strepsirrhini/office-gobmx
9
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
office-gobmx/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
Release Engineers f63344dfd6 CWS-TOOLING: integrate CWS jl127 
2009-07-30 10:12:10 +0200 jl  r274470 : #i100873# switch on checking for symbol definitions. It works with the current xpcom lib.
2009-07-29 09:48:29 +0200 jl  r274443 : #i100873#
2009-07-29 09:47:36 +0200 jl  r274442 : #i100873# changes after resync with DEV300m53 which contains the seamonkey update
2009-07-28 10:00:03 +0200 jl  r274389 : #100873# Patches from tono
2009-07-27 16:59:39 +0200 jl  r274372 : CWS-TOOLING: rebase CWS jl127 to trunk@274203 (milestone: DEV300:m53)
2009-07-07 09:08:53 +0200 jl  r273768 : #100873#
2009-07-06 17:16:10 +0200 jl  r273754 : #100873#
2009-07-01 13:58:09 +0200 jl  r273576 : #100873# added to readme
2009-07-01 13:15:02 +0200 jl  r273573 : #100873# deliver lib files when building with MS compiler
2009-06-30 11:22:06 +0200 jl  r273498 : #i100873# accidentally commented out patch_files
2009-06-30 09:01:10 +0200 jl  r273489 : #100873# make rc.exe work in ooo windows build
2009-06-29 09:47:56 +0200 jl  r273451 : #i100873# applied mingw patch from tono
2009-06-24 12:52:14 +0200 jl  r273332 : #100873# reapplying the configure.in patch on version 273150
2009-06-24 12:51:12 +0200 jl  r273331 : #100873# reapplying the patch on version 273150
2009-06-23 17:17:36 +0200 jl  r273299 : #100873# manually modified patch from tono
2009-06-22 17:05:41 +0200 jl  r273243 : #100873# applying mingw patch from tono
2009-06-22 17:02:30 +0200 jl  r273242 : #100873# applying mingw patch from tono
2009-06-22 12:49:57 +0200 jl  r273216 : #100873# dependency to stlport
2009-06-19 11:56:16 +0200 jl  r273155 : #100873# undoing a previous change, instset_native complained about missing libjpipe.jnilib (jurt)
2009-06-19 10:13:03 +0200 jl  r273150 : #100873# ooo builds shall also use the new nss by default
2009-06-18 14:32:07 +0200 jl  r273117 : #110873# more debug output when verifying a certificate
2009-06-16 11:23:50 +0200 jl  r273012 : #i10873#
2009-06-16 10:57:41 +0200 jl  r273011 : #100873# wrong parameter definition in nsscrypto_initialize
2009-06-16 10:56:45 +0200 jl  r273010 : #100873# wrong parameter definition in nsscrypto_initialize
2009-06-15 16:20:42 +0200 jl  r272996 : #100873# initialization of NSS is now threadsafe
2009-06-10 12:50:46 +0200 jl  r272804 : #100873# rename in foreach fails in 4nt
2009-06-09 13:43:00 +0200 jl  r272768 : #i100873# deliver only .h from inc/nss otherwise we get a warning when nss/nssck.api is delivered
2009-06-08 16:15:44 +0200 jl  r272739 : #i100873#
2009-06-08 16:04:54 +0200 jl  r272738 : #i100873#
2009-06-08 15:45:52 +0200 jl  r272736 : #i100873#
2009-06-08 15:44:15 +0200 jl  r272735 : #i100873# unzipping of nss.tar.z not working with 4nt
2009-06-08 09:45:46 +0200 jl  r272720 : #i100873#
2009-06-03 13:53:52 +0200 jl  r272562 : #i100873#  MOZILLABUILD not correct
2009-06-03 13:17:54 +0200 jl  r272557 : #i100873#  readme and makefile changes from cws jl125, support of new nss module
2009-06-03 09:57:40 +0200 jl  r272544 : #i100873#  added readme
2009-06-02 16:47:47 +0200 jl  r272512 : #i100873#  removed no longer needed stuff regarding jnilibs
2009-06-02 15:54:42 +0200 jl  r272510 : #i100873# added NSS to BUILD_TYPE
2009-06-02 15:20:18 +0200 jl  r272508 : #i100873# DEREFERENCE option for copy command
2009-06-02 13:00:12 +0200 jl  r272496 : #i100873# PATCH_FILE_NAMES is now PATCH_FILES
2009-06-02 12:23:39 +0200 jl  r272494 : #i100873# build dependency to nss
2009-05-29 16:21:40 +0200 jl  r272470 : #i100873# seting ENABLE_NSS_MODULE==YES and includeing mozilla-build-1.3 folder in environment
2009-05-29 16:03:23 +0200 jl  r272468 : #i100873# use intermediate certificates when validating a certificate
2009-05-29 15:57:16 +0200 jl  r272466 : #i100873# use intermediate certificates when validating a certificate
2009-05-29 15:49:58 +0200 jl  r272464 : #i100873# using ENABLE_NSS_MODULE
2009-05-29 15:33:14 +0200 jl  r272463 : #i100873# using ENABLE_NSS_MODULE
2009-05-29 15:28:39 +0200 jl  r272461 : #i100873# build dependency to nss module
2009-05-29 15:24:57 +0200 jl  r272460 : #i100873# pass additional certificates into verifyCertificate function
2009-05-29 14:49:40 +0200 jl  r272458 : #i100873# new NSS module
2009-05-29 14:43:44 +0200 jl  r272457 : #i100873# new NSS module
2009-08-26 08:22:01 +00:00

474 lines
15 KiB
C++
Raw Blame History

/*************************************************************************
*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* Copyright 2008 by Sun Microsystems, Inc.
*
* OpenOffice.org - a multi-platform office productivity suite
*
* $RCSfile: x509certificate_nssimpl.cxx,v $
* $Revision: 1.11 $
*
* This file is part of OpenOffice.org.
*
* OpenOffice.org is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License version 3
* only, as published by the Free Software Foundation.
*
* OpenOffice.org is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License version 3 for more details
* (a copy is included in the LICENSE file that accompanied this code).
*
* You should have received a copy of the GNU Lesser General Public License
* version 3 along with OpenOffice.org. If not, see
* <http://www.openoffice.org/license.html>
* for a copy of the LGPLv3 License.
*
************************************************************************/
// MARKER(update_precomp.py): autogen include statement, do not remove
#include "precompiled_xmlsecurity.hxx"
#include "nssrenam.h"
#include "nspr.h"
#include "nss.h"
#include "secder.h"
//MM : added by MM
#include "hasht.h"
#include "secoid.h"
#include "pk11func.h"
//MM : end
#include <sal/config.h>
#include <rtl/uuid.h>
#include "x509certificate_nssimpl.hxx"
#ifndef _CERTIFICATEEXTENSION_NSSIMPL_HXX_
#include "certificateextension_xmlsecimpl.hxx"
#endif
using namespace ::com::sun::star::uno ;
using namespace ::com::sun::star::security ;
using ::rtl::OUString ;
using ::com::sun::star::security::XCertificate ;
using ::com::sun::star::util::DateTime ;
X509Certificate_NssImpl :: X509Certificate_NssImpl() :
m_pCert( NULL )
{
}
X509Certificate_NssImpl :: ~X509Certificate_NssImpl() {
if( m_pCert != NULL ) {
CERT_DestroyCertificate( m_pCert ) ;
}
}
//Methods from XCertificate
sal_Int16 SAL_CALL X509Certificate_NssImpl :: getVersion() throw ( ::com::sun::star::uno::RuntimeException) {
if( m_pCert != NULL ) {
if( m_pCert->version.len > 0 ) {
return ( char )*( m_pCert->version.data ) ;
} else
return 0 ;
} else {
return -1 ;
}
}
::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl :: getSerialNumber() throw ( ::com::sun::star::uno::RuntimeException) {
if( m_pCert != NULL && m_pCert->serialNumber.len > 0 ) {
Sequence< sal_Int8 > serial( m_pCert->serialNumber.len ) ;
for( unsigned int i = 0 ; i < m_pCert->serialNumber.len ; i ++ )
serial[i] = *( m_pCert->serialNumber.data + i ) ;
return serial ;
} else {
return ::com::sun::star::uno::Sequence< sal_Int8 >();
}
}
::rtl::OUString SAL_CALL X509Certificate_NssImpl :: getIssuerName() throw ( ::com::sun::star::uno::RuntimeException) {
if( m_pCert != NULL ) {
return OUString(m_pCert->issuerName , PL_strlen(m_pCert->issuerName) , RTL_TEXTENCODING_UTF8) ;
} else {
return OUString() ;
}
}
::rtl::OUString SAL_CALL X509Certificate_NssImpl :: getSubjectName() throw ( ::com::sun::star::uno::RuntimeException) {
if( m_pCert != NULL ) {
return OUString(m_pCert->subjectName , PL_strlen(m_pCert->subjectName) , RTL_TEXTENCODING_UTF8);
} else {
return OUString() ;
}
}
::com::sun::star::util::DateTime SAL_CALL X509Certificate_NssImpl :: getNotValidBefore() throw ( ::com::sun::star::uno::RuntimeException) {
if( m_pCert != NULL ) {
SECStatus rv ;
PRTime notBefore ;
PRExplodedTime explTime ;
DateTime dateTime ;
rv = DER_DecodeTimeChoice( &notBefore, &m_pCert->validity.notBefore ) ;
if( rv ) {
return DateTime() ;
}
//Convert the time to readable local time
PR_ExplodeTime( notBefore, PR_LocalTimeParameters, &explTime ) ;
dateTime.HundredthSeconds = explTime.tm_usec / 1000 ;
dateTime.Seconds = explTime.tm_sec ;
dateTime.Minutes = explTime.tm_min ;
dateTime.Hours = explTime.tm_hour ;
dateTime.Day = explTime.tm_mday ;
dateTime.Month = explTime.tm_month+1 ;
dateTime.Year = explTime.tm_year ;
return dateTime ;
} else {
return DateTime() ;
}
}
::com::sun::star::util::DateTime SAL_CALL X509Certificate_NssImpl :: getNotValidAfter() throw ( ::com::sun::star::uno::RuntimeException) {
if( m_pCert != NULL ) {
SECStatus rv ;
PRTime notAfter ;
PRExplodedTime explTime ;
DateTime dateTime ;
rv = DER_DecodeTimeChoice( &notAfter, &m_pCert->validity.notAfter ) ;
if( rv ) {
return DateTime() ;
}
//Convert the time to readable local time
PR_ExplodeTime( notAfter, PR_LocalTimeParameters, &explTime ) ;
dateTime.HundredthSeconds = explTime.tm_usec / 1000 ;
dateTime.Seconds = explTime.tm_sec ;
dateTime.Minutes = explTime.tm_min ;
dateTime.Hours = explTime.tm_hour ;
dateTime.Day = explTime.tm_mday ;
dateTime.Month = explTime.tm_month+1 ;
dateTime.Year = explTime.tm_year ;
return dateTime ;
} else {
return DateTime() ;
}
}
::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl :: getIssuerUniqueID() throw ( ::com::sun::star::uno::RuntimeException) {
if( m_pCert != NULL && m_pCert->issuerID.len > 0 ) {
Sequence< sal_Int8 > issuerUid( m_pCert->issuerID.len ) ;
for( unsigned int i = 0 ; i < m_pCert->issuerID.len ; i ++ )
issuerUid[i] = *( m_pCert->issuerID.data + i ) ;
return issuerUid ;
} else {
return ::com::sun::star::uno::Sequence< sal_Int8 >();
}
}
::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl :: getSubjectUniqueID() throw ( ::com::sun::star::uno::RuntimeException) {
if( m_pCert != NULL && m_pCert->subjectID.len > 0 ) {
Sequence< sal_Int8 > subjectUid( m_pCert->subjectID.len ) ;
for( unsigned int i = 0 ; i < m_pCert->subjectID.len ; i ++ )
subjectUid[i] = *( m_pCert->subjectID.data + i ) ;
return subjectUid ;
} else {
return ::com::sun::star::uno::Sequence< sal_Int8 >();
}
}
::com::sun::star::uno::Sequence< ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificateExtension > > SAL_CALL X509Certificate_NssImpl :: getExtensions() throw ( ::com::sun::star::uno::RuntimeException) {
if( m_pCert != NULL && m_pCert->extensions != NULL ) {
CERTCertExtension** extns ;
CertificateExtension_XmlSecImpl* pExtn ;
sal_Bool crit ;
int len ;
for( len = 0, extns = m_pCert->extensions; *extns != NULL; len ++, extns ++ ) ;
Sequence< Reference< XCertificateExtension > > xExtns( len ) ;
for( extns = m_pCert->extensions, len = 0; *extns != NULL; extns ++, len ++ ) {
pExtn = new CertificateExtension_XmlSecImpl() ;
if( (*extns)->critical.data == NULL )
crit = sal_False ;
else
crit = ( (*extns)->critical.data[0] == 0xFF ) ? sal_True : sal_False ;
pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (*extns)->id.data, (*extns)->id.len, crit ) ;
xExtns[len] = pExtn ;
}
return xExtns ;
} else {
return ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificateExtension > > ();
}
}
::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificateExtension > SAL_CALL X509Certificate_NssImpl :: findCertificateExtension( const ::com::sun::star::uno::Sequence< sal_Int8 >& oid ) throw (::com::sun::star::uno::RuntimeException) {
if( m_pCert != NULL && m_pCert->extensions != NULL ) {
CertificateExtension_XmlSecImpl* pExtn ;
CERTCertExtension** extns ;
SECItem idItem ;
sal_Bool crit ;
idItem.data = ( unsigned char* )&oid[0] ;
idItem.len = oid.getLength() ;
pExtn = NULL ;
for( extns = m_pCert->extensions; *extns != NULL; extns ++ ) {
if( SECITEM_CompareItem( &idItem, &(*extns)->id ) == SECEqual ) {
pExtn = new CertificateExtension_XmlSecImpl() ;
if( (*extns)->critical.data == NULL )
crit = sal_False ;
else
crit = ( (*extns)->critical.data[0] == 0xFF ) ? sal_True : sal_False ;
pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (*extns)->id.data, (*extns)->id.len, crit ) ;
}
}
return pExtn ;
} else {
return NULL ;
}
}
::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl :: getEncoded() throw ( ::com::sun::star::uno::RuntimeException) {
if( m_pCert != NULL && m_pCert->derCert.len > 0 ) {
Sequence< sal_Int8 > rawCert( m_pCert->derCert.len ) ;
for( unsigned int i = 0 ; i < m_pCert->derCert.len ; i ++ )
rawCert[i] = *( m_pCert->derCert.data + i ) ;
return rawCert ;
} else {
return ::com::sun::star::uno::Sequence< sal_Int8 >();
}
}
//Helper methods
void X509Certificate_NssImpl :: setCert( CERTCertificate* cert ) {
if( m_pCert != NULL ) {
CERT_DestroyCertificate( m_pCert ) ;
m_pCert = NULL ;
}
if( cert != NULL ) {
m_pCert = CERT_DupCertificate( cert ) ;
}
}
const CERTCertificate* X509Certificate_NssImpl :: getNssCert() const {
if( m_pCert != NULL ) {
return m_pCert ;
} else {
return NULL ;
}
}
void X509Certificate_NssImpl :: setRawCert( Sequence< sal_Int8 > rawCert ) throw ( ::com::sun::star::uno::RuntimeException) {
CERTCertificate* cert ;
SECItem certItem ;
certItem.data = ( unsigned char* )&rawCert[0] ;
certItem.len = rawCert.getLength() ;
cert = CERT_DecodeDERCertificate( &certItem, PR_TRUE, NULL ) ;
if( cert == NULL )
throw RuntimeException() ;
if( m_pCert != NULL ) {
CERT_DestroyCertificate( m_pCert ) ;
m_pCert = NULL ;
}
m_pCert = cert ;
}
/* XUnoTunnel */
sal_Int64 SAL_CALL X509Certificate_NssImpl :: getSomething( const Sequence< sal_Int8 >& aIdentifier ) throw( RuntimeException ) {
if( aIdentifier.getLength() == 16 && 0 == rtl_compareMemory( getUnoTunnelId().getConstArray(), aIdentifier.getConstArray(), 16 ) ) {
return sal::static_int_cast<sal_Int64>(reinterpret_cast<sal_uIntPtr>(this));
}
return 0 ;
}
/* XUnoTunnel extension */
const Sequence< sal_Int8>& X509Certificate_NssImpl :: getUnoTunnelId() {
static Sequence< sal_Int8 >* pSeq = 0 ;
if( !pSeq ) {
::osl::Guard< ::osl::Mutex > aGuard( ::osl::Mutex::getGlobalMutex() ) ;
if( !pSeq ) {
static Sequence< sal_Int8> aSeq( 16 ) ;
rtl_createUuid( ( sal_uInt8* )aSeq.getArray() , 0 , sal_True ) ;
pSeq = &aSeq ;
}
}
return *pSeq ;
}
/* XUnoTunnel extension */
X509Certificate_NssImpl* X509Certificate_NssImpl :: getImplementation( const Reference< XInterface > xObj ) {
Reference< XUnoTunnel > xUT( xObj , UNO_QUERY ) ;
if( xUT.is() ) {
return reinterpret_cast<X509Certificate_NssImpl*>(
sal::static_int_cast<sal_uIntPtr>(xUT->getSomething( getUnoTunnelId() )));
} else
return NULL ;
}
// MM : added by MM
::rtl::OUString getAlgorithmDescription(SECAlgorithmID *aid)
{
SECOidTag tag;
tag = SECOID_GetAlgorithmTag(aid);
const char *pDesc = SECOID_FindOIDTagDescription(tag);
return rtl::OUString::createFromAscii( pDesc ) ;
}
::com::sun::star::uno::Sequence< sal_Int8 > getThumbprint(CERTCertificate *pCert, SECOidTag id)
{
if( pCert != NULL )
{
unsigned char fingerprint[20];
//char *fpStr = NULL;
SECItem fpItem;
int length = ((id == SEC_OID_MD5)?MD5_LENGTH:SHA1_LENGTH);
memset(fingerprint, 0, sizeof fingerprint);
PK11_HashBuf(id, fingerprint, pCert->derCert.data, pCert->derCert.len);
fpItem.data = fingerprint;
fpItem.len = length;
//fpStr = CERT_Hexify(&fpItem, 1);
Sequence< sal_Int8 > thumbprint( length ) ;
for( int i = 0 ; i < length ; i ++ )
{
thumbprint[i] = fingerprint[i];
}
//PORT_Free(fpStr);
return thumbprint;
}
else
{
return ::com::sun::star::uno::Sequence< sal_Int8 >();
}
}
::rtl::OUString SAL_CALL X509Certificate_NssImpl::getSubjectPublicKeyAlgorithm()
throw ( ::com::sun::star::uno::RuntimeException)
{
if( m_pCert != NULL )
{
return getAlgorithmDescription(&(m_pCert->subjectPublicKeyInfo.algorithm));
}
else
{
return OUString() ;
}
}
::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getSubjectPublicKeyValue()
throw ( ::com::sun::star::uno::RuntimeException)
{
if( m_pCert != NULL )
{
SECItem spk = m_pCert->subjectPublicKeyInfo.subjectPublicKey;
DER_ConvertBitString(&spk);
if ( spk.len>0)
{
Sequence< sal_Int8 > key( spk.len ) ;
for( unsigned int i = 0 ; i < spk.len ; i ++ )
{
key[i] = *( spk.data + i ) ;
}
return key ;
}
}
return ::com::sun::star::uno::Sequence< sal_Int8 >();
}
::rtl::OUString SAL_CALL X509Certificate_NssImpl::getSignatureAlgorithm()
throw ( ::com::sun::star::uno::RuntimeException)
{
if( m_pCert != NULL )
{
return getAlgorithmDescription(&(m_pCert->signature));
}
else
{
return OUString() ;
}
}
::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getSHA1Thumbprint()
throw ( ::com::sun::star::uno::RuntimeException)
{
return getThumbprint(m_pCert, SEC_OID_SHA1);
}
::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getMD5Thumbprint()
throw ( ::com::sun::star::uno::RuntimeException)
{
return getThumbprint(m_pCert, SEC_OID_MD5);
}
sal_Int32 SAL_CALL X509Certificate_NssImpl::getCertificateUsage( )
throw ( ::com::sun::star::uno::RuntimeException)
{
SECStatus rv;
SECItem tmpitem;
sal_Int32 usage;
rv = CERT_FindKeyUsageExtension(m_pCert, &tmpitem);
if ( rv == SECSuccess )
{
usage = tmpitem.data[0];
PORT_Free(tmpitem.data);
tmpitem.data = NULL;
}
else
{
usage = KU_ALL;
}
/*
* to make the nss implementation compatible with MSCrypto,
* the following usage is ignored
*
*
if ( CERT_GovtApprovedBitSet(m_pCert) )
{
usage |= KU_NS_GOVT_APPROVED;
}
*/
return usage;
}
// MM : end
Reference in a new issue View git blame Copy permalink