X509Certificate_NssImpl* xcert = NULL; + + if( m_pHandler != NULL ) { + CERTIssuerAndSN issuerAndSN ; + CERTCertificate* cert ; + CERTName* nmIssuer ; + char* chIssuer ; + SECItem* derIssuer ; + PRArenaPool* arena ; + + arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE ) ; + if( arena == NULL ) + throw RuntimeException() ; + + /* + * mmi : because MS Crypto use the 'S' tag (equal to the 'ST' tag in NSS), but the NSS can't recognise + * it, so the 'S' tag should be changed to 'ST' tag + * + * PS : it can work, but inside libxmlsec, the 'S' tag is till used to find cert in NSS engine, so it + * is not useful at all. (comment out now) + */ + + /* + sal_Int32 nIndex = 0; + OUString newIssuerName; + do + { + OUString aToken = issuerName.getToken( 0, ',', nIndex ).trim(); + if (aToken.compareToAscii("S=",2) == 0) + { + newIssuerName+=OUString::createFromAscii("ST="); + newIssuerName+=aToken.copy(2); + } + else + { + newIssuerName+=aToken; + } + + if (nIndex >= 0) + { + newIssuerName+=OUString::createFromAscii(","); + } + } while ( nIndex >= 0 ); + */ + + /* end */ + + //Create cert info from issue and serial + rtl::OString ostr = rtl::OUStringToOString( issuerName , RTL_TEXTENCODING_UTF8 ) ; + chIssuer = PL_strndup( ( char* )ostr.getStr(), ( int )ostr.getLength() ) ; + nmIssuer = CERT_AsciiToName( chIssuer ) ; + if( nmIssuer == NULL ) { + PL_strfree( chIssuer ) ; + PORT_FreeArena( arena, PR_FALSE ) ; + + /* + * i40394 + * + * mmi : no need to throw exception + * just return "no found" + */ + //throw RuntimeException() ; + return NULL; + } + + derIssuer = SEC_ASN1EncodeItem( arena, NULL, ( void* )nmIssuer, SEC_ASN1_GET( CERT_NameTemplate ) ) ; + if( derIssuer == NULL ) { + PL_strfree( chIssuer ) ; + CERT_DestroyName( nmIssuer ) ; + PORT_FreeArena( arena, PR_FALSE ) ; + throw RuntimeException() ; + } + + memset( &issuerAndSN, 0, sizeof( issuerAndSN ) ) ; + + issuerAndSN.derIssuer.data = derIssuer->data ; + issuerAndSN.derIssuer.len = derIssuer->len ; + + issuerAndSN.serialNumber.data = ( unsigned char* )&serialNumber[0] ; + issuerAndSN.serialNumber.len = serialNumber.getLength() ; + + cert = CERT_FindCertByIssuerAndSN( m_pHandler, &issuerAndSN ) ; + if( cert != NULL ) { + xcert = NssCertToXCert( cert ) ; + } else { + xcert = NULL ; + } + + PL_strfree( chIssuer ) ; + CERT_DestroyName( nmIssuer ) ; + //SECITEM_FreeItem( derIssuer, PR_FALSE ) ; + CERT_DestroyCertificate( cert ) ; + PORT_FreeArena( arena, PR_FALSE ) ; + } else { + xcert = NULL ; + } + + return xcert ; +} + +Reference< XCertificate > SecurityEnvironment_NssImpl :: getCertificate( const OUString& issuerName, const OUString& serialNumber ) throw( SecurityException , RuntimeException ) { + Sequence< sal_Int8 > serial = numericStringToBigInteger( serialNumber ) ; + return getCertificate( issuerName, serial ) ; +} + +Sequence< Reference < XCertificate > > SecurityEnvironment_NssImpl :: buildCertificatePath( const Reference< XCertificate >& begin ) throw( SecurityException , RuntimeException ) { + const X509Certificate_NssImpl* xcert ; + const CERTCertificate* cert ; + CERTCertList* certChain ; + + Reference< XUnoTunnel > xCertTunnel( begin, UNO_QUERY ) ; + if( !xCertTunnel.is() ) { + throw RuntimeException() ; + } + + xcert = reinterpret_cast<X509Certificate_NssImpl*>( + sal::static_int_cast<sal_uIntPtr>(xCertTunnel->getSomething( X509Certificate_NssImpl::getUnoTunnelId() ))) ; + if( xcert == NULL ) { + throw RuntimeException() ; + } + + cert = xcert->getNssCert() ; + if( cert != NULL ) { + int64 timeboundary ; + + //Get the system clock time + timeboundary = PR_Now() ; + + certChain = CERT_GetCertChainFromCert( ( CERTCertificate* )cert, timeboundary, certUsageAnyCA ) ; + } else { + certChain = NULL ; + } + + if( certChain != NULL ) { + X509Certificate_NssImpl* pCert ; + CERTCertListNode* node ; + int len ; + + for( len = 0, node = CERT_LIST_HEAD( certChain ); !CERT_LIST_END( node, certChain ); node = CERT_LIST_NEXT( node ), len ++ ) ; + Sequence< Reference< XCertificate > > xCertChain( len ) ; + + for( len = 0, node = CERT_LIST_HEAD( certChain ); !CERT_LIST_END( node, certChain ); node = CERT_LIST_NEXT( node ), len ++ ) { + pCert = new X509Certificate_NssImpl() ; + if( pCert == NULL ) { + CERT_DestroyCertList( certChain ) ; + throw RuntimeException() ; + } + + pCert->setCert( node->cert ) ; + + xCertChain[len] = pCert ; + } + + CERT_DestroyCertList( certChain ) ; + + return xCertChain ; + } + + return Sequence< Reference < XCertificate > >(); +} + +Reference< XCertificate > SecurityEnvironment_NssImpl :: createCertificateFromRaw( const Sequence< sal_Int8 >& rawCertificate ) throw( SecurityException , RuntimeException ) { + X509Certificate_NssImpl* xcert ; + + if( rawCertificate.getLength() > 0 ) { + xcert = new X509Certificate_NssImpl() ; + if( xcert == NULL ) + throw RuntimeException() ; + + xcert->setRawCert( rawCertificate ) ; + } else { + xcert = NULL ; + } + + return xcert ; +} + +Reference< XCertificate > SecurityEnvironment_NssImpl :: createCertificateFromAscii( const OUString& asciiCertificate ) throw( SecurityException , RuntimeException ) { + xmlChar* chCert ; + xmlSecSize certSize ; + + rtl::OString oscert = rtl::OUStringToOString( asciiCertificate , RTL_TEXTENCODING_ASCII_US ) ; + + chCert = xmlStrndup( ( const xmlChar* )oscert.getStr(), ( int )oscert.getLength() ) ; + + certSize = xmlSecBase64Decode( chCert, ( xmlSecByte* )chCert, xmlStrlen( chCert ) ) ; + + Sequence< sal_Int8 > rawCert( certSize ) ; + for( unsigned int i = 0 ; i < certSize ; i ++ ) + rawCert[i] = *( chCert + i ) ; + + xmlFree( chCert ) ; + + return createCertificateFromRaw( rawCert ) ; +} + +sal_Int32 SecurityEnvironment_NssImpl :: +verifyCertificate( const Reference< csss::XCertificate >& aCert, + const Sequence< Reference< csss::XCertificate > >& intermediateCerts ) + throw( ::com::sun::star::uno::SecurityException, ::com::sun::star::uno::RuntimeException ) +{ + sal_Int32 validity = csss::CertificateValidity::INVALID; + const X509Certificate_NssImpl* xcert ; + const CERTCertificate* cert ; + ::std::vector<CERTCertificate*> vecTmpNSSCertificates; + Reference< XUnoTunnel > xCertTunnel( aCert, UNO_QUERY ) ; + if( !xCertTunnel.is() ) { + throw RuntimeException() ; + } + + xmlsec_trace("Start verification of certificate: \n %s \n", + OUStringToOString( + aCert->getSubjectName(), osl_getThreadTextEncoding()).getStr()); + + xcert = reinterpret_cast<X509Certificate_NssImpl*>( + sal::static_int_cast<sal_uIntPtr>(xCertTunnel->getSomething( X509Certificate_NssImpl::getUnoTunnelId() ))) ; + if( xcert == NULL ) { + throw RuntimeException() ; + } + + //CERT_PKIXVerifyCert does not take a db as argument. It will therefore + //internally use CERT_GetDefaultCertDB + //Make sure m_pHandler is the default DB + OSL_ASSERT(m_pHandler == CERT_GetDefaultCertDB()); + CERTCertDBHandle * certDb = m_pHandler != NULL ? m_pHandler : CERT_GetDefaultCertDB(); + cert = xcert->getNssCert() ; + if( cert != NULL ) + { + + //prepare the intermediate certificates + for (sal_Int32 i = 0; i < intermediateCerts.getLength(); i++) + { + Sequence<sal_Int8> der = intermediateCerts[i]->getEncoded(); + SECItem item; + item.type = siBuffer; + item.data = (unsigned char*)der.getArray(); + item.len = der.getLength(); + + CERTCertificate* certTmp = CERT_NewTempCertificate(certDb, &item, + NULL /* nickname */, + PR_FALSE /* isPerm */, + PR_TRUE /* copyDER */); + if (!certTmp) + { + xmlsec_trace("Failed to add a temporary certificate: %s", + OUStringToOString(intermediateCerts[i]->getIssuerName(), + osl_getThreadTextEncoding()).getStr()); + + } + else + { + xmlsec_trace("Added temporary certificate: %s", + certTmp->subjectName ? certTmp->subjectName : ""); + vecTmpNSSCertificates.push_back(certTmp); + } + } + + + SECStatus status ; + + CERTVerifyLog log; + log.arena = PORT_NewArena(512); + log.head = log.tail = NULL; + log.count = 0; + + CERT_EnableOCSPChecking(certDb); + CERT_DisableOCSPDefaultResponder(certDb); + CERTValOutParam cvout[5]; + CERTValInParam cvin[3]; + + cvin[0].type = cert_pi_useAIACertFetch; + cvin[0].value.scalar.b = PR_TRUE; + + PRUint64 revFlagsLeaf[2]; + PRUint64 revFlagsChain[2]; + CERTRevocationFlags rev; + rev.leafTests.number_of_defined_methods = 2; + rev.leafTests.cert_rev_flags_per_method = revFlagsLeaf; + //the flags are defined in cert.h + //We check both leaf and chain. + //It is enough if one revocation method has fresh info, + //but at least one must have some. Otherwise validation fails. + //!!! using leaf test and CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE + // when validating a root certificate will result in "revoked". Usually + //there is no revocation information available for the root cert because + //it must be trusted anyway and it does itself issue revocation information. + //When we use the flag here and OOo shows the certification path then the root + //cert is invalid while all other can be valid. It would probably best if + //this interface method returned the whole chain. + //Otherwise we need to check if the certificate is self-signed and if it is + //then not use the flag when doing the leaf-test. + rev.leafTests.cert_rev_flags_per_method[cert_revocation_method_crl] = + CERT_REV_M_TEST_USING_THIS_METHOD + | CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE; + rev.leafTests.cert_rev_flags_per_method[cert_revocation_method_ocsp] = + CERT_REV_M_TEST_USING_THIS_METHOD + | CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE; + rev.leafTests.number_of_preferred_methods = 0; + rev.leafTests.preferred_methods = NULL; + rev.leafTests.cert_rev_method_independent_flags = + CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST; +// | CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE; + + rev.chainTests.number_of_defined_methods = 2; + rev.chainTests.cert_rev_flags_per_method = revFlagsChain; + rev.chainTests.cert_rev_flags_per_method[cert_revocation_method_crl] = + CERT_REV_M_TEST_USING_THIS_METHOD + | CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE; + rev.chainTests.cert_rev_flags_per_method[cert_revocation_method_ocsp] = + CERT_REV_M_TEST_USING_THIS_METHOD + | CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE; + rev.chainTests.number_of_preferred_methods = 0; + rev.chainTests.preferred_methods = NULL; + rev.chainTests.cert_rev_method_independent_flags = + CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST; +// | CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE; + + + cvin[1].type = cert_pi_revocationFlags; + cvin[1].value.pointer.revocation = &rev; + // does not work, not implemented yet in 3.12.4 +// cvin[2].type = cert_pi_keyusage; +// cvin[2].value.scalar.ui = KU_DIGITAL_SIGNATURE; + cvin[2].type = cert_pi_end; + + cvout[0].type = cert_po_trustAnchor; + cvout[0].value.pointer.cert = NULL; + cvout[1].type = cert_po_errorLog; + cvout[1].value.pointer.log = &log; + cvout[2].type = cert_po_end; + + // We check SSL server certificates, CA certificates and signing sertificates. + // + // ToDo check keyusage, looking at CERT_KeyUsageAndTypeForCertUsage ( + // mozilla/security/nss/lib/certdb/certdb.c indicates that + // certificateUsageSSLClient, certificateUsageSSLServer and certificateUsageSSLCA + // are sufficient. They cover the key usages for digital signature, key agreement + // and encipherment and certificate signature + + //never use the following usages because they are not checked properly + // certificateUsageUserCertImport + // certificateUsageVerifyCA + // certificateUsageAnyCA + // certificateUsageProtectedObjectSigner + + UsageDescription arUsages[] = + { + {certificateUsageSSLClient, "certificateUsageSSLClient" }, + {certificateUsageSSLServer, "certificateUsageSSLServer" }, + {certificateUsageSSLCA, "certificateUsageSSLCA" }, + {certificateUsageEmailSigner, "certificateUsageEmailSigner"}, //only usable for end certs + {certificateUsageEmailRecipient, "certificateUsageEmailRecipient"} + }; + + int numUsages = sizeof(arUsages) / sizeof(UsageDescription); + for (int i = 0; i < numUsages; i++) + { + xmlsec_trace("Testing usage %d of %d: %s (0x%x)", i + 1, + numUsages, arUsages[i].description, (int) arUsages[i].usage); + + status = CERT_PKIXVerifyCert(const_cast<CERTCertificate *>(cert), arUsages[i].usage, + cvin, cvout, NULL); + if( status == SECSuccess ) + { + xmlsec_trace("CERT_PKIXVerifyCert returned SECSuccess."); + //When an intermediate or root certificate is checked then we expect the usage + //certificateUsageSSLCA. This, however, will be only set when in the trust settings dialog + //the button "This certificate can identify websites" is checked. If for example only + //"This certificate can identify mail users" is set then the end certificate can + //be validated and the returned usage will conain certificateUsageEmailRecipient. + //But checking directly the root or intermediate certificate will fail. In the + //certificate path view the end certificate will be shown as valid but the others + //will be displayed as invalid. + + validity = csss::CertificateValidity::VALID; + xmlsec_trace("Certificate is valid.\n"); + CERTCertificate * issuerCert = cvout[0].value.pointer.cert; + if (issuerCert) + { + xmlsec_trace("Root certificate: %s", issuerCert->subjectName); + CERT_DestroyCertificate(issuerCert); + }; + + break; + } + else + { + PRIntn err = PR_GetError(); + xmlsec_trace("Error: , %d = %s", err, getCertError(err)); + + /* Display validation results */ + if ( log.count > 0) + { + CERTVerifyLogNode *node = NULL; + printChainFailure(&log); + + for (node = log.head; node; node = node->next) { + if (node->cert) + CERT_DestroyCertificate(node->cert); + } + log.head = log.tail = NULL; + log.count = 0; + } + xmlsec_trace("Certificate is invalid.\n"); + } + } + + } + else + { + validity = ::com::sun::star::security::CertificateValidity::INVALID ; + } + + //Destroying the temporary certificates + std::vector<CERTCertificate*>::const_iterator cert_i; + for (cert_i = vecTmpNSSCertificates.begin(); cert_i != vecTmpNSSCertificates.end(); cert_i++) + { + xmlsec_trace("Destroying temporary certificate"); + CERT_DestroyCertificate(*cert_i); + } + return validity ; +} + +sal_Int32 SecurityEnvironment_NssImpl::getCertificateCharacters( + const ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificate >& aCert ) throw( ::com::sun::star::uno::SecurityException, ::com::sun::star::uno::RuntimeException ) { + sal_Int32 characters ; + const X509Certificate_NssImpl* xcert ; + const CERTCertificate* cert ; + + Reference< XUnoTunnel > xCertTunnel( aCert, UNO_QUERY ) ; + if( !xCertTunnel.is() ) { + throw RuntimeException() ; + } + + xcert = reinterpret_cast<X509Certificate_NssImpl*>( + sal::static_int_cast<sal_uIntPtr>(xCertTunnel->getSomething( X509Certificate_NssImpl::getUnoTunnelId() ))) ; + if( xcert == NULL ) { + throw RuntimeException() ; + } + + cert = xcert->getNssCert() ; + + characters = 0x00000000 ; + + //Firstly, find out whether or not the cert is self-signed. + if( SECITEM_CompareItem( &(cert->derIssuer), &(cert->derSubject) ) == SECEqual ) { + characters |= ::com::sun::star::security::CertificateCharacters::SELF_SIGNED ; + } else { + characters &= ~ ::com::sun::star::security::CertificateCharacters::SELF_SIGNED ; + } + + //Secondly, find out whether or not the cert has a private key. + + /* + * i40394 + * + * mmi : need to check whether the cert's slot is valid first + */ + SECKEYPrivateKey* priKey = NULL; + + if (cert->slot != NULL) + { + priKey = PK11_FindPrivateKeyFromCert( cert->slot, ( CERTCertificate* )cert, NULL ) ; + } + if(priKey == NULL) + { + for (CIT_SLOTS is = m_Slots.begin(); is != m_Slots.end(); is++) + { + priKey = PK11_FindPrivateKeyFromCert(*is, (CERTCertificate*)cert, NULL); + if (priKey) + break; + } + } + if( priKey != NULL ) { + characters |= ::com::sun::star::security::CertificateCharacters::HAS_PRIVATE_KEY ; + + SECKEY_DestroyPrivateKey( priKey ) ; + } else { + characters &= ~ ::com::sun::star::security::CertificateCharacters::HAS_PRIVATE_KEY ; + } + + return characters ; +} + +X509Certificate_NssImpl* NssCertToXCert( CERTCertificate* cert ) +{ + X509Certificate_NssImpl* xcert ; + + if( cert != NULL ) { + xcert = new X509Certificate_NssImpl() ; + if( xcert == NULL ) { + xcert = NULL ; + } else { + xcert->setCert( cert ) ; + } + } else { + xcert = NULL ; + } + + return xcert ; +} + +X509Certificate_NssImpl* NssPrivKeyToXCert( SECKEYPrivateKey* priKey ) +{ + CERTCertificate* cert ; + X509Certificate_NssImpl* xcert ; + + if( priKey != NULL ) { + cert = PK11_GetCertFromPrivateKey( priKey ) ; + + if( cert != NULL ) { + xcert = NssCertToXCert( cert ) ; + } else { + xcert = NULL ; + } + + CERT_DestroyCertificate( cert ) ; + } else { + xcert = NULL ; + } + + return xcert ; +} + + +/* Native methods */ +xmlSecKeysMngrPtr SecurityEnvironment_NssImpl::createKeysManager() throw( Exception, RuntimeException ) { + + unsigned int i ; + CERTCertDBHandle* handler = NULL ; + PK11SymKey* symKey = NULL ; + SECKEYPublicKey* pubKey = NULL ; + SECKEYPrivateKey* priKey = NULL ; + xmlSecKeysMngrPtr pKeysMngr = NULL ; + + handler = this->getCertDb() ; + + /*- + * The following lines is based on the private version of xmlSec-NSS + * crypto engine + */ + int cSlots = m_Slots.size(); + boost::scoped_array<PK11SlotInfo*> sarSlots(new PK11SlotInfo*[cSlots]); + PK11SlotInfo** slots = sarSlots.get(); + int count = 0; + for (CIT_SLOTS islots = m_Slots.begin();islots != m_Slots.end(); islots++, count++) + slots[count] = *islots; + + pKeysMngr = xmlSecNssAppliedKeysMngrCreate(slots, cSlots, handler ) ; + if( pKeysMngr == NULL ) + throw RuntimeException() ; + + /*- + * Adopt symmetric key into keys manager + */ + for( i = 0 ; ( symKey = this->getSymKey( i ) ) != NULL ; i ++ ) { + if( xmlSecNssAppliedKeysMngrSymKeyLoad( pKeysMngr, symKey ) < 0 ) { + throw RuntimeException() ; + } + } + + /*- + * Adopt asymmetric public key into keys manager + */ + for( i = 0 ; ( pubKey = this->getPubKey( i ) ) != NULL ; i ++ ) { + if( xmlSecNssAppliedKeysMngrPubKeyLoad( pKeysMngr, pubKey ) < 0 ) { + throw RuntimeException() ; + } + } + + /*- + * Adopt asymmetric private key into keys manager + */ + for( i = 0 ; ( priKey = this->getPriKey( i ) ) != NULL ; i ++ ) { + if( xmlSecNssAppliedKeysMngrPriKeyLoad( pKeysMngr, priKey ) < 0 ) { + throw RuntimeException() ; + } + } + return pKeysMngr ; +} +void SecurityEnvironment_NssImpl::destroyKeysManager(xmlSecKeysMngrPtr pKeysMngr) throw( Exception, RuntimeException ) { + if( pKeysMngr != NULL ) { + xmlSecKeysMngrDestroy( pKeysMngr ) ; + } +} diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx new file mode 100644 index 000000000000..8b2192a00b1f --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx @@ -0,0 +1,183 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +#ifndef _XSECURITYENVIRONMENT_NSSIMPL_HXX_ +#define _XSECURITYENVIRONMENT_NSSIMPL_HXX_ + +#include <sal/config.h> +#include <rtl/ustring.hxx> +#include <cppuhelper/factory.hxx> +#include <cppuhelper/implbase4.hxx> +#include <com/sun/star/uno/Exception.hpp> + +#ifndef _COM_SUN_STAR_UNO_REFERENCE_HPP_ +#include <com/sun/star/uno/Reference.hxx> +#endif +#include <com/sun/star/lang/XSingleServiceFactory.hpp> + +#ifndef _COM_SUN_STAR_LANG_XSECVICEINFO_HPP_ +#include <com/sun/star/lang/XServiceInfo.hpp> +#endif +#include <com/sun/star/lang/XInitialization.hpp> +#include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp> +#include <com/sun/star/security/XCertificate.hpp> +#include <com/sun/star/security/CertificateCharacters.hpp> +#include <com/sun/star/security/CertificateValidity.hpp> +#include <com/sun/star/lang/XUnoTunnel.hpp> + +#include "osl/mutex.hxx" + +#include "pk11func.h" +#include "keyhi.h" +#include "certdb.h" +#include "list" + +#include <sal/types.h> +//For reasons that escape me, this is what xmlsec does when size_t is not 4 +#if SAL_TYPES_SIZEOFPOINTER != 4 +# define XMLSEC_NO_SIZE_T +#endif +#include "xmlsec/xmlsec.h" + +class SecurityEnvironment_NssImpl : public ::cppu::WeakImplHelper4< + ::com::sun::star::xml::crypto::XSecurityEnvironment , + ::com::sun::star::lang::XInitialization , + ::com::sun::star::lang::XServiceInfo , + ::com::sun::star::lang::XUnoTunnel > +{ +private : + + std::list< PK11SlotInfo* > m_Slots; + typedef std::list< PK11SlotInfo* >::const_iterator CIT_SLOTS; + + osl::Mutex m_mutex; + + CERTCertDBHandle* m_pHandler ; + std::list< PK11SymKey* > m_tSymKeyList ; + std::list< SECKEYPublicKey* > m_tPubKeyList ; + std::list< SECKEYPrivateKey* > m_tPriKeyList ; + ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory > m_xServiceManager ; + + public : + SecurityEnvironment_NssImpl( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory >& aFactory ) ; + virtual ~SecurityEnvironment_NssImpl() ; + + //Methods from XSecurityEnvironment + + //Methods from XInitialization + virtual void SAL_CALL initialize( + const ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Any >& aArguments + ) throw( ::com::sun::star::uno::Exception , ::com::sun::star::uno::RuntimeException ) ; + + //Methods from XServiceInfo + virtual ::rtl::OUString SAL_CALL getImplementationName() throw( ::com::sun::star::uno::RuntimeException ) ; + + virtual sal_Bool SAL_CALL supportsService( + const ::rtl::OUString& ServiceName + ) throw( ::com::sun::star::uno::RuntimeException ) ; + + virtual ::com::sun::star::uno::Sequence< ::rtl::OUString > SAL_CALL getSupportedServiceNames() throw( ::com::sun::star::uno::RuntimeException ) ; + + //Helper for XServiceInfo + static ::com::sun::star::uno::Sequence< ::rtl::OUString > impl_getSupportedServiceNames() ; + + static ::rtl::OUString impl_getImplementationName() throw( ::com::sun::star::uno::RuntimeException ) ; + + //Helper for registry + static ::com::sun::star::uno::Reference< ::com::sun::star::uno::XInterface > SAL_CALL impl_createInstance( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory >& aServiceManager ) throw( ::com::sun::star::uno::RuntimeException ) ; + + static ::com::sun::star::uno::Reference< ::com::sun::star::lang::XSingleServiceFactory > impl_createFactory( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory >& aServiceManager ) ; + + virtual ::sal_Int32 SAL_CALL verifyCertificate( + const ::com::sun::star::uno::Reference< + ::com::sun::star::security::XCertificate >& xCert, + const ::com::sun::star::uno::Sequence< + ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificate > > & + intermediateCerts) + throw (::com::sun::star::uno::SecurityException, ::com::sun::star::uno::RuntimeException) ; + + virtual ::sal_Int32 SAL_CALL getCertificateCharacters( const ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificate >& xCert ) throw (::com::sun::star::uno::SecurityException, ::com::sun::star::uno::RuntimeException) ; + + virtual ::rtl::OUString SAL_CALL getSecurityEnvironmentInformation( ) throw (::com::sun::star::uno::RuntimeException); + + //Methods from XUnoTunnel + virtual sal_Int64 SAL_CALL getSomething( const ::com::sun::star::uno::Sequence< sal_Int8 >& aIdentifier ) + throw (::com::sun::star::uno::RuntimeException); + + static const ::com::sun::star::uno::Sequence< sal_Int8 >& getUnoTunnelId() ; + static SecurityEnvironment_NssImpl* getImplementation( const ::com::sun::star::uno::Reference< ::com::sun::star::uno::XInterface > xObj ) ; + + //Native mehtods + virtual CERTCertDBHandle* getCertDb() throw( ::com::sun::star::uno::Exception , ::com::sun::star::uno::RuntimeException ) ; + + virtual void setCertDb( CERTCertDBHandle* aCertDb ) throw( ::com::sun::star::uno::Exception , ::com::sun::star::uno::RuntimeException ) ; + + virtual void adoptSymKey( PK11SymKey* aSymKey ) throw( ::com::sun::star::uno::Exception , ::com::sun::star::uno::RuntimeException ) ; + + virtual void rejectSymKey( PK11SymKey* aSymKey ) throw( ::com::sun::star::uno::Exception , ::com::sun::star::uno::RuntimeException ) ; + + virtual PK11SymKey* getSymKey( unsigned int position ) throw( ::com::sun::star::uno::Exception , ::com::sun::star::uno::RuntimeException ) ; + + virtual void adoptPubKey( SECKEYPublicKey* aPubKey ) throw( ::com::sun::star::uno::Exception , ::com::sun::star::uno::RuntimeException ) ; + + virtual void rejectPubKey( SECKEYPublicKey* aPubKey ) throw( ::com::sun::star::uno::Exception , ::com::sun::star::uno::RuntimeException ) ; + + virtual SECKEYPublicKey* getPubKey( unsigned int position ) throw( ::com::sun::star::uno::Exception , ::com::sun::star::uno::RuntimeException ) ; + + virtual void adoptPriKey( SECKEYPrivateKey* aPriKey ) throw( ::com::sun::star::uno::Exception , ::com::sun::star::uno::RuntimeException ) ; + + virtual void rejectPriKey( SECKEYPrivateKey* aPriKey ) throw( ::com::sun::star::uno::Exception , ::com::sun::star::uno::RuntimeException ) ; + + virtual SECKEYPrivateKey* getPriKey( unsigned int position ) throw( ::com::sun::star::uno::Exception , ::com::sun::star::uno::RuntimeException ) ; + + virtual ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificate > > SAL_CALL getPersonalCertificates() throw( ::com::sun::star::uno::SecurityException , ::com::sun::star::uno::RuntimeException ) ; + + virtual ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificate > SAL_CALL getCertificate( const ::rtl::OUString& issuerName, const ::com::sun::star::uno::Sequence< sal_Int8 >& serialNumber ) throw( ::com::sun::star::uno::SecurityException , ::com::sun::star::uno::RuntimeException ) ; + + virtual ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificate > SAL_CALL getCertificate( const ::rtl::OUString& issuerName, const ::rtl::OUString& serialNumber ) throw( ::com::sun::star::uno::SecurityException , ::com::sun::star::uno::RuntimeException ) ; + + virtual ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificate > > SAL_CALL buildCertificatePath( const ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificate >& beginCert ) throw( ::com::sun::star::uno::SecurityException , ::com::sun::star::uno::RuntimeException ) ; + + virtual ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificate > SAL_CALL createCertificateFromRaw( const ::com::sun::star::uno::Sequence< sal_Int8 >& rawCertificate ) throw( ::com::sun::star::uno::SecurityException , ::com::sun::star::uno::RuntimeException ) ; + + virtual ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificate > SAL_CALL createCertificateFromAscii( const ::rtl::OUString& asciiCertificate ) throw( ::com::sun::star::uno::SecurityException , ::com::sun::star::uno::RuntimeException ) ; + + + //Native mehtods + virtual xmlSecKeysMngrPtr createKeysManager() throw( ::com::sun::star::uno::Exception , ::com::sun::star::uno::RuntimeException ) ; + virtual void destroyKeysManager(xmlSecKeysMngrPtr pKeysMngr) throw( ::com::sun::star::uno::Exception , ::com::sun::star::uno::RuntimeException ) ; + +private: + void updateSlots(); + + virtual void addCryptoSlot( PK11SlotInfo* aSlot ) throw( ::com::sun::star::uno::Exception , ::com::sun::star::uno::RuntimeException ) ; + + +} ; + +#endif // _XSECURITYENVIRONMENT_NSSIMPL_HXX_ + diff --git a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx new file mode 100644 index 000000000000..127d7fa43fe6 --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx @@ -0,0 +1,516 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +// MARKER(update_precomp.py): autogen include statement, do not remove +#include "precompiled_xmlsecurity.hxx" + +/* + * Turn off DEBUG Assertions + */ +#ifdef _DEBUG + #define _DEBUG_WAS_DEFINED _DEBUG + #undef _DEBUG +#else + #undef _DEBUG_WAS_DEFINED +#endif + +/* + * and turn off the additional virtual methods which are part of some interfaces when compiled + * with debug + */ +#ifdef DEBUG + #define DEBUG_WAS_DEFINED DEBUG + #undef DEBUG +#else + #undef DEBUG_WAS_DEFINED +#endif + + +#include <sal/types.h> +#include "rtl/instance.hxx" +#include "rtl/bootstrap.hxx" +#include "rtl/string.hxx" +#include "rtl/strbuf.hxx" +#include "osl/file.hxx" +#include "osl/thread.h" +#include <tools/debug.hxx> +#include <rtl/logfile.hxx> + +#include "seinitializer_nssimpl.hxx" +#include "../diagnose.hxx" + +#include "securityenvironment_nssimpl.hxx" +#include <com/sun/star/mozilla/XMozillaBootstrap.hpp> + +#include "nspr.h" +#include "cert.h" +#include "nss.h" +#include "secmod.h" +#include "nssckbi.h" + + +namespace cssu = com::sun::star::uno; +namespace cssl = com::sun::star::lang; +namespace cssxc = com::sun::star::xml::crypto; + +using namespace xmlsecurity; +using namespace com::sun::star; +using ::rtl::OUString; +using ::rtl::OString; + +#define SERVICE_NAME "com.sun.star.xml.crypto.SEInitializer" +#define IMPLEMENTATION_NAME "com.sun.star.xml.security.bridge.xmlsec.SEInitializer_NssImpl" +#define SECURITY_ENVIRONMENT "com.sun.star.xml.crypto.SecurityEnvironment" +#define SECURITY_CONTEXT "com.sun.star.xml.crypto.XMLSecurityContext" + + +#define ROOT_CERTS "Root Certs for OpenOffice.org" + + +extern "C" void nsscrypto_finalize(); + + +namespace +{ + +bool nsscrypto_initialize( const char * sProfile, bool & out_nss_init); + +struct InitNSSInitialize +{ + //path to the database folder + const OString m_sProfile; + InitNSSInitialize(const OString & sProfile): m_sProfile(sProfile) {}; + bool * operator()() + { + static bool bInitialized = false; + bool bNSSInit = false; + bInitialized = nsscrypto_initialize(m_sProfile.getStr(), bNSSInit); + if (bNSSInit) + atexit(nsscrypto_finalize ); + return & bInitialized; + + } +}; + +bool * initNSS(const OString & sProfile) +{ + return rtl_Instance< bool, InitNSSInitialize, + ::osl::MutexGuard, ::osl::GetGlobalMutex >::create( + InitNSSInitialize(sProfile), ::osl::GetGlobalMutex()); +} + +void deleteRootsModule() +{ + SECMODModule *RootsModule = 0; + SECMODModuleList *list = SECMOD_GetDefaultModuleList(); + SECMODListLock *lock = SECMOD_GetDefaultModuleListLock(); + SECMOD_GetReadLock(lock); + + while (!RootsModule && list) + { + SECMODModule *module = list->module; + + for (int i=0; i < module->slotCount; i++) + { + PK11SlotInfo *slot = module->slots[i]; + if (PK11_IsPresent(slot)) + { + if (PK11_HasRootCerts(slot)) + { + xmlsec_trace("The root certifificates module \"%s" + "\" is already loaded: \n%s", + module->commonName, module->dllName); + + RootsModule = SECMOD_ReferenceModule(module); + break; + } + } + } + list = list->next; + } + SECMOD_ReleaseReadLock(lock); + + if (RootsModule) + { + PRInt32 modType; + if (SECSuccess == SECMOD_DeleteModule(RootsModule->commonName, &modType)) + { + xmlsec_trace("Deleted module \"%s\".", RootsModule->commonName); + } + else + { + xmlsec_trace("Failed to delete \"%s\" : \n%s", + RootsModule->commonName, RootsModule->dllName); + } + SECMOD_DestroyModule(RootsModule); + RootsModule = 0; + } +} + +//Older versions of Firefox (FF), for example FF2, and Thunderbird (TB) 2 write +//the roots certificate module (libnssckbi.so), which they use, into the +//profile. This module will then already be loaded during NSS_Init (and the +//other init functions). This fails in two cases. First, FF3 was used to create +//the profile, or possibly used that profile before, and second the profile was +//used on a different platform. +// +//Then one needs to add the roots module oneself. This should be done with +//SECMOD_LoadUserModule rather then SECMOD_AddNewModule. The latter would write +//the location of the roots module to the profile, which makes FF2 and TB2 use +//it instead of there own module. +// +//When using SYSTEM_MOZILLA then the libnss3.so lib is typically found in +///usr/lib. This folder may, however, NOT contain the roots certificate +//module. That is, just providing the library name in SECMOD_LoadUserModule or +//SECMOD_AddNewModule will FAIL to load the mozilla unless the LD_LIBRARY_PATH +//contains an FF or TB installation. +//ATTENTION: DO NOT call this function directly instead use initNSS +//return true - whole initialization was successful +//param out_nss_init = true: at least the NSS initialization (NSS_InitReadWrite +//was successful and therefor NSS_Shutdown should be called when terminating. +bool nsscrypto_initialize( const char* token, bool & out_nss_init ) +{ + bool return_value = true; + + xmlsec_trace("Using profile: %s", token); + + PR_Init( PR_USER_THREAD, PR_PRIORITY_NORMAL, 1 ) ; + + //token may be an empty string + if (token != NULL && strlen(token) > 0) + { + if( NSS_InitReadWrite( token ) != SECSuccess ) + { + xmlsec_trace("Initializing NSS with profile failed."); + char * error = NULL; + + PR_GetErrorText(error); + if (error) + xmlsec_trace("%s",error); + return false ; + } + } + else + { + xmlsec_trace("Initializing NSS without profile."); + if ( NSS_NoDB_Init(NULL) != SECSuccess ) + { + xmlsec_trace("Initializing NSS without profile failed."); + char * error = NULL; + PR_GetErrorText(error); + if (error) + xmlsec_trace("%s",error); + return false ; + } + } + out_nss_init = true; + +#if defined SYSTEM_MOZILLA + if (!SECMOD_HasRootCerts()) + { +#endif + deleteRootsModule(); + +#if defined SYSTEM_MOZILLA + OUString rootModule(RTL_CONSTASCII_USTRINGPARAM("libnssckbi"SAL_DLLEXTENSION)); +#else + OUString rootModule(RTL_CONSTASCII_USTRINGPARAM("${OOO_BASE_DIR}/program/libnssckbi"SAL_DLLEXTENSION)); +#endif + ::rtl::Bootstrap::expandMacros(rootModule); + + OUString rootModulePath; + if (::osl::File::E_None == ::osl::File::getSystemPathFromFileURL(rootModule, rootModulePath)) + { + ::rtl::OString ospath = ::rtl::OUStringToOString(rootModulePath, osl_getThreadTextEncoding()); + ::rtl::OStringBuffer pkcs11moduleSpec; + pkcs11moduleSpec.append("name=\""); + pkcs11moduleSpec.append(ROOT_CERTS); + pkcs11moduleSpec.append("\" library=\""); + pkcs11moduleSpec.append(ospath.getStr()); + pkcs11moduleSpec.append("\""); + + SECMODModule * RootsModule = + SECMOD_LoadUserModule( + const_cast<char*>(pkcs11moduleSpec.makeStringAndClear().getStr()), + 0, // no parent + PR_FALSE); // do not recurse + + if (RootsModule) + { + + bool found = RootsModule->loaded; + + SECMOD_DestroyModule(RootsModule); + RootsModule = 0; + if (found) + xmlsec_trace("Added new root certificate module " + "\""ROOT_CERTS"\" contained in \n%s", ospath.getStr()); + else + { + xmlsec_trace("FAILED to load the new root certificate module " + "\""ROOT_CERTS"\" contained in \n%s", ospath.getStr()); + return_value = false; + } + } + else + { + xmlsec_trace("FAILED to add new root certifice module: " + "\""ROOT_CERTS"\" contained in \n%s", ospath.getStr()); + return_value = false; + + } + } + else + { + xmlsec_trace("Adding new root certificate module failed."); + return_value = false; + } +#if SYSTEM_MOZILLA + } +#endif + + return return_value; +} + + +// must be extern "C" because we pass the function pointer to atexit +extern "C" void nsscrypto_finalize() +{ + SECMODModule *RootsModule = SECMOD_FindModule(ROOT_CERTS); + + if (RootsModule) + { + + if (SECSuccess == SECMOD_UnloadUserModule(RootsModule)) + { + xmlsec_trace("Unloaded module \""ROOT_CERTS"\"."); + } + else + { + xmlsec_trace("Failed unloadeding module \""ROOT_CERTS"\"."); + } + SECMOD_DestroyModule(RootsModule); + } + else + { + xmlsec_trace("Unloading module \""ROOT_CERTS + "\" failed because it was not found."); + } + PK11_LogoutAll(); + NSS_Shutdown(); +} + + +bool getMozillaCurrentProfile( + const com::sun::star::uno::Reference< com::sun::star::lang::XMultiServiceFactory > &rxMSF, + rtl::OUString& profilePath) +{ + /* + * first, try to get the profile from "MOZILLA_CERTIFICATE_FOLDER" + */ + char * env = getenv("MOZILLA_CERTIFICATE_FOLDER"); + if (env) + { + profilePath = rtl::OUString::createFromAscii( env ); + RTL_LOGFILE_PRODUCT_TRACE1( "XMLSEC: Using env MOZILLA_CERTIFICATE_FOLDER: %s", rtl::OUStringToOString( profilePath, RTL_TEXTENCODING_ASCII_US ).getStr() ); + return true; + } + else + { + mozilla::MozillaProductType productTypes[4] = { + mozilla::MozillaProductType_Thunderbird, + mozilla::MozillaProductType_Mozilla, + mozilla::MozillaProductType_Firefox, + mozilla::MozillaProductType_Default }; + int nProduct = 4; + + uno::Reference<uno::XInterface> xInstance = rxMSF->createInstance( + ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM("com.sun.star.mozilla.MozillaBootstrap")) ); + OSL_ENSURE( xInstance.is(), "failed to create instance" ); + + uno::Reference<mozilla::XMozillaBootstrap> xMozillaBootstrap + = uno::Reference<mozilla::XMozillaBootstrap>(xInstance,uno::UNO_QUERY); + OSL_ENSURE( xMozillaBootstrap.is(), "failed to create instance" ); + + if (xMozillaBootstrap.is()) + { + for (int i=0; i<nProduct; i++) + { + ::rtl::OUString profile = xMozillaBootstrap->getDefaultProfile(productTypes[i]); + + if (profile != NULL && profile.getLength()>0) + { + profilePath = xMozillaBootstrap->getProfilePath(productTypes[i],profile); + RTL_LOGFILE_PRODUCT_TRACE1( "XMLSEC: Using Mozilla Profile: %s", rtl::OUStringToOString( profilePath, RTL_TEXTENCODING_ASCII_US ).getStr() ); + return true; + } + } + } + + RTL_LOGFILE_PRODUCT_TRACE( "XMLSEC: No Mozilla Profile found!" ); + return false; + } +} + +} // namespace + +SEInitializer_NssImpl::SEInitializer_NssImpl( + const com::sun::star::uno::Reference< com::sun::star::lang::XMultiServiceFactory > &rxMSF) + :mxMSF( rxMSF ) +{ +} + +SEInitializer_NssImpl::~SEInitializer_NssImpl() +{ +} + +/* XSEInitializer */ +cssu::Reference< cssxc::XXMLSecurityContext > SAL_CALL + SEInitializer_NssImpl::createSecurityContext( + const rtl::OUString& sCertDB ) + throw (cssu::RuntimeException) +{ + CERTCertDBHandle *pCertHandle = NULL ; + + rtl::OString sCertDir; + if( sCertDB.getLength() ) + { + sCertDir = rtl::OString(sCertDB, sCertDB.getLength(), RTL_TEXTENCODING_ASCII_US); + } + else + { + static rtl::OString* pDefaultCertDir = NULL; + if ( !pDefaultCertDir ) + { + pDefaultCertDir = new rtl::OString; + rtl::OUString ouCertDir; + + + + if ( getMozillaCurrentProfile(mxMSF, ouCertDir) ) + *pDefaultCertDir = rtl::OString(ouCertDir, ouCertDir.getLength(), RTL_TEXTENCODING_ASCII_US); + } + sCertDir = *pDefaultCertDir; + + } + + if( ! *initNSS( sCertDir.getStr() ) ) + { + return NULL; + } + + pCertHandle = CERT_GetDefaultCertDB() ; + + try + { + /* Build XML Security Context */ + const rtl::OUString sSecyrutyContext ( RTL_CONSTASCII_USTRINGPARAM( SECURITY_CONTEXT ) ); + cssu::Reference< cssxc::XXMLSecurityContext > xSecCtx( mxMSF->createInstance ( sSecyrutyContext ), cssu::UNO_QUERY ); + if( !xSecCtx.is() ) + return NULL; + + const rtl::OUString sSecyrutyEnvironment ( RTL_CONSTASCII_USTRINGPARAM( SECURITY_ENVIRONMENT ) ); + cssu::Reference< cssxc::XSecurityEnvironment > xSecEnv( mxMSF->createInstance ( sSecyrutyEnvironment ), cssu::UNO_QUERY ); + cssu::Reference< cssl::XUnoTunnel > xEnvTunnel( xSecEnv , cssu::UNO_QUERY ) ; + if( !xEnvTunnel.is() ) + return NULL; + SecurityEnvironment_NssImpl* pSecEnv = reinterpret_cast<SecurityEnvironment_NssImpl*>( + sal::static_int_cast<sal_uIntPtr>( + xEnvTunnel->getSomething(SecurityEnvironment_NssImpl::getUnoTunnelId() ))) ; + pSecEnv->setCertDb(pCertHandle); + + sal_Int32 n = xSecCtx->addSecurityEnvironment(xSecEnv); + //originally the SecurityEnvironment with the internal slot was set as default + xSecCtx->setDefaultSecurityEnvironmentIndex( n ); + return xSecCtx; + } + catch( cssu::Exception& ) + { + //PK11_LogoutAll(); + //NSS_Shutdown(); + return NULL; + } +} + +void SAL_CALL SEInitializer_NssImpl::freeSecurityContext( const cssu::Reference< cssxc::XXMLSecurityContext >& ) + throw (cssu::RuntimeException) +{ + /* + * because the security context will free all its content when it + * is destructed, so here no free process for the security context + * is needed. + */ + //PK11_LogoutAll(); + //NSS_Shutdown(); +} + +rtl::OUString SEInitializer_NssImpl_getImplementationName () + throw (cssu::RuntimeException) +{ + + return rtl::OUString ( RTL_CONSTASCII_USTRINGPARAM ( IMPLEMENTATION_NAME ) ); +} + +sal_Bool SAL_CALL SEInitializer_NssImpl_supportsService( const rtl::OUString& ServiceName ) + throw (cssu::RuntimeException) +{ + return ServiceName.equalsAsciiL( RTL_CONSTASCII_STRINGPARAM ( SERVICE_NAME )); +} + +cssu::Sequence< rtl::OUString > SAL_CALL SEInitializer_NssImpl_getSupportedServiceNames( ) + throw (cssu::RuntimeException) +{ + cssu::Sequence < rtl::OUString > aRet(1); + rtl::OUString* pArray = aRet.getArray(); + pArray[0] = rtl::OUString ( RTL_CONSTASCII_USTRINGPARAM ( SERVICE_NAME ) ); + return aRet; +} +#undef SERVICE_NAME + +cssu::Reference< cssu::XInterface > SAL_CALL SEInitializer_NssImpl_createInstance( const cssu::Reference< cssl::XMultiServiceFactory > & rSMgr) + throw( cssu::Exception ) +{ + return (cppu::OWeakObject*) new SEInitializer_NssImpl(rSMgr); +} + +/* XServiceInfo */ +rtl::OUString SAL_CALL SEInitializer_NssImpl::getImplementationName( ) + throw (cssu::RuntimeException) +{ + return SEInitializer_NssImpl_getImplementationName(); +} +sal_Bool SAL_CALL SEInitializer_NssImpl::supportsService( const rtl::OUString& rServiceName ) + throw (cssu::RuntimeException) +{ + return SEInitializer_NssImpl_supportsService( rServiceName ); +} +cssu::Sequence< rtl::OUString > SAL_CALL SEInitializer_NssImpl::getSupportedServiceNames( ) + throw (cssu::RuntimeException) +{ + return SEInitializer_NssImpl_getSupportedServiceNames(); +} + diff --git a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx new file mode 100644 index 000000000000..70075adc84e3 --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx @@ -0,0 +1,108 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +#ifndef _SEINITIALIZERIMPL_HXX +#define _SEINITIALIZERIMPL_HXX + +#include <com/sun/star/xml/crypto/XXMLSecurityContext.hpp> +#ifndef _COM_SUN_STAR_XML_CRYPTO_SEINITIALIZER_HPP_ +#include <com/sun/star/xml/crypto/XSEInitializer.hpp> +#endif +#include <com/sun/star/lang/XUnoTunnel.hpp> +#include <com/sun/star/lang/XServiceInfo.hpp> +#include <com/sun/star/lang/XMultiServiceFactory.hpp> +#include <cppuhelper/implbase2.hxx> + +#include <libxml/tree.h> + +class SEInitializer_NssImpl : public cppu::WeakImplHelper2 +< + com::sun::star::xml::crypto::XSEInitializer, + com::sun::star::lang::XServiceInfo +> +/****** SEInitializer_NssImpl.hxx/CLASS SEInitializer_NssImpl *********** + * + * NAME + * SEInitializer_NssImpl -- Class to initialize a Security Context + * instance + * + * FUNCTION + * Use this class to initialize a XmlSec based Security Context + * instance. After this instance is used up, use this class to free this + * instance. + * + * HISTORY + * 05.01.2004 - Interface supported: XSEInitializer, XSEInitializer + * + * AUTHOR + * Michael Mi + * Email: michael.mi@sun.com + ******************************************************************************/ +{ +private: + com::sun::star::uno::Reference< com::sun::star::lang::XMultiServiceFactory > mxMSF; + +public: + SEInitializer_NssImpl(const com::sun::star::uno::Reference< com::sun::star::lang::XMultiServiceFactory > &rxMSF); + virtual ~SEInitializer_NssImpl(); + + /* XSEInitializer */ + virtual com::sun::star::uno::Reference< + com::sun::star::xml::crypto::XXMLSecurityContext > + SAL_CALL createSecurityContext( const rtl::OUString& certDB ) + throw (com::sun::star::uno::RuntimeException); + + virtual void SAL_CALL freeSecurityContext( const com::sun::star::uno::Reference< + com::sun::star::xml::crypto::XXMLSecurityContext >& securityContext ) + throw (com::sun::star::uno::RuntimeException); + + /* XServiceInfo */ + virtual rtl::OUString SAL_CALL getImplementationName( ) + throw (com::sun::star::uno::RuntimeException); + + virtual sal_Bool SAL_CALL supportsService( const rtl::OUString& ServiceName ) + throw (com::sun::star::uno::RuntimeException); + + virtual com::sun::star::uno::Sequence< rtl::OUString > SAL_CALL getSupportedServiceNames( ) + throw (com::sun::star::uno::RuntimeException); +}; + +rtl::OUString SEInitializer_NssImpl_getImplementationName() + throw ( com::sun::star::uno::RuntimeException ); + +sal_Bool SAL_CALL SEInitializer_NssImpl_supportsService( const rtl::OUString& ServiceName ) + throw ( com::sun::star::uno::RuntimeException ); + +com::sun::star::uno::Sequence< rtl::OUString > SAL_CALL SEInitializer_NssImpl_getSupportedServiceNames( ) + throw ( com::sun::star::uno::RuntimeException ); + +com::sun::star::uno::Reference< com::sun::star::uno::XInterface > +SAL_CALL SEInitializer_NssImpl_createInstance( const com::sun::star::uno::Reference< com::sun::star::lang::XMultiServiceFactory > & rSMgr) + throw ( com::sun::star::uno::Exception ); + +#endif + diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx new file mode 100644 index 000000000000..287dce6408ef --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx @@ -0,0 +1,471 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +// MARKER(update_precomp.py): autogen include statement, do not remove +#include "precompiled_xmlsecurity.hxx" + + + +#include "nssrenam.h" +#include "nspr.h" +#include "nss.h" +#include "secder.h" + +//MM : added by MM +#include "hasht.h" +#include "secoid.h" +#include "pk11func.h" +//MM : end + + + +#include <sal/config.h> +#include <rtl/uuid.h> +#include "x509certificate_nssimpl.hxx" + +#ifndef _CERTIFICATEEXTENSION_NSSIMPL_HXX_ +#include "certificateextension_xmlsecimpl.hxx" +#endif + + +using namespace ::com::sun::star::uno ; +using namespace ::com::sun::star::security ; +using ::rtl::OUString ; + +using ::com::sun::star::security::XCertificate ; +using ::com::sun::star::util::DateTime ; + +X509Certificate_NssImpl :: X509Certificate_NssImpl() : + m_pCert( NULL ) +{ +} + +X509Certificate_NssImpl :: ~X509Certificate_NssImpl() { + if( m_pCert != NULL ) { + CERT_DestroyCertificate( m_pCert ) ; + } +} + +//Methods from XCertificate +sal_Int16 SAL_CALL X509Certificate_NssImpl :: getVersion() throw ( ::com::sun::star::uno::RuntimeException) { + if( m_pCert != NULL ) { + if( m_pCert->version.len > 0 ) { + return ( char )*( m_pCert->version.data ) ; + } else + return 0 ; + } else { + return -1 ; + } +} + +::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl :: getSerialNumber() throw ( ::com::sun::star::uno::RuntimeException) { + if( m_pCert != NULL && m_pCert->serialNumber.len > 0 ) { + Sequence< sal_Int8 > serial( m_pCert->serialNumber.len ) ; + for( unsigned int i = 0 ; i < m_pCert->serialNumber.len ; i ++ ) + serial[i] = *( m_pCert->serialNumber.data + i ) ; + + return serial ; + } else { + return ::com::sun::star::uno::Sequence< sal_Int8 >(); + } +} + +::rtl::OUString SAL_CALL X509Certificate_NssImpl :: getIssuerName() throw ( ::com::sun::star::uno::RuntimeException) { + if( m_pCert != NULL ) { + return OUString(m_pCert->issuerName , PL_strlen(m_pCert->issuerName) , RTL_TEXTENCODING_UTF8) ; + } else { + return OUString() ; + } +} + +::rtl::OUString SAL_CALL X509Certificate_NssImpl :: getSubjectName() throw ( ::com::sun::star::uno::RuntimeException) { + if( m_pCert != NULL ) { + return OUString(m_pCert->subjectName , PL_strlen(m_pCert->subjectName) , RTL_TEXTENCODING_UTF8); + } else { + return OUString() ; + } +} + +::com::sun::star::util::DateTime SAL_CALL X509Certificate_NssImpl :: getNotValidBefore() throw ( ::com::sun::star::uno::RuntimeException) { + if( m_pCert != NULL ) { + SECStatus rv ; + PRTime notBefore ; + PRExplodedTime explTime ; + DateTime dateTime ; + + rv = DER_DecodeTimeChoice( ¬Before, &m_pCert->validity.notBefore ) ; + if( rv ) { + return DateTime() ; + } + + //Convert the time to readable local time + PR_ExplodeTime( notBefore, PR_LocalTimeParameters, &explTime ) ; + + dateTime.HundredthSeconds = explTime.tm_usec / 1000 ; + dateTime.Seconds = explTime.tm_sec ; + dateTime.Minutes = explTime.tm_min ; + dateTime.Hours = explTime.tm_hour ; + dateTime.Day = explTime.tm_mday ; + dateTime.Month = explTime.tm_month+1 ; + dateTime.Year = explTime.tm_year ; + + return dateTime ; + } else { + return DateTime() ; + } +} + +::com::sun::star::util::DateTime SAL_CALL X509Certificate_NssImpl :: getNotValidAfter() throw ( ::com::sun::star::uno::RuntimeException) { + if( m_pCert != NULL ) { + SECStatus rv ; + PRTime notAfter ; + PRExplodedTime explTime ; + DateTime dateTime ; + + rv = DER_DecodeTimeChoice( ¬After, &m_pCert->validity.notAfter ) ; + if( rv ) { + return DateTime() ; + } + + //Convert the time to readable local time + PR_ExplodeTime( notAfter, PR_LocalTimeParameters, &explTime ) ; + + dateTime.HundredthSeconds = explTime.tm_usec / 1000 ; + dateTime.Seconds = explTime.tm_sec ; + dateTime.Minutes = explTime.tm_min ; + dateTime.Hours = explTime.tm_hour ; + dateTime.Day = explTime.tm_mday ; + dateTime.Month = explTime.tm_month+1 ; + dateTime.Year = explTime.tm_year ; + + return dateTime ; + } else { + return DateTime() ; + } +} + +::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl :: getIssuerUniqueID() throw ( ::com::sun::star::uno::RuntimeException) { + if( m_pCert != NULL && m_pCert->issuerID.len > 0 ) { + Sequence< sal_Int8 > issuerUid( m_pCert->issuerID.len ) ; + for( unsigned int i = 0 ; i < m_pCert->issuerID.len ; i ++ ) + issuerUid[i] = *( m_pCert->issuerID.data + i ) ; + + return issuerUid ; + } else { + return ::com::sun::star::uno::Sequence< sal_Int8 >(); + } +} + +::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl :: getSubjectUniqueID() throw ( ::com::sun::star::uno::RuntimeException) { + if( m_pCert != NULL && m_pCert->subjectID.len > 0 ) { + Sequence< sal_Int8 > subjectUid( m_pCert->subjectID.len ) ; + for( unsigned int i = 0 ; i < m_pCert->subjectID.len ; i ++ ) + subjectUid[i] = *( m_pCert->subjectID.data + i ) ; + + return subjectUid ; + } else { + return ::com::sun::star::uno::Sequence< sal_Int8 >(); + } +} + +::com::sun::star::uno::Sequence< ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificateExtension > > SAL_CALL X509Certificate_NssImpl :: getExtensions() throw ( ::com::sun::star::uno::RuntimeException) { + if( m_pCert != NULL && m_pCert->extensions != NULL ) { + CERTCertExtension** extns ; + CertificateExtension_XmlSecImpl* pExtn ; + sal_Bool crit ; + int len ; + + for( len = 0, extns = m_pCert->extensions; *extns != NULL; len ++, extns ++ ) ; + Sequence< Reference< XCertificateExtension > > xExtns( len ) ; + + for( extns = m_pCert->extensions, len = 0; *extns != NULL; extns ++, len ++ ) { + pExtn = new CertificateExtension_XmlSecImpl() ; + if( (*extns)->critical.data == NULL ) + crit = sal_False ; + else + crit = ( (*extns)->critical.data[0] == 0xFF ) ? sal_True : sal_False ; + pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (*extns)->id.data, (*extns)->id.len, crit ) ; + + xExtns[len] = pExtn ; + } + + return xExtns ; + } else { + return ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificateExtension > > (); + } +} + +::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificateExtension > SAL_CALL X509Certificate_NssImpl :: findCertificateExtension( const ::com::sun::star::uno::Sequence< sal_Int8 >& oid ) throw (::com::sun::star::uno::RuntimeException) { + if( m_pCert != NULL && m_pCert->extensions != NULL ) { + CertificateExtension_XmlSecImpl* pExtn ; + CERTCertExtension** extns ; + SECItem idItem ; + sal_Bool crit ; + + idItem.data = ( unsigned char* )&oid[0] ; + idItem.len = oid.getLength() ; + + pExtn = NULL ; + for( extns = m_pCert->extensions; *extns != NULL; extns ++ ) { + if( SECITEM_CompareItem( &idItem, &(*extns)->id ) == SECEqual ) { + pExtn = new CertificateExtension_XmlSecImpl() ; + if( (*extns)->critical.data == NULL ) + crit = sal_False ; + else + crit = ( (*extns)->critical.data[0] == 0xFF ) ? sal_True : sal_False ; + pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (*extns)->id.data, (*extns)->id.len, crit ) ; + } + } + + return pExtn ; + } else { + return NULL ; + } +} + + +::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl :: getEncoded() throw ( ::com::sun::star::uno::RuntimeException) { + if( m_pCert != NULL && m_pCert->derCert.len > 0 ) { + Sequence< sal_Int8 > rawCert( m_pCert->derCert.len ) ; + + for( unsigned int i = 0 ; i < m_pCert->derCert.len ; i ++ ) + rawCert[i] = *( m_pCert->derCert.data + i ) ; + + return rawCert ; + } else { + return ::com::sun::star::uno::Sequence< sal_Int8 >(); + } +} + +//Helper methods +void X509Certificate_NssImpl :: setCert( CERTCertificate* cert ) { + if( m_pCert != NULL ) { + CERT_DestroyCertificate( m_pCert ) ; + m_pCert = NULL ; + } + + if( cert != NULL ) { + m_pCert = CERT_DupCertificate( cert ) ; + } +} + +const CERTCertificate* X509Certificate_NssImpl :: getNssCert() const { + if( m_pCert != NULL ) { + return m_pCert ; + } else { + return NULL ; + } +} + +void X509Certificate_NssImpl :: setRawCert( Sequence< sal_Int8 > rawCert ) throw ( ::com::sun::star::uno::RuntimeException) { + CERTCertificate* cert ; + SECItem certItem ; + + certItem.data = ( unsigned char* )&rawCert[0] ; + certItem.len = rawCert.getLength() ; + + cert = CERT_DecodeDERCertificate( &certItem, PR_TRUE, NULL ) ; + if( cert == NULL ) + throw RuntimeException() ; + + if( m_pCert != NULL ) { + CERT_DestroyCertificate( m_pCert ) ; + m_pCert = NULL ; + } + + m_pCert = cert ; +} + +/* XUnoTunnel */ +sal_Int64 SAL_CALL X509Certificate_NssImpl :: getSomething( const Sequence< sal_Int8 >& aIdentifier ) throw( RuntimeException ) { + if( aIdentifier.getLength() == 16 && 0 == rtl_compareMemory( getUnoTunnelId().getConstArray(), aIdentifier.getConstArray(), 16 ) ) { + return sal::static_int_cast<sal_Int64>(reinterpret_cast<sal_uIntPtr>(this)); + } + return 0 ; +} + +/* XUnoTunnel extension */ +const Sequence< sal_Int8>& X509Certificate_NssImpl :: getUnoTunnelId() { + static Sequence< sal_Int8 >* pSeq = 0 ; + if( !pSeq ) { + ::osl::Guard< ::osl::Mutex > aGuard( ::osl::Mutex::getGlobalMutex() ) ; + if( !pSeq ) { + static Sequence< sal_Int8> aSeq( 16 ) ; + rtl_createUuid( ( sal_uInt8* )aSeq.getArray() , 0 , sal_True ) ; + pSeq = &aSeq ; + } + } + return *pSeq ; +} + +/* XUnoTunnel extension */ +X509Certificate_NssImpl* X509Certificate_NssImpl :: getImplementation( const Reference< XInterface > xObj ) { + Reference< XUnoTunnel > xUT( xObj , UNO_QUERY ) ; + if( xUT.is() ) { + return reinterpret_cast<X509Certificate_NssImpl*>( + sal::static_int_cast<sal_uIntPtr>(xUT->getSomething( getUnoTunnelId() ))); + } else + return NULL ; +} + +// MM : added by MM +::rtl::OUString getAlgorithmDescription(SECAlgorithmID *aid) +{ + SECOidTag tag; + tag = SECOID_GetAlgorithmTag(aid); + + const char *pDesc = SECOID_FindOIDTagDescription(tag); + + return rtl::OUString::createFromAscii( pDesc ) ; +} + +::com::sun::star::uno::Sequence< sal_Int8 > getThumbprint(CERTCertificate *pCert, SECOidTag id) +{ + if( pCert != NULL ) + { + unsigned char fingerprint[20]; + //char *fpStr = NULL; + SECItem fpItem; + int length = ((id == SEC_OID_MD5)?MD5_LENGTH:SHA1_LENGTH); + + memset(fingerprint, 0, sizeof fingerprint); + PK11_HashBuf(id, fingerprint, pCert->derCert.data, pCert->derCert.len); + fpItem.data = fingerprint; + fpItem.len = length; + //fpStr = CERT_Hexify(&fpItem, 1); + + Sequence< sal_Int8 > thumbprint( length ) ; + for( int i = 0 ; i < length ; i ++ ) + { + thumbprint[i] = fingerprint[i]; + } + + //PORT_Free(fpStr); + return thumbprint; + } + else + { + return ::com::sun::star::uno::Sequence< sal_Int8 >(); + } +} + +::rtl::OUString SAL_CALL X509Certificate_NssImpl::getSubjectPublicKeyAlgorithm() + throw ( ::com::sun::star::uno::RuntimeException) +{ + if( m_pCert != NULL ) + { + return getAlgorithmDescription(&(m_pCert->subjectPublicKeyInfo.algorithm)); + } + else + { + return OUString() ; + } +} + +::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getSubjectPublicKeyValue() + throw ( ::com::sun::star::uno::RuntimeException) +{ + if( m_pCert != NULL ) + { + SECItem spk = m_pCert->subjectPublicKeyInfo.subjectPublicKey; + DER_ConvertBitString(&spk); + + if ( spk.len>0) + { + Sequence< sal_Int8 > key( spk.len ) ; + for( unsigned int i = 0 ; i < spk.len ; i ++ ) + { + key[i] = *( spk.data + i ) ; + } + + return key ; + } + } + + return ::com::sun::star::uno::Sequence< sal_Int8 >(); +} + +::rtl::OUString SAL_CALL X509Certificate_NssImpl::getSignatureAlgorithm() + throw ( ::com::sun::star::uno::RuntimeException) +{ + if( m_pCert != NULL ) + { + return getAlgorithmDescription(&(m_pCert->signature)); + } + else + { + return OUString() ; + } +} + +::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getSHA1Thumbprint() + throw ( ::com::sun::star::uno::RuntimeException) +{ + return getThumbprint(m_pCert, SEC_OID_SHA1); +} + +::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getMD5Thumbprint() + throw ( ::com::sun::star::uno::RuntimeException) +{ + return getThumbprint(m_pCert, SEC_OID_MD5); +} + +sal_Int32 SAL_CALL X509Certificate_NssImpl::getCertificateUsage( ) + throw ( ::com::sun::star::uno::RuntimeException) +{ + SECStatus rv; + SECItem tmpitem; + sal_Int32 usage; + + rv = CERT_FindKeyUsageExtension(m_pCert, &tmpitem); + if ( rv == SECSuccess ) + { + usage = tmpitem.data[0]; + PORT_Free(tmpitem.data); + tmpitem.data = NULL; + } + else + { + usage = KU_ALL; + } + + /* + * to make the nss implementation compatible with MSCrypto, + * the following usage is ignored + * + * + if ( CERT_GovtApprovedBitSet(m_pCert) ) + { + usage |= KU_NS_GOVT_APPROVED; + } + */ + + return usage; +} + +// MM : end + diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx new file mode 100644 index 000000000000..c486cb4a9e8c --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx @@ -0,0 +1,108 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +#ifndef _X509CERTIFICATE_NSSIMPL_HXX_ +#define _X509CERTIFICATE_NSSIMPL_HXX_ + +#include <sal/config.h> +#include <rtl/ustring.hxx> +#include <cppuhelper/factory.hxx> +#include <cppuhelper/implbase2.hxx> +#include <com/sun/star/uno/Exception.hpp> +#include <com/sun/star/lang/XUnoTunnel.hpp> +#include "com/sun/star/uno/SecurityException.hpp" +#include <com/sun/star/security/XCertificate.hpp> + +#include "cert.h" + +class X509Certificate_NssImpl : public ::cppu::WeakImplHelper2< + ::com::sun::star::security::XCertificate , + ::com::sun::star::lang::XUnoTunnel > +{ + private : + CERTCertificate* m_pCert ; + + public : + X509Certificate_NssImpl() ; + virtual ~X509Certificate_NssImpl() ; + + //Methods from XCertificate + virtual sal_Int16 SAL_CALL getVersion( ) throw ( ::com::sun::star::uno::RuntimeException) ; + + virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getSerialNumber( ) throw ( ::com::sun::star::uno::RuntimeException) ; + + virtual ::rtl::OUString SAL_CALL getIssuerName( ) throw ( ::com::sun::star::uno::RuntimeException) ; + + virtual ::rtl::OUString SAL_CALL getSubjectName( ) throw ( ::com::sun::star::uno::RuntimeException) ; + + virtual ::com::sun::star::util::DateTime SAL_CALL getNotValidBefore( ) throw ( ::com::sun::star::uno::RuntimeException) ; + + virtual ::com::sun::star::util::DateTime SAL_CALL getNotValidAfter( ) throw ( ::com::sun::star::uno::RuntimeException) ; + + virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getIssuerUniqueID( ) throw ( ::com::sun::star::uno::RuntimeException) ; + + virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getSubjectUniqueID( ) throw ( ::com::sun::star::uno::RuntimeException) ; + + virtual ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificateExtension > > SAL_CALL getExtensions( ) throw ( ::com::sun::star::uno::RuntimeException) ; + + virtual ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificateExtension > SAL_CALL findCertificateExtension( const ::com::sun::star::uno::Sequence< sal_Int8 >& oid ) throw (::com::sun::star::uno::RuntimeException) ; + + virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getEncoded( ) throw ( ::com::sun::star::uno::RuntimeException) ; + + // MM : added by MM + virtual ::rtl::OUString SAL_CALL getSubjectPublicKeyAlgorithm() + throw ( ::com::sun::star::uno::RuntimeException) ; + + virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getSubjectPublicKeyValue() + throw ( ::com::sun::star::uno::RuntimeException) ; + + virtual ::rtl::OUString SAL_CALL getSignatureAlgorithm() + throw ( ::com::sun::star::uno::RuntimeException) ; + + virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getSHA1Thumbprint() + throw ( ::com::sun::star::uno::RuntimeException) ; + + virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getMD5Thumbprint() + throw ( ::com::sun::star::uno::RuntimeException) ; + + virtual sal_Int32 SAL_CALL getCertificateUsage( ) throw ( ::com::sun::star::uno::RuntimeException) ; + // MM : end + + //Methods from XUnoTunnel + virtual sal_Int64 SAL_CALL getSomething( const ::com::sun::star::uno::Sequence< sal_Int8 >& aIdentifier ) throw (com::sun::star::uno::RuntimeException); + + static const ::com::sun::star::uno::Sequence< sal_Int8 >& getUnoTunnelId() ; + static X509Certificate_NssImpl* getImplementation( const ::com::sun::star::uno::Reference< ::com::sun::star::uno::XInterface > xObj ) ; + + //Helper methods + void setCert( CERTCertificate* cert ) ; + const CERTCertificate* getNssCert() const ; + void setRawCert( ::com::sun::star::uno::Sequence< sal_Int8 > rawCert ) throw ( ::com::sun::star::uno::RuntimeException) ; +} ; + +#endif // _X509CERTIFICATE_NSSIMPL_HXX_ + diff --git a/xmlsecurity/source/xmlsec/nss/xmlencryption_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/xmlencryption_nssimpl.cxx new file mode 100644 index 000000000000..65da3caaf174 --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/xmlencryption_nssimpl.cxx @@ -0,0 +1,426 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +// MARKER(update_precomp.py): autogen include statement, do not remove +#include "precompiled_xmlsecurity.hxx" +#include <sal/config.h> +#include <rtl/uuid.h> +#include "xmlencryption_nssimpl.hxx" + +#ifndef _XMLDOCUMENTWRAPPER_XMLSECIMPL_HXX_ +#include "xmldocumentwrapper_xmlsecimpl.hxx" +#endif + +#ifndef _XMLELEMENTWRAPPER_XMLSECIMPL_HXX_ +#include "xmlelementwrapper_xmlsecimpl.hxx" +#endif + +#ifndef _SECURITYENVIRONMENT_NSSIMPL_HXX_ +#include "securityenvironment_nssimpl.hxx" +#endif +#include "errorcallback.hxx" + +#include <sal/types.h> +//For reasons that escape me, this is what xmlsec does when size_t is not 4 +#if SAL_TYPES_SIZEOFPOINTER != 4 +# define XMLSEC_NO_SIZE_T +#endif +#include "xmlsec/xmlsec.h" +#include "xmlsec/xmltree.h" +#include "xmlsec/xmlenc.h" +#include "xmlsec/crypto.h" + +#ifdef UNX +#define stricmp strcasecmp +#endif + +using namespace ::com::sun::star::uno ; +using namespace ::com::sun::star::lang ; +using ::com::sun::star::lang::XMultiServiceFactory ; +using ::com::sun::star::lang::XSingleServiceFactory ; +using ::rtl::OUString ; + +using ::com::sun::star::xml::wrapper::XXMLElementWrapper ; +using ::com::sun::star::xml::wrapper::XXMLDocumentWrapper ; +using ::com::sun::star::xml::crypto::XSecurityEnvironment ; +using ::com::sun::star::xml::crypto::XXMLEncryption ; +using ::com::sun::star::xml::crypto::XXMLEncryptionTemplate ; +using ::com::sun::star::xml::crypto::XXMLSecurityContext ; +using ::com::sun::star::xml::crypto::XSecurityEnvironment ; +using ::com::sun::star::xml::crypto::XMLEncryptionException ; + +XMLEncryption_NssImpl :: XMLEncryption_NssImpl( const Reference< XMultiServiceFactory >& aFactory ) : m_xServiceManager( aFactory ) { +} + +XMLEncryption_NssImpl :: ~XMLEncryption_NssImpl() { +} + +/* XXMLEncryption */ +Reference< XXMLEncryptionTemplate > +SAL_CALL XMLEncryption_NssImpl :: encrypt( + const Reference< XXMLEncryptionTemplate >& aTemplate , + const Reference< XSecurityEnvironment >& aEnvironment +) throw( com::sun::star::xml::crypto::XMLEncryptionException, + com::sun::star::uno::SecurityException ) +{ + xmlSecKeysMngrPtr pMngr = NULL ; + xmlSecEncCtxPtr pEncCtx = NULL ; + xmlNodePtr pEncryptedData = NULL ; + xmlNodePtr pContent = NULL ; + + if( !aTemplate.is() ) + throw RuntimeException() ; + + if( !aEnvironment.is() ) + throw RuntimeException() ; + + //Get Keys Manager + Reference< XUnoTunnel > xSecTunnel( aEnvironment , UNO_QUERY ) ; + if( !xSecTunnel.is() ) { + throw RuntimeException() ; + } + +#if 0 + XMLSecurityContext_NssImpl* pSecCtxt = ( XMLSecurityContext_NssImpl* )xSecTunnel->getSomething( XMLSecurityContext_NssImpl::getUnoTunnelId() ) ; + if( pSecCtxt == NULL ) + throw RuntimeException() ; +#endif + + SecurityEnvironment_NssImpl* pSecEnv = + reinterpret_cast<SecurityEnvironment_NssImpl*>( + sal::static_int_cast<sal_uIntPtr>(xSecTunnel->getSomething( SecurityEnvironment_NssImpl::getUnoTunnelId() ))) ; + if( pSecEnv == NULL ) + throw RuntimeException() ; + + //Get the encryption template + Reference< XXMLElementWrapper > xTemplate = aTemplate->getTemplate() ; + if( !xTemplate.is() ) { + throw RuntimeException() ; + } + + Reference< XUnoTunnel > xTplTunnel( xTemplate , UNO_QUERY ) ; + if( !xTplTunnel.is() ) { + throw RuntimeException() ; + } + + XMLElementWrapper_XmlSecImpl* pTemplate = + reinterpret_cast<XMLElementWrapper_XmlSecImpl*>( + sal::static_int_cast<sal_uIntPtr>( + xTplTunnel->getSomething( XMLElementWrapper_XmlSecImpl::getUnoTunnelImplementationId() ))); + if( pTemplate == NULL ) { + throw RuntimeException() ; + } + + //MM : Get the element to be encrypted + Reference< XXMLElementWrapper > xTarget = aTemplate->getTarget() ; + if( !xTarget.is() ) { + throw XMLEncryptionException() ; + } + + Reference< XUnoTunnel > xTgtTunnel( xTarget , UNO_QUERY ) ; + if( !xTgtTunnel.is() ) { + throw XMLEncryptionException() ; + } + + XMLElementWrapper_XmlSecImpl* pTarget = + reinterpret_cast<XMLElementWrapper_XmlSecImpl*>( + sal::static_int_cast<sal_uIntPtr>( + xTgtTunnel->getSomething( XMLElementWrapper_XmlSecImpl::getUnoTunnelImplementationId() ))); + if( pTarget == NULL ) { + throw RuntimeException() ; + } + + pContent = pTarget->getNativeElement() ; + //MM : end + + if( pContent == NULL ) { + throw XMLEncryptionException() ; + } + + /* MM : remove the following 2 lines + xmlUnlinkNode(pContent); + xmlAddNextSibling(pEncryptedData, pContent); + */ + + //remember the position of the element to be signed + sal_Bool isParentRef = sal_True; + xmlNodePtr pParent = pEncryptedData->parent; + xmlNodePtr referenceNode; + + if (pEncryptedData == pParent->children) + { + referenceNode = pParent; + } + else + { + referenceNode = pEncryptedData->prev; + isParentRef = sal_False; + } + + setErrorRecorder( ); + + pMngr = pSecEnv->createKeysManager() ; //i39448 + if( !pMngr ) { + throw RuntimeException() ; + } + + //Create Encryption context + pEncCtx = xmlSecEncCtxCreate( pMngr ) ; + if( pEncCtx == NULL ) + { + pSecEnv->destroyKeysManager( pMngr ) ; //i39448 + //throw XMLEncryptionException() ; + clearErrorRecorder(); + return aTemplate; + } + + pEncryptedData = pTemplate->getNativeElement() ; + + //Find the element to be encrypted. + /* MM : remove the old method to get the target element + //This element is wrapped in the CipherValue sub-element. + xmlNodePtr pCipherData = pEncryptedData->children; + while (pCipherData != NULL && stricmp((const char *)(pCipherData->name), "CipherData")) + { + pCipherData = pCipherData->next; + } + + if( pCipherData == NULL ) { + xmlSecEncCtxDestroy( pEncCtx ) ; + throw XMLEncryptionException() ; + } + + xmlNodePtr pCipherValue = pCipherData->children; + while (pCipherValue != NULL && stricmp((const char *)(pCipherValue->name), "CipherValue")) + { + pCipherValue = pCipherValue->next; + } + + if( pCipherValue == NULL ) { + xmlSecEncCtxDestroy( pEncCtx ) ; + throw XMLEncryptionException() ; + } + + pContent = pCipherValue->children; + */ + + //Encrypt the template + if( xmlSecEncCtxXmlEncrypt( pEncCtx , pEncryptedData , pContent ) < 0 ) + { + xmlSecEncCtxDestroy( pEncCtx ) ; + pSecEnv->destroyKeysManager( pMngr ) ; //i39448 + + //throw XMLEncryptionException() ; + clearErrorRecorder(); + return aTemplate; + } + + xmlSecEncCtxDestroy( pEncCtx ) ; + pSecEnv->destroyKeysManager( pMngr ) ; //i39448 + + //get the new EncryptedData element + if (isParentRef) + { + pTemplate->setNativeElement(referenceNode->children) ; + } + else + { + pTemplate->setNativeElement(referenceNode->next); + } + + return aTemplate ; +} + +/* XXMLEncryption */ +Reference< XXMLEncryptionTemplate > +SAL_CALL XMLEncryption_NssImpl :: decrypt( + const Reference< XXMLEncryptionTemplate >& aTemplate , + const Reference< XXMLSecurityContext >& aSecurityCtx +) throw( com::sun::star::xml::crypto::XMLEncryptionException , + com::sun::star::uno::SecurityException) { + xmlSecKeysMngrPtr pMngr = NULL ; + xmlSecEncCtxPtr pEncCtx = NULL ; + xmlNodePtr pEncryptedData = NULL ; + + if( !aTemplate.is() ) + throw RuntimeException() ; + + if( !aSecurityCtx.is() ) + throw RuntimeException() ; + + //Get the encryption template + Reference< XXMLElementWrapper > xTemplate = aTemplate->getTemplate() ; + if( !xTemplate.is() ) { + throw RuntimeException() ; + } + + Reference< XUnoTunnel > xTplTunnel( xTemplate , UNO_QUERY ) ; + if( !xTplTunnel.is() ) { + throw RuntimeException() ; + } + + XMLElementWrapper_XmlSecImpl* pTemplate = + reinterpret_cast<XMLElementWrapper_XmlSecImpl*>( + sal::static_int_cast<sal_uIntPtr>( + xTplTunnel->getSomething( XMLElementWrapper_XmlSecImpl::getUnoTunnelImplementationId() ))); + if( pTemplate == NULL ) { + throw RuntimeException() ; + } + + pEncryptedData = pTemplate->getNativeElement() ; + + //remember the position of the element to be signed + sal_Bool isParentRef = sal_True; + xmlNodePtr pParent = pEncryptedData->parent; + xmlNodePtr referenceNode; + + if (pEncryptedData == pParent->children) + { + referenceNode = pParent; + } + else + { + referenceNode = pEncryptedData->prev; + isParentRef = sal_False; + } + + setErrorRecorder( ); + + sal_Int32 nSecurityEnvironment = aSecurityCtx->getSecurityEnvironmentNumber(); + sal_Int32 i; + + for (i=0; i<nSecurityEnvironment; ++i) + { + Reference< XSecurityEnvironment > aEnvironment = aSecurityCtx->getSecurityEnvironmentByIndex(i); + + //Get Keys Manager + Reference< XUnoTunnel > xSecTunnel( aEnvironment , UNO_QUERY ) ; + if( !aEnvironment.is() ) { + throw RuntimeException() ; + } + + SecurityEnvironment_NssImpl* pSecEnv = + reinterpret_cast<SecurityEnvironment_NssImpl*>( + sal::static_int_cast<sal_uIntPtr>( + xSecTunnel->getSomething( SecurityEnvironment_NssImpl::getUnoTunnelId() ))); + if( pSecEnv == NULL ) + throw RuntimeException() ; + + pMngr = pSecEnv->createKeysManager() ; //i39448 + if( !pMngr ) { + throw RuntimeException() ; + } + + //Create Encryption context + pEncCtx = xmlSecEncCtxCreate( pMngr ) ; + if( pEncCtx == NULL ) + { + pSecEnv->destroyKeysManager( pMngr ) ; //i39448 + //throw XMLEncryptionException() ; + clearErrorRecorder(); + return aTemplate; + } + + //Decrypt the template + if(!( xmlSecEncCtxDecrypt( pEncCtx , pEncryptedData ) < 0 || pEncCtx->result == NULL )) + { + //The decryption succeeds + + //Destroy the encryption context + xmlSecEncCtxDestroy( pEncCtx ) ; + pSecEnv->destroyKeysManager( pMngr ) ; //i39448 + + //get the decrypted element + XMLElementWrapper_XmlSecImpl * ret = new XMLElementWrapper_XmlSecImpl(isParentRef? + (referenceNode->children):(referenceNode->next)); + + //return ret; + aTemplate->setTemplate(ret); + break; + } + else + { + //The decryption fails, continue with the next security environment + xmlSecEncCtxDestroy( pEncCtx ) ; + pSecEnv->destroyKeysManager( pMngr ) ; //i39448 + } + } + + clearErrorRecorder(); + return aTemplate; +} + +/* XInitialization */ +void SAL_CALL XMLEncryption_NssImpl :: initialize( const Sequence< Any >& /*aArguments*/ ) throw( Exception, RuntimeException ) { + // TBD +} ; + +/* XServiceInfo */ +OUString SAL_CALL XMLEncryption_NssImpl :: getImplementationName() throw( RuntimeException ) { + return impl_getImplementationName() ; +} + +/* XServiceInfo */ +sal_Bool SAL_CALL XMLEncryption_NssImpl :: supportsService( const OUString& serviceName) throw( RuntimeException ) { + Sequence< OUString > seqServiceNames = getSupportedServiceNames() ; + const OUString* pArray = seqServiceNames.getConstArray() ; + for( sal_Int32 i = 0 ; i < seqServiceNames.getLength() ; i ++ ) { + if( *( pArray + i ) == serviceName ) + return sal_True ; + } + return sal_False ; +} + +/* XServiceInfo */ +Sequence< OUString > SAL_CALL XMLEncryption_NssImpl :: getSupportedServiceNames() throw( RuntimeException ) { + return impl_getSupportedServiceNames() ; +} + +//Helper for XServiceInfo +Sequence< OUString > XMLEncryption_NssImpl :: impl_getSupportedServiceNames() { + ::osl::Guard< ::osl::Mutex > aGuard( ::osl::Mutex::getGlobalMutex() ) ; + Sequence< OUString > seqServiceNames( 1 ) ; + seqServiceNames.getArray()[0] = OUString::createFromAscii( "com.sun.star.xml.crypto.XMLEncryption" ) ; + return seqServiceNames ; +} + +OUString XMLEncryption_NssImpl :: impl_getImplementationName() throw( RuntimeException ) { + return OUString::createFromAscii( "com.sun.star.xml.security.bridge.xmlsec.XMLEncryption_NssImpl" ) ; +} + +//Helper for registry +Reference< XInterface > SAL_CALL XMLEncryption_NssImpl :: impl_createInstance( const Reference< XMultiServiceFactory >& aServiceManager ) throw( RuntimeException ) { + return Reference< XInterface >( *new XMLEncryption_NssImpl( aServiceManager ) ) ; +} + +Reference< XSingleServiceFactory > XMLEncryption_NssImpl :: impl_createFactory( const Reference< XMultiServiceFactory >& aServiceManager ) { + //Reference< XSingleServiceFactory > xFactory ; + //xFactory = ::cppu::createSingleFactory( aServiceManager , impl_getImplementationName , impl_createInstance , impl_getSupportedServiceNames ) ; + //return xFactory ; + return ::cppu::createSingleFactory( aServiceManager , impl_getImplementationName() , impl_createInstance , impl_getSupportedServiceNames() ) ; +} + diff --git a/xmlsecurity/source/xmlsec/nss/xmlencryption_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/xmlencryption_nssimpl.hxx new file mode 100644 index 000000000000..42484532fcae --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/xmlencryption_nssimpl.hxx @@ -0,0 +1,102 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +#ifndef _XMLENCRYPTION_NSSIMPL_HXX_ +#define _XMLENCRYPTION_NSSIMPL_HXX_ + +#include <sal/config.h> +#include <rtl/ustring.hxx> +#include <cppuhelper/factory.hxx> +#include <cppuhelper/implbase3.hxx> +#include <com/sun/star/uno/Exception.hpp> + +#ifndef _COM_SUN_STAR_UNO_REFERENCE_HPP_ +#include <com/sun/star/uno/Reference.hxx> +#endif +#include <com/sun/star/lang/XSingleServiceFactory.hpp> + +#ifndef _COM_SUN_STAR_LANG_XSECVICEINFO_HPP_ +#include <com/sun/star/lang/XServiceInfo.hpp> +#endif +#include <com/sun/star/lang/XInitialization.hpp> +#include <com/sun/star/xml/crypto/XXMLEncryption.hpp> +#include <com/sun/star/xml/crypto/XXMLEncryptionTemplate.hpp> +#include <com/sun/star/xml/crypto/XXMLSecurityContext.hpp> + +class XMLEncryption_NssImpl : public ::cppu::WeakImplHelper3< + ::com::sun::star::xml::crypto::XXMLEncryption , + ::com::sun::star::lang::XInitialization , + ::com::sun::star::lang::XServiceInfo > +{ + private : + ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory > m_xServiceManager ; + + public : + XMLEncryption_NssImpl( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory >& aFactory ) ; + virtual ~XMLEncryption_NssImpl() ; + + //Methods from XXMLEncryption + virtual ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XXMLEncryptionTemplate > SAL_CALL encrypt( + const ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XXMLEncryptionTemplate >& aTemplate , + const ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XSecurityEnvironment >& aEnvironment) + // ) throw( ::com::sun::star::uno::Exception , ::com::sun::star::uno::RuntimeException ) ; + throw ( com::sun::star::xml::crypto::XMLEncryptionException , + com::sun::star::uno::SecurityException); + + virtual ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XXMLEncryptionTemplate > SAL_CALL decrypt( + const ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XXMLEncryptionTemplate >& aTemplate , + const ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XXMLSecurityContext >& aContext + ) throw( com::sun::star::xml::crypto::XMLEncryptionException , + com::sun::star::uno::SecurityException) ; + + //Methods from XInitialization + virtual void SAL_CALL initialize( + const ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Any >& aArguments + ) throw( ::com::sun::star::uno::Exception , ::com::sun::star::uno::RuntimeException ) ; + + //Methods from XServiceInfo + virtual ::rtl::OUString SAL_CALL getImplementationName() throw( ::com::sun::star::uno::RuntimeException ) ; + + virtual sal_Bool SAL_CALL supportsService( + const ::rtl::OUString& ServiceName + ) throw( ::com::sun::star::uno::RuntimeException ) ; + + virtual ::com::sun::star::uno::Sequence< ::rtl::OUString > SAL_CALL getSupportedServiceNames() throw( ::com::sun::star::uno::RuntimeException ) ; + + //Helper for XServiceInfo + static ::com::sun::star::uno::Sequence< ::rtl::OUString > impl_getSupportedServiceNames() ; + + static ::rtl::OUString impl_getImplementationName() throw( ::com::sun::star::uno::RuntimeException ) ; + + //Helper for registry + static ::com::sun::star::uno::Reference< ::com::sun::star::uno::XInterface > SAL_CALL impl_createInstance( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory >& aServiceManager ) throw( ::com::sun::star::uno::RuntimeException ) ; + + static ::com::sun::star::uno::Reference< ::com::sun::star::lang::XSingleServiceFactory > impl_createFactory( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory >& aServiceManager ) ; +} ; + +#endif // _XMLENCRYPTION_NSSIMPL_HXX_ + diff --git a/xmlsecurity/source/xmlsec/nss/xmlsecuritycontext_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/xmlsecuritycontext_nssimpl.cxx new file mode 100644 index 000000000000..ca881d0ee92b --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/xmlsecuritycontext_nssimpl.cxx @@ -0,0 +1,325 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +// MARKER(update_precomp.py): autogen include statement, do not remove +#include "precompiled_xmlsecurity.hxx" +#include <sal/config.h> +#include <rtl/uuid.h> +#include "securityenvironment_nssimpl.hxx" + +#ifndef _XMLSECURITYCONTEXT_NSSIMPL_HXX_ +#include "xmlsecuritycontext_nssimpl.hxx" +#endif +#include "xmlstreamio.hxx" + +#include <sal/types.h> +//For reasons that escape me, this is what xmlsec does when size_t is not 4 +#if SAL_TYPES_SIZEOFPOINTER != 4 +# define XMLSEC_NO_SIZE_T +#endif +#include "xmlsec/xmlsec.h" +#include "xmlsec/keysmngr.h" +#include "xmlsec/crypto.h" + +using namespace ::com::sun::star::uno ; +using namespace ::com::sun::star::lang ; +using ::com::sun::star::lang::XMultiServiceFactory ; +using ::com::sun::star::lang::XSingleServiceFactory ; +using ::rtl::OUString ; + +using ::com::sun::star::xml::crypto::XSecurityEnvironment ; +using ::com::sun::star::xml::crypto::XXMLSecurityContext ; + +XMLSecurityContext_NssImpl :: XMLSecurityContext_NssImpl( const Reference< XMultiServiceFactory >& aFactory ) + ://i39448 : m_pKeysMngr( NULL ) , + m_xServiceManager( aFactory ) , + m_nDefaultEnvIndex(-1) + //m_xSecurityEnvironment( NULL ) +{ + //Init xmlsec library + if( xmlSecInit() < 0 ) { + throw RuntimeException() ; + } + + //Init xmlsec crypto engine library + if( xmlSecCryptoInit() < 0 ) { + xmlSecShutdown() ; + throw RuntimeException() ; + } + + //Enable external stream handlers + if( xmlEnableStreamInputCallbacks() < 0 ) { + xmlSecCryptoShutdown() ; + xmlSecShutdown() ; + throw RuntimeException() ; + } +} + +XMLSecurityContext_NssImpl :: ~XMLSecurityContext_NssImpl() { +#if 0 //i39448 + if( m_pKeysMngr != NULL ) { + xmlSecKeysMngrDestroy( m_pKeysMngr ) ; + } +#endif + + xmlDisableStreamInputCallbacks() ; + xmlSecCryptoShutdown() ; + xmlSecShutdown() ; +} + +//i39448 : new methods +sal_Int32 SAL_CALL XMLSecurityContext_NssImpl::addSecurityEnvironment( + const ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XSecurityEnvironment >& aSecurityEnvironment) + throw (::com::sun::star::security::SecurityInfrastructureException, ::com::sun::star::uno::RuntimeException) +{ + if( !aSecurityEnvironment.is() ) + { + throw RuntimeException() ; + } + + m_vSecurityEnvironments.push_back( aSecurityEnvironment ); + + return m_vSecurityEnvironments.size() - 1 ; +} + + +sal_Int32 SAL_CALL XMLSecurityContext_NssImpl::getSecurityEnvironmentNumber( ) + throw (::com::sun::star::uno::RuntimeException) +{ + return m_vSecurityEnvironments.size(); +} + +::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XSecurityEnvironment > SAL_CALL + XMLSecurityContext_NssImpl::getSecurityEnvironmentByIndex( sal_Int32 index ) + throw (::com::sun::star::uno::RuntimeException) +{ + ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XSecurityEnvironment > xSecurityEnvironment; + + if (index >= 0 && index < ( sal_Int32 )m_vSecurityEnvironments.size()) + { + xSecurityEnvironment = m_vSecurityEnvironments[index]; + } + else + throw RuntimeException() ; + + return xSecurityEnvironment; +} + +::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XSecurityEnvironment > SAL_CALL + XMLSecurityContext_NssImpl::getSecurityEnvironment( ) + throw (::com::sun::star::uno::RuntimeException) +{ + if (m_nDefaultEnvIndex >= 0 && m_nDefaultEnvIndex < ( sal_Int32 )m_vSecurityEnvironments.size()) + return getSecurityEnvironmentByIndex(m_nDefaultEnvIndex); + else + throw RuntimeException() ; +} + +sal_Int32 SAL_CALL XMLSecurityContext_NssImpl::getDefaultSecurityEnvironmentIndex( ) + throw (::com::sun::star::uno::RuntimeException) +{ + return m_nDefaultEnvIndex ; +} + +void SAL_CALL XMLSecurityContext_NssImpl::setDefaultSecurityEnvironmentIndex( sal_Int32 nDefaultEnvIndex ) + throw (::com::sun::star::uno::RuntimeException) +{ + m_nDefaultEnvIndex = nDefaultEnvIndex; +} + +#if 0 //i39448 : old methods should be deleted +/* XXMLSecurityContext */ +void SAL_CALL XMLSecurityContext_NssImpl :: setSecurityEnvironment( const Reference< XSecurityEnvironment >& aSecurityEnvironment ) throw( com::sun::star::security::SecurityInfrastructureException ) { + PK11SlotInfo* slot ; + CERTCertDBHandle* handler ; + //xmlSecKeyPtr key ; + //xmlSecKeyDataPtr keyData ; + PK11SymKey* symKey ; + SECKEYPublicKey* pubKey ; + SECKEYPrivateKey* priKey ; + unsigned int i ; + + if( !aSecurityEnvironment.is() ) + throw RuntimeException() ; + + m_xSecurityEnvironment = aSecurityEnvironment ; + + //Clear key manager + if( m_pKeysMngr != NULL ) { + xmlSecKeysMngrDestroy( m_pKeysMngr ) ; + m_pKeysMngr = NULL ; + } + + //Create key manager + Reference< XUnoTunnel > xEnvTunnel( m_xSecurityEnvironment , UNO_QUERY ) ; + if( !xEnvTunnel.is() ) { + throw RuntimeException() ;^1 + } + + SecurityEnvironment_NssImpl* pSecEnv = ( SecurityEnvironment_NssImpl* )xEnvTunnel->getSomething( SecurityEnvironment_NssImpl::getUnoTunnelId() ) ; + if( pSecEnv == NULL ) + throw RuntimeException() ; + + //todo +// slot = pSecEnv->getCryptoSlot() ; + handler = pSecEnv->getCertDb() ; + + /*- + * The following lines is based on the private version of xmlSec-NSS + * crypto engine + */ + m_pKeysMngr = xmlSecNssAppliedKeysMngrCreate( slot , handler ) ; + if( m_pKeysMngr == NULL ) + throw RuntimeException() ; + + /*- + * Adopt symmetric key into keys manager + */ + for( i = 0 ; ( symKey = pSecEnv->getSymKey( i ) ) != NULL ; i ++ ) { + if( xmlSecNssAppliedKeysMngrSymKeyLoad( m_pKeysMngr, symKey ) < 0 ) { + throw RuntimeException() ; + } + } + + /*- + * Adopt asymmetric public key into keys manager + */ + for( i = 0 ; ( pubKey = pSecEnv->getPubKey( i ) ) != NULL ; i ++ ) { + if( xmlSecNssAppliedKeysMngrPubKeyLoad( m_pKeysMngr, pubKey ) < 0 ) { + throw RuntimeException() ; + } + } + + /*- + * Adopt asymmetric private key into keys manager + */ + for( i = 0 ; ( priKey = pSecEnv->getPriKey( i ) ) != NULL ; i ++ ) { + if( xmlSecNssAppliedKeysMngrPriKeyLoad( m_pKeysMngr, priKey ) < 0 ) { + throw RuntimeException() ; + } + } +} + +/* XXMLSecurityContext */ +Reference< XSecurityEnvironment > SAL_CALL XMLSecurityContext_NssImpl :: getSecurityEnvironment() + throw (RuntimeException) +{ + return m_xSecurityEnvironment ; +} +#endif + + +/* XInitialization */ +void SAL_CALL XMLSecurityContext_NssImpl :: initialize( const Sequence< Any >& /*aArguments*/ ) throw( Exception, RuntimeException ) { + // TBD +} ; + +/* XServiceInfo */ +OUString SAL_CALL XMLSecurityContext_NssImpl :: getImplementationName() throw( RuntimeException ) { + return impl_getImplementationName() ; +} + +/* XServiceInfo */ +sal_Bool SAL_CALL XMLSecurityContext_NssImpl :: supportsService( const OUString& serviceName) throw( RuntimeException ) { + Sequence< OUString > seqServiceNames = getSupportedServiceNames() ; + const OUString* pArray = seqServiceNames.getConstArray() ; + for( sal_Int32 i = 0 ; i < seqServiceNames.getLength() ; i ++ ) { + if( *( pArray + i ) == serviceName ) + return sal_True ; + } + return sal_False ; +} + +/* XServiceInfo */ +Sequence< OUString > SAL_CALL XMLSecurityContext_NssImpl :: getSupportedServiceNames() throw( RuntimeException ) { + return impl_getSupportedServiceNames() ; +} + +//Helper for XServiceInfo +Sequence< OUString > XMLSecurityContext_NssImpl :: impl_getSupportedServiceNames() { + ::osl::Guard< ::osl::Mutex > aGuard( ::osl::Mutex::getGlobalMutex() ) ; + Sequence< OUString > seqServiceNames( 1 ) ; + seqServiceNames.getArray()[0] = OUString::createFromAscii( "com.sun.star.xml.crypto.XMLSecurityContext" ) ; + return seqServiceNames ; +} + +OUString XMLSecurityContext_NssImpl :: impl_getImplementationName() throw( RuntimeException ) { + return OUString::createFromAscii( "com.sun.star.xml.security.bridge.xmlsec.XMLSecurityContext_NssImpl" ) ; +} + +//Helper for registry +Reference< XInterface > SAL_CALL XMLSecurityContext_NssImpl :: impl_createInstance( const Reference< XMultiServiceFactory >& aServiceManager ) throw( RuntimeException ) { + return Reference< XInterface >( *new XMLSecurityContext_NssImpl( aServiceManager ) ) ; +} + +Reference< XSingleServiceFactory > XMLSecurityContext_NssImpl :: impl_createFactory( const Reference< XMultiServiceFactory >& aServiceManager ) { + //Reference< XSingleServiceFactory > xFactory ; + //xFactory = ::cppu::createSingleFactory( aServiceManager , impl_getImplementationName , impl_createInstance , impl_getSupportedServiceNames ) ; + //return xFactory ; + return ::cppu::createSingleFactory( aServiceManager , impl_getImplementationName() , impl_createInstance , impl_getSupportedServiceNames() ) ; +} + +#if 0 //not useful any longer +/* XUnoTunnel */ +sal_Int64 SAL_CALL XMLSecurityContext_NssImpl :: getSomething( const Sequence< sal_Int8 >& aIdentifier ) +throw (RuntimeException) +{ + if( aIdentifier.getLength() == 16 && 0 == rtl_compareMemory( getUnoTunnelId().getConstArray(), aIdentifier.getConstArray(), 16 ) ) { + return ( sal_Int64 )this ; + } + return 0 ; +} + +/* XUnoTunnel extension */ +const Sequence< sal_Int8>& XMLSecurityContext_NssImpl :: getUnoTunnelId() { + static Sequence< sal_Int8 >* pSeq = 0 ; + if( !pSeq ) { + ::osl::Guard< ::osl::Mutex > aGuard( ::osl::Mutex::getGlobalMutex() ) ; + if( !pSeq ) { + static Sequence< sal_Int8> aSeq( 16 ) ; + rtl_createUuid( ( sal_uInt8* )aSeq.getArray() , 0 , sal_True ) ; + pSeq = &aSeq ; + } + } + return *pSeq ; +} + +/* XUnoTunnel extension */ +XMLSecurityContext_NssImpl* XMLSecurityContext_NssImpl :: getImplementation( const Reference< XInterface > xObj ) { + Reference< XUnoTunnel > xUT( xObj , UNO_QUERY ) ; + if( xUT.is() ) { + return ( XMLSecurityContext_NssImpl* )xUT->getSomething( getUnoTunnelId() ) ; + } else + return NULL ; +} + +/* Native methods */ +xmlSecKeysMngrPtr XMLSecurityContext_NssImpl :: keysManager() throw( Exception, RuntimeException ) { + return m_pKeysMngr ; +} + +#endif diff --git a/xmlsecurity/source/xmlsec/nss/xmlsecuritycontext_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/xmlsecuritycontext_nssimpl.hxx new file mode 100644 index 000000000000..b75f2d0c0c72 --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/xmlsecuritycontext_nssimpl.hxx @@ -0,0 +1,139 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +#ifndef _XMLSIGNATURECONTEXT_NSSIMPL_HXX_ +#define _XMLSIGNATURECONTEXT_NSSIMPL_HXX_ + +#include <sal/config.h> +#include <rtl/ustring.hxx> +#include <cppuhelper/factory.hxx> +#include <cppuhelper/implbase3.hxx> +#include <com/sun/star/uno/Exception.hpp> + +#ifndef _COM_SUN_STAR_UNO_REFERENCE_HPP_ +#include <com/sun/star/uno/Reference.hxx> +#endif +#include <com/sun/star/lang/XSingleServiceFactory.hpp> + +#ifndef _COM_SUN_STAR_LANG_XSECVICEINFO_HPP_ +#include <com/sun/star/lang/XServiceInfo.hpp> +#endif +#include <com/sun/star/lang/XInitialization.hpp> +#include <com/sun/star/lang/XUnoTunnel.hpp> +#include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp> +#include <com/sun/star/xml/crypto/XXMLSecurityContext.hpp> + +#ifndef INCLUDED_VECTOR +#include <vector> +#define INCLUDED_VECTOR +#endif + +class XMLSecurityContext_NssImpl : public ::cppu::WeakImplHelper3< + ::com::sun::star::xml::crypto::XXMLSecurityContext , + ::com::sun::star::lang::XInitialization , + ::com::sun::star::lang::XServiceInfo > +{ + private : + //xmlSecKeysMngrPtr m_pKeysMngr ; + //::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XSecurityEnvironment > m_xSecurityEnvironment ; + std::vector< ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XSecurityEnvironment > > m_vSecurityEnvironments; + + ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory > m_xServiceManager ; + + sal_Int32 m_nDefaultEnvIndex; + + public : + XMLSecurityContext_NssImpl( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory >& aFactory ) ; + virtual ~XMLSecurityContext_NssImpl() ; + + //Methods from XXMLSecurityContext + virtual sal_Int32 SAL_CALL addSecurityEnvironment( + const ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XSecurityEnvironment >& aSecurityEnvironment + ) throw (::com::sun::star::security::SecurityInfrastructureException, ::com::sun::star::uno::RuntimeException); + + virtual ::sal_Int32 SAL_CALL getSecurityEnvironmentNumber( ) + throw (::com::sun::star::uno::RuntimeException); + + virtual ::com::sun::star::uno::Reference< + ::com::sun::star::xml::crypto::XSecurityEnvironment > SAL_CALL + getSecurityEnvironmentByIndex( ::sal_Int32 index ) + throw (::com::sun::star::uno::RuntimeException); + + virtual ::com::sun::star::uno::Reference< + ::com::sun::star::xml::crypto::XSecurityEnvironment > SAL_CALL + getSecurityEnvironment( ) + throw (::com::sun::star::uno::RuntimeException); + + virtual ::sal_Int32 SAL_CALL getDefaultSecurityEnvironmentIndex( ) + throw (::com::sun::star::uno::RuntimeException); + + virtual void SAL_CALL setDefaultSecurityEnvironmentIndex( sal_Int32 nDefaultEnvIndex ) + throw (::com::sun::star::uno::RuntimeException); + + //Methods from XInitialization + virtual void SAL_CALL initialize( + const ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Any >& aArguments + ) throw( ::com::sun::star::uno::Exception , ::com::sun::star::uno::RuntimeException ) ; + + //Methods from XServiceInfo + virtual ::rtl::OUString SAL_CALL getImplementationName() throw( ::com::sun::star::uno::RuntimeException ) ; + + virtual sal_Bool SAL_CALL supportsService( + const ::rtl::OUString& ServiceName + ) throw( ::com::sun::star::uno::RuntimeException ) ; + + virtual ::com::sun::star::uno::Sequence< ::rtl::OUString > SAL_CALL getSupportedServiceNames() throw( ::com::sun::star::uno::RuntimeException ) ; + + //Helper for XServiceInfo + static ::com::sun::star::uno::Sequence< ::rtl::OUString > impl_getSupportedServiceNames() ; + + static ::rtl::OUString impl_getImplementationName() throw( ::com::sun::star::uno::RuntimeException ) ; + + //Helper for registry + static ::com::sun::star::uno::Reference< ::com::sun::star::uno::XInterface > SAL_CALL impl_createInstance( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory >& aServiceManager ) throw( ::com::sun::star::uno::RuntimeException ) ; + + static ::com::sun::star::uno::Reference< ::com::sun::star::lang::XSingleServiceFactory > impl_createFactory( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory >& aServiceManager ) ; + + /* + * Because of the issue of multi-securityenvironment, so the keyManager method is not useful any longer. + * + + //Methods from XUnoTunnel + virtual sal_Int64 SAL_CALL getSomething( const ::com::sun::star::uno::Sequence< sal_Int8 >& aIdentifier ) + throw (com::sun::star::uno::RuntimeException); + + static const ::com::sun::star::uno::Sequence< sal_Int8 >& getUnoTunnelId() ; + static XMLSecurityContext_NssImpl* getImplementation( const ::com::sun::star::uno::Reference< ::com::sun::star::uno::XInterface > xObj ) ; + + //Native mehtods + virtual xmlSecKeysMngrPtr keysManager() throw( ::com::sun::star::uno::Exception , ::com::sun::star::uno::RuntimeException ) ; + + */ +} ; + +#endif // _XMLSIGNATURECONTEXT_NSSIMPL_HXX_ + diff --git a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx new file mode 100644 index 000000000000..5f03b54580df --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx @@ -0,0 +1,354 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +// MARKER(update_precomp.py): autogen include statement, do not remove +#include "precompiled_xmlsecurity.hxx" +#include <sal/config.h> +#include <rtl/uuid.h> +#include "xmlsignature_nssimpl.hxx" + +#ifndef _XMLDOCUMENTWRAPPER_XMLSECIMPL_HXX_ +#include "xmldocumentwrapper_xmlsecimpl.hxx" +#endif + +#ifndef _XMLELEMENTWRAPPER_XMLSECIMPL_HXX_ +#include "xmlelementwrapper_xmlsecimpl.hxx" +#endif + +#ifndef _SECURITYENVIRONMENT_NSSIMPL_HXX_ +#include "securityenvironment_nssimpl.hxx" +#endif + +#ifndef _XMLSECURITYCONTEXT_NSSIMPL_HXX_ +#include "xmlsecuritycontext_nssimpl.hxx" +#endif +#include "xmlstreamio.hxx" +#include "errorcallback.hxx" + +#include <sal/types.h> +//For reasons that escape me, this is what xmlsec does when size_t is not 4 +#if SAL_TYPES_SIZEOFPOINTER != 4 +# define XMLSEC_NO_SIZE_T +#endif +#include "xmlsec/xmlsec.h" +#include "xmlsec/xmldsig.h" +#include "xmlsec/crypto.h" + +using namespace ::com::sun::star::uno ; +using namespace ::com::sun::star::lang ; +using ::com::sun::star::lang::XMultiServiceFactory ; +using ::com::sun::star::lang::XSingleServiceFactory ; +using ::rtl::OUString ; + +using ::com::sun::star::xml::wrapper::XXMLElementWrapper ; +using ::com::sun::star::xml::wrapper::XXMLDocumentWrapper ; +using ::com::sun::star::xml::crypto::XSecurityEnvironment ; +using ::com::sun::star::xml::crypto::XXMLSignature ; +using ::com::sun::star::xml::crypto::XXMLSignatureTemplate ; +using ::com::sun::star::xml::crypto::XSecurityEnvironment ; +using ::com::sun::star::xml::crypto::XXMLSecurityContext ; +using ::com::sun::star::xml::crypto::XUriBinding ; +using ::com::sun::star::xml::crypto::XMLSignatureException ; + +XMLSignature_NssImpl :: XMLSignature_NssImpl( const Reference< XMultiServiceFactory >& aFactory ) : m_xServiceManager( aFactory ) { +} + +XMLSignature_NssImpl :: ~XMLSignature_NssImpl() { +} + +/* XXMLSignature */ +Reference< XXMLSignatureTemplate > +SAL_CALL XMLSignature_NssImpl :: generate( + const Reference< XXMLSignatureTemplate >& aTemplate , + const Reference< XSecurityEnvironment >& aEnvironment +) throw( com::sun::star::xml::crypto::XMLSignatureException, + com::sun::star::uno::SecurityException ) +{ + xmlSecKeysMngrPtr pMngr = NULL ; + xmlSecDSigCtxPtr pDsigCtx = NULL ; + xmlNodePtr pNode = NULL ; + + if( !aTemplate.is() ) + throw RuntimeException() ; + + if( !aEnvironment.is() ) + throw RuntimeException() ; + + //Get the xml node + Reference< XXMLElementWrapper > xElement = aTemplate->getTemplate() ; + if( !xElement.is() ) { + throw RuntimeException() ; + } + + Reference< XUnoTunnel > xNodTunnel( xElement , UNO_QUERY ) ; + if( !xNodTunnel.is() ) { + throw RuntimeException() ; + } + + XMLElementWrapper_XmlSecImpl* pElement = + reinterpret_cast<XMLElementWrapper_XmlSecImpl*>( + sal::static_int_cast<sal_uIntPtr>( + xNodTunnel->getSomething( XMLElementWrapper_XmlSecImpl::getUnoTunnelImplementationId() ))); + if( pElement == NULL ) { + throw RuntimeException() ; + } + + pNode = pElement->getNativeElement() ; + + //Get the stream/URI binding + Reference< XUriBinding > xUriBinding = aTemplate->getBinding() ; + if( xUriBinding.is() ) { + //Register the stream input callbacks into libxml2 + if( xmlRegisterStreamInputCallbacks( xUriBinding ) < 0 ) + throw RuntimeException() ; + } + + //Get Keys Manager + Reference< XUnoTunnel > xSecTunnel( aEnvironment , UNO_QUERY ) ; + if( !xSecTunnel.is() ) { + throw RuntimeException() ; + } + +#if 0 //i39448 : the key manager should be retrieved from SecurityEnvironment, instead of SecurityContext + XMLSecurityContext_NssImpl* pSecCtxt = ( XMLSecurityContext_NssImpl* )xSecTunnel->getSomething( XMLSecurityContext_NssImpl::getUnoTunnelId() ) ; + if( pSecCtxt == NULL ) + throw RuntimeException() ; +#endif + + SecurityEnvironment_NssImpl* pSecEnv = + reinterpret_cast<SecurityEnvironment_NssImpl*>( + sal::static_int_cast<sal_uIntPtr>( + xSecTunnel->getSomething( SecurityEnvironment_NssImpl::getUnoTunnelId() ))); + if( pSecEnv == NULL ) + throw RuntimeException() ; + + setErrorRecorder(); + + pMngr = pSecEnv->createKeysManager() ; //i39448 + if( !pMngr ) { + throw RuntimeException() ; + } + + //Create Signature context + pDsigCtx = xmlSecDSigCtxCreate( pMngr ) ; + if( pDsigCtx == NULL ) + { + pSecEnv->destroyKeysManager( pMngr ) ; //i39448 + //throw XMLSignatureException() ; + clearErrorRecorder(); + return aTemplate; + } + + //Sign the template + if( xmlSecDSigCtxSign( pDsigCtx , pNode ) == 0 ) + { + if (pDsigCtx->status == xmlSecDSigStatusSucceeded) + aTemplate->setStatus(com::sun::star::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED); + else + aTemplate->setStatus(com::sun::star::xml::crypto::SecurityOperationStatus_UNKNOWN); + } + else + { + aTemplate->setStatus(com::sun::star::xml::crypto::SecurityOperationStatus_UNKNOWN); + } + + + xmlSecDSigCtxDestroy( pDsigCtx ) ; + pSecEnv->destroyKeysManager( pMngr ) ; //i39448 + + //Unregistered the stream/URI binding + if( xUriBinding.is() ) + xmlUnregisterStreamInputCallbacks() ; + + clearErrorRecorder(); + return aTemplate ; +} + +/* XXMLSignature */ +Reference< XXMLSignatureTemplate > +SAL_CALL XMLSignature_NssImpl :: validate( + const Reference< XXMLSignatureTemplate >& aTemplate , + const Reference< XXMLSecurityContext >& aSecurityCtx +) throw( com::sun::star::uno::RuntimeException, + com::sun::star::uno::SecurityException, + com::sun::star::xml::crypto::XMLSignatureException ) { + xmlSecKeysMngrPtr pMngr = NULL ; + xmlSecDSigCtxPtr pDsigCtx = NULL ; + xmlNodePtr pNode = NULL ; + //sal_Bool valid ; + + if( !aTemplate.is() ) + throw RuntimeException() ; + + if( !aSecurityCtx.is() ) + throw RuntimeException() ; + + //Get the xml node + Reference< XXMLElementWrapper > xElement = aTemplate->getTemplate() ; + if( !xElement.is() ) + throw RuntimeException() ; + + Reference< XUnoTunnel > xNodTunnel( xElement , UNO_QUERY ) ; + if( !xNodTunnel.is() ) { + throw RuntimeException() ; + } + + XMLElementWrapper_XmlSecImpl* pElement = + reinterpret_cast<XMLElementWrapper_XmlSecImpl*>( + sal::static_int_cast<sal_uIntPtr>( + xNodTunnel->getSomething( XMLElementWrapper_XmlSecImpl::getUnoTunnelImplementationId() ))); + if( pElement == NULL ) + throw RuntimeException() ; + + pNode = pElement->getNativeElement() ; + + //Get the stream/URI binding + Reference< XUriBinding > xUriBinding = aTemplate->getBinding() ; + if( xUriBinding.is() ) { + //Register the stream input callbacks into libxml2 + if( xmlRegisterStreamInputCallbacks( xUriBinding ) < 0 ) + throw RuntimeException() ; + } + + setErrorRecorder(); + + sal_Int32 nSecurityEnvironment = aSecurityCtx->getSecurityEnvironmentNumber(); + sal_Int32 i; + + for (i=0; i<nSecurityEnvironment; ++i) + { + Reference< XSecurityEnvironment > aEnvironment = aSecurityCtx->getSecurityEnvironmentByIndex(i); + + //Get Keys Manager + Reference< XUnoTunnel > xSecTunnel( aEnvironment , UNO_QUERY ) ; + if( !xSecTunnel.is() ) { + throw RuntimeException() ; + } + + SecurityEnvironment_NssImpl* pSecEnv = + reinterpret_cast<SecurityEnvironment_NssImpl*>( + sal::static_int_cast<sal_uIntPtr>( + xSecTunnel->getSomething( SecurityEnvironment_NssImpl::getUnoTunnelId() ))); + if( pSecEnv == NULL ) + throw RuntimeException() ; + + pMngr = pSecEnv->createKeysManager() ; //i39448 + if( !pMngr ) { + throw RuntimeException() ; + } + + //Create Signature context + pDsigCtx = xmlSecDSigCtxCreate( pMngr ) ; + if( pDsigCtx == NULL ) + { + pSecEnv->destroyKeysManager( pMngr ) ; //i39448 + //throw XMLSignatureException() ; + clearErrorRecorder(); + return aTemplate; + } + + //Verify signature + int rs = xmlSecDSigCtxVerify( pDsigCtx , pNode ); + + + if (rs == 0 && + pDsigCtx->status == xmlSecDSigStatusSucceeded) + { + aTemplate->setStatus(com::sun::star::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED); + xmlSecDSigCtxDestroy( pDsigCtx ) ; + pSecEnv->destroyKeysManager( pMngr ); + break; + } + else + { + aTemplate->setStatus(com::sun::star::xml::crypto::SecurityOperationStatus_UNKNOWN); + } + xmlSecDSigCtxDestroy( pDsigCtx ) ; + pSecEnv->destroyKeysManager( pMngr ); + } + + + + //Unregistered the stream/URI binding + if( xUriBinding.is() ) + xmlUnregisterStreamInputCallbacks() ; + + //return valid ; + clearErrorRecorder(); + return aTemplate; +} + +/* XInitialization */ +void SAL_CALL XMLSignature_NssImpl :: initialize( const Sequence< Any >& /*aArguments*/ ) throw( Exception, RuntimeException ) { + // TBD +} ; + +/* XServiceInfo */ +OUString SAL_CALL XMLSignature_NssImpl :: getImplementationName() throw( RuntimeException ) { + return impl_getImplementationName() ; +} + +/* XServiceInfo */ +sal_Bool SAL_CALL XMLSignature_NssImpl :: supportsService( const OUString& serviceName) throw( RuntimeException ) { + Sequence< OUString > seqServiceNames = getSupportedServiceNames() ; + const OUString* pArray = seqServiceNames.getConstArray() ; + for( sal_Int32 i = 0 ; i < seqServiceNames.getLength() ; i ++ ) { + if( *( pArray + i ) == serviceName ) + return sal_True ; + } + return sal_False ; +} + +/* XServiceInfo */ +Sequence< OUString > SAL_CALL XMLSignature_NssImpl :: getSupportedServiceNames() throw( RuntimeException ) { + return impl_getSupportedServiceNames() ; +} + +//Helper for XServiceInfo +Sequence< OUString > XMLSignature_NssImpl :: impl_getSupportedServiceNames() { + ::osl::Guard< ::osl::Mutex > aGuard( ::osl::Mutex::getGlobalMutex() ) ; + Sequence< OUString > seqServiceNames( 1 ) ; + seqServiceNames.getArray()[0] = OUString::createFromAscii( "com.sun.star.xml.crypto.XMLSignature" ) ; + return seqServiceNames ; +} + +OUString XMLSignature_NssImpl :: impl_getImplementationName() throw( RuntimeException ) { + return OUString::createFromAscii( "com.sun.star.xml.security.bridge.xmlsec.XMLSignature_NssImpl" ) ; +} + +//Helper for registry +Reference< XInterface > SAL_CALL XMLSignature_NssImpl :: impl_createInstance( const Reference< XMultiServiceFactory >& aServiceManager ) throw( RuntimeException ) { + return Reference< XInterface >( *new XMLSignature_NssImpl( aServiceManager ) ) ; +} + +Reference< XSingleServiceFactory > XMLSignature_NssImpl :: impl_createFactory( const Reference< XMultiServiceFactory >& aServiceManager ) { + //Reference< XSingleServiceFactory > xFactory ; + //xFactory = ::cppu::createSingleFactory( aServiceManager , impl_getImplementationName , impl_createInstance , impl_getSupportedServiceNames ) ; + //return xFactory ; + return ::cppu::createSingleFactory( aServiceManager , impl_getImplementationName() , impl_createInstance , impl_getSupportedServiceNames() ) ; +} + diff --git a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.hxx new file mode 100644 index 000000000000..44ed88b0a1bf --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.hxx @@ -0,0 +1,102 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +#ifndef _XMLSIGNATURE_NSSIMPL_HXX_ +#define _XMLSIGNATURE_NSSIMPL_HXX_ + +#include <sal/config.h> +#include <rtl/ustring.hxx> +#include <cppuhelper/factory.hxx> +#include <cppuhelper/implbase3.hxx> +#include <com/sun/star/uno/Exception.hpp> + +#ifndef _COM_SUN_STAR_UNO_REFERENCE_HPP_ +#include <com/sun/star/uno/Reference.hxx> +#endif +#include <com/sun/star/lang/XSingleServiceFactory.hpp> + +#ifndef _COM_SUN_STAR_LANG_XSECVICEINFO_HPP_ +#include <com/sun/star/lang/XServiceInfo.hpp> +#endif +#include <com/sun/star/lang/XInitialization.hpp> +#include <com/sun/star/xml/crypto/XXMLSignature.hpp> +#include <com/sun/star/xml/crypto/XXMLSignatureTemplate.hpp> +#include <com/sun/star/xml/crypto/XXMLSecurityContext.hpp> + +class XMLSignature_NssImpl : public ::cppu::WeakImplHelper3< + ::com::sun::star::xml::crypto::XXMLSignature , + ::com::sun::star::lang::XInitialization , + ::com::sun::star::lang::XServiceInfo > +{ + private : + ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory > m_xServiceManager ; + + public : + XMLSignature_NssImpl( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory >& aFactory ) ; + virtual ~XMLSignature_NssImpl() ; + + //Methods from XXMLSignature + virtual ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XXMLSignatureTemplate > SAL_CALL generate( + const ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XXMLSignatureTemplate >& aTemplate , + const ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XSecurityEnvironment >& aEnvironment + ) throw( com::sun::star::xml::crypto::XMLSignatureException, + com::sun::star::uno::SecurityException) ; + + virtual ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XXMLSignatureTemplate > SAL_CALL validate( + const ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XXMLSignatureTemplate >& aTemplate , + const ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XXMLSecurityContext >& aContext + ) throw( com::sun::star::uno::RuntimeException, + com::sun::star::uno::SecurityException, + com::sun::star::xml::crypto::XMLSignatureException); + + //Methods from XInitialization + virtual void SAL_CALL initialize( + const ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Any >& aArguments + ) throw( ::com::sun::star::uno::Exception , ::com::sun::star::uno::RuntimeException ) ; + + //Methods from XServiceInfo + virtual ::rtl::OUString SAL_CALL getImplementationName() throw( ::com::sun::star::uno::RuntimeException ) ; + + virtual sal_Bool SAL_CALL supportsService( + const ::rtl::OUString& ServiceName + ) throw( ::com::sun::star::uno::RuntimeException ) ; + + virtual ::com::sun::star::uno::Sequence< ::rtl::OUString > SAL_CALL getSupportedServiceNames() throw( ::com::sun::star::uno::RuntimeException ) ; + + //Helper for XServiceInfo + static ::com::sun::star::uno::Sequence< ::rtl::OUString > impl_getSupportedServiceNames() ; + + static ::rtl::OUString impl_getImplementationName() throw( ::com::sun::star::uno::RuntimeException ) ; + + //Helper for registry + static ::com::sun::star::uno::Reference< ::com::sun::star::uno::XInterface > SAL_CALL impl_createInstance( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory >& aServiceManager ) throw( ::com::sun::star::uno::RuntimeException ) ; + + static ::com::sun::star::uno::Reference< ::com::sun::star::lang::XSingleServiceFactory > impl_createFactory( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory >& aServiceManager ) ; +} ; + +#endif // _XMLSIGNATURE_NSSIMPL_HXX_ + diff --git a/xmlsecurity/source/xmlsec/nss/xsec_nss.cxx b/xmlsecurity/source/xmlsec/nss/xsec_nss.cxx new file mode 100644 index 000000000000..344f76bf3e5d --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/xsec_nss.cxx @@ -0,0 +1,165 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +// MARKER(update_precomp.py): autogen include statement, do not remove +#include "precompiled_xmlsecurity.hxx" + +#include <sal/config.h> +#include <stdio.h> + +#include <osl/mutex.hxx> +#include <osl/thread.h> +#include <cppuhelper/factory.hxx> +#include <com/sun/star/lang/XSingleServiceFactory.hpp> + +#include "seinitializer_nssimpl.hxx" +#include "xmlsignature_nssimpl.hxx" +#include "xmlencryption_nssimpl.hxx" +#include "xmlsecuritycontext_nssimpl.hxx" +#include "securityenvironment_nssimpl.hxx" + +using namespace ::rtl; +using namespace ::cppu; +using namespace ::com::sun::star::uno; +using namespace ::com::sun::star::lang; +using namespace ::com::sun::star::registry; + +extern "C" +{ + +sal_Bool SAL_CALL nss_component_writeInfo( void* /*pServiceManager*/ , void* pRegistryKey ) +{ + sal_Bool result = sal_False; + sal_Int32 i ; + OUString sKeyName ; + Reference< XRegistryKey > xNewKey ; + Sequence< OUString > seqServices ; + Reference< XRegistryKey > xKey( reinterpret_cast< XRegistryKey* >( pRegistryKey ) ) ; + + if( xKey.is() ) { + // try { + // XMLSignature_NssImpl + sKeyName = OUString( RTL_CONSTASCII_USTRINGPARAM( "/" ) ) ; + sKeyName += XMLSignature_NssImpl::impl_getImplementationName() ; + sKeyName += OUString::createFromAscii( "/UNO/SERVICES" ) ; + + xNewKey = xKey->createKey( sKeyName ) ; + if( xNewKey.is() ) { + seqServices = XMLSignature_NssImpl::impl_getSupportedServiceNames() ; + for( i = seqServices.getLength() ; i -- ; ) + xNewKey->createKey( seqServices.getConstArray()[i] ) ; + } + + // XMLEncryption_NssImpl + sKeyName = OUString( RTL_CONSTASCII_USTRINGPARAM( "/" ) ) ; + sKeyName += XMLEncryption_NssImpl::impl_getImplementationName() ; + sKeyName += OUString::createFromAscii( "/UNO/SERVICES" ) ; + + xNewKey = xKey->createKey( sKeyName ) ; + if( xNewKey.is() ) { + seqServices = XMLEncryption_NssImpl::impl_getSupportedServiceNames() ; + for( i = seqServices.getLength() ; i -- ; ) + xNewKey->createKey( seqServices.getConstArray()[i] ) ; + } + + // XMLSecurityContext_NssImpl + sKeyName = OUString( RTL_CONSTASCII_USTRINGPARAM( "/" ) ) ; + sKeyName += XMLSecurityContext_NssImpl::impl_getImplementationName() ; + sKeyName += OUString::createFromAscii( "/UNO/SERVICES" ) ; + + xNewKey = xKey->createKey( sKeyName ) ; + if( xNewKey.is() ) { + seqServices = XMLSecurityContext_NssImpl::impl_getSupportedServiceNames() ; + for( i = seqServices.getLength() ; i -- ; ) + xNewKey->createKey( seqServices.getConstArray()[i] ) ; + } + + // SecurityEnvironment_NssImpl + sKeyName = OUString( RTL_CONSTASCII_USTRINGPARAM( "/" ) ) ; + sKeyName += SecurityEnvironment_NssImpl::impl_getImplementationName() ; + sKeyName += OUString::createFromAscii( "/UNO/SERVICES" ) ; + + xNewKey = xKey->createKey( sKeyName ) ; + if( xNewKey.is() ) { + seqServices = SecurityEnvironment_NssImpl::impl_getSupportedServiceNames() ; + for( i = seqServices.getLength() ; i -- ; ) + xNewKey->createKey( seqServices.getConstArray()[i] ) ; + } + + // SEInitializer_NssImpl + sKeyName = OUString( RTL_CONSTASCII_USTRINGPARAM( "/" ) ) ; + sKeyName += SEInitializer_NssImpl_getImplementationName() ; + sKeyName += OUString::createFromAscii( "/UNO/SERVICES" ) ; + + xNewKey = xKey->createKey( sKeyName ) ; + if( xNewKey.is() ) { + seqServices = SEInitializer_NssImpl_getSupportedServiceNames() ; + for( i = seqServices.getLength() ; i -- ; ) + xNewKey->createKey( seqServices.getConstArray()[i] ) ; + } + + return sal_True; + //} catch( InvalidRegistryException & ) { + // //we should not ignore exceptions + // return sal_False ; + //} + } + return result; +} + +void* SAL_CALL nss_component_getFactory( const sal_Char* pImplName , void* pServiceManager , void* /*pRegistryKey*/ ) +{ + void* pRet = 0; + Reference< XSingleServiceFactory > xFactory ; + + if( pImplName != NULL && pServiceManager != NULL ) { + if( XMLSignature_NssImpl::impl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) { + xFactory = XMLSignature_NssImpl::impl_createFactory( reinterpret_cast< XMultiServiceFactory* >( pServiceManager ) ) ; + } else if( XMLSecurityContext_NssImpl::impl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) { + xFactory = XMLSecurityContext_NssImpl::impl_createFactory( reinterpret_cast< XMultiServiceFactory* >( pServiceManager ) ) ; + } else if( SecurityEnvironment_NssImpl::impl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) { + xFactory = SecurityEnvironment_NssImpl::impl_createFactory( reinterpret_cast< XMultiServiceFactory* >( pServiceManager ) ) ; + } else if( XMLEncryption_NssImpl::impl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) { + xFactory = XMLEncryption_NssImpl::impl_createFactory( reinterpret_cast< XMultiServiceFactory* >( pServiceManager ) ) ; + } else if( SEInitializer_NssImpl_getImplementationName().equals( OUString::createFromAscii( pImplName ) ) ) { + xFactory = Reference< XSingleServiceFactory >( createSingleFactory( + reinterpret_cast< XMultiServiceFactory * >( pServiceManager ), + OUString::createFromAscii( pImplName ), + SEInitializer_NssImpl_createInstance, SEInitializer_NssImpl_getSupportedServiceNames() ) ); + } + } + + if( xFactory.is() ) { + xFactory->acquire() ; + pRet = xFactory.get() ; + } + + return pRet ; +} + +} + |