office-gobmx/uui/source/iahndl-ssl.cxx
2011-09-22 15:01:05 +01:00

399 lines
14 KiB
C++

/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*************************************************************************
*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* Copyright 2000, 2010 Oracle and/or its affiliates.
*
* OpenOffice.org - a multi-platform office productivity suite
*
* This file is part of OpenOffice.org.
*
* OpenOffice.org is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License version 3
* only, as published by the Free Software Foundation.
*
* OpenOffice.org is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License version 3 for more details
* (a copy is included in the LICENSE file that accompanied this code).
*
* You should have received a copy of the GNU Lesser General Public License
* version 3 along with OpenOffice.org. If not, see
* <http://www.openoffice.org/license.html>
* for a copy of the LGPLv3 License.
*
************************************************************************/
#include "com/sun/star/security/CertificateValidity.hpp"
#include "com/sun/star/security/XCertificateExtension.hpp"
#include "com/sun/star/security/XSanExtension.hpp"
#include <com/sun/star/security/ExtAltNameType.hpp>
#include "com/sun/star/task/XInteractionAbort.hpp"
#include "com/sun/star/task/XInteractionApprove.hpp"
#include "com/sun/star/task/XInteractionRequest.hpp"
#include "com/sun/star/ucb/CertificateValidationRequest.hpp"
#include <com/sun/star/uno/Reference.hxx>
#include "osl/mutex.hxx"
#include <com/sun/star/uno/Sequence.hxx>
#include "tools/datetime.hxx"
#include "svl/zforlist.hxx"
#include "vcl/svapp.hxx"
#include "ids.hrc"
#include "getcontinuations.hxx"
#include "sslwarndlg.hxx"
#include "unknownauthdlg.hxx"
#include "iahndl.hxx"
#include <boost/scoped_ptr.hpp>
#define DESCRIPTION_1 1
#define DESCRIPTION_2 2
#define TITLE 3
#define OID_SUBJECT_ALTERNATIVE_NAME "2.5.29.17"
using namespace com::sun::star;
namespace {
String
getContentPart( const String& _rRawString )
{
// search over some parts to find a string
static char const * aIDs[] = { "CN=", "OU=", "O=", "E=", NULL };
String sPart;
int i = 0;
while ( aIDs[i] )
{
String sPartId = String::CreateFromAscii( aIDs[i++] );
xub_StrLen nContStart = _rRawString.Search( sPartId );
if ( nContStart != STRING_NOTFOUND )
{
nContStart = nContStart + sPartId.Len();
xub_StrLen nContEnd
= _rRawString.Search( sal_Unicode( ',' ), nContStart );
sPart = String( _rRawString, nContStart, nContEnd - nContStart );
break;
}
}
return sPart;
}
bool
isDomainMatch(
rtl::OUString hostName, uno::Sequence< ::rtl::OUString > certHostNames)
{
for ( int i = 0; i < certHostNames.getLength(); i++){
::rtl::OUString element = certHostNames[i];
if (element.getLength() == 0)
continue;
if (hostName.equalsIgnoreAsciiCase( element ))
return true;
if ( 0 == element.indexOf( rtl::OUString(RTL_CONSTASCII_USTRINGPARAM( "*" )) ) &&
hostName.getLength() >= element.getLength() )
{
rtl::OUString cmpStr = element.copy( 1 );
if ( hostName.matchIgnoreAsciiCase(
cmpStr, hostName.getLength() - cmpStr.getLength()) )
return true;
}
}
return false;
}
rtl::OUString
getLocalizedDatTimeStr(
uno::Reference< lang::XMultiServiceFactory > const & xServiceFactory,
util::DateTime const & rDateTime )
{
rtl::OUString aDateTimeStr;
Date aDate;
Time aTime;
aDate = Date( rDateTime.Day, rDateTime.Month, rDateTime.Year );
aTime = Time( rDateTime.Hours, rDateTime.Minutes, rDateTime.Seconds );
LanguageType eUILang = Application::GetSettings().GetUILanguage();
SvNumberFormatter *pNumberFormatter
= new SvNumberFormatter( xServiceFactory, eUILang );
String aTmpStr;
Color* pColor = NULL;
Date* pNullDate = pNumberFormatter->GetNullDate();
sal_uInt32 nFormat
= pNumberFormatter->GetStandardFormat( NUMBERFORMAT_DATE, eUILang );
pNumberFormatter->GetOutputString(
aDate - *pNullDate, nFormat, aTmpStr, &pColor );
aDateTimeStr = aTmpStr + rtl::OUString(RTL_CONSTASCII_USTRINGPARAM(" "));
nFormat = pNumberFormatter->GetStandardFormat( NUMBERFORMAT_TIME, eUILang );
pNumberFormatter->GetOutputString(
aTime.GetTimeInDays(), nFormat, aTmpStr, &pColor );
aDateTimeStr += aTmpStr;
return aDateTimeStr;
}
sal_Bool
executeUnknownAuthDialog(
Window * pParent,
uno::Reference< lang::XMultiServiceFactory > const & xServiceFactory,
const uno::Reference< security::XCertificate >& rXCert)
SAL_THROW((uno::RuntimeException))
{
try
{
SolarMutexGuard aGuard;
boost::scoped_ptr< ResMgr > xManager(
ResMgr::CreateResMgr(CREATEVERSIONRESMGR_NAME(uui)));
boost::scoped_ptr< UnknownAuthDialog > xDialog(
new UnknownAuthDialog( pParent,
rXCert,
xServiceFactory,
xManager.get()));
// Get correct resource string
rtl::OUString aMessage;
std::vector< rtl::OUString > aArguments;
aArguments.push_back( getContentPart( rXCert->getSubjectName()) );
if (xManager.get())
{
ResId aResId(RID_UUI_ERRHDL, *xManager.get());
if (ErrorResource(aResId).getString(
ERRCODE_UUI_UNKNOWNAUTH_UNTRUSTED, &aMessage))
{
aMessage = UUIInteractionHelper::replaceMessageWithArguments(
aMessage, aArguments );
xDialog->setDescriptionText( aMessage );
}
}
return static_cast<sal_Bool> (xDialog->Execute());
}
catch (std::bad_alloc const &)
{
throw uno::RuntimeException(
rtl::OUString(RTL_CONSTASCII_USTRINGPARAM("out of memory")),
uno::Reference< uno::XInterface >());
}
}
sal_Bool
executeSSLWarnDialog(
Window * pParent,
uno::Reference< lang::XMultiServiceFactory > const & xServiceFactory,
const uno::Reference< security::XCertificate >& rXCert,
sal_Int32 const & failure,
const rtl::OUString & hostName )
SAL_THROW((uno::RuntimeException))
{
try
{
SolarMutexGuard aGuard;
boost::scoped_ptr< ResMgr > xManager(
ResMgr::CreateResMgr(CREATEVERSIONRESMGR_NAME(uui)));
boost::scoped_ptr< SSLWarnDialog > xDialog(
new SSLWarnDialog( pParent,
rXCert,
xServiceFactory,
xManager.get()));
// Get correct resource string
rtl::OUString aMessage_1;
std::vector< rtl::OUString > aArguments_1;
switch( failure )
{
case SSLWARN_TYPE_DOMAINMISMATCH:
aArguments_1.push_back( hostName );
aArguments_1.push_back(
getContentPart( rXCert->getSubjectName()) );
aArguments_1.push_back( hostName );
break;
case SSLWARN_TYPE_EXPIRED:
aArguments_1.push_back(
getContentPart( rXCert->getSubjectName()) );
aArguments_1.push_back(
getLocalizedDatTimeStr( xServiceFactory,
rXCert->getNotValidAfter() ) );
aArguments_1.push_back(
getLocalizedDatTimeStr( xServiceFactory,
rXCert->getNotValidAfter() ) );
break;
case SSLWARN_TYPE_INVALID:
break;
}
if (xManager.get())
{
ResId aResId(RID_UUI_ERRHDL, *xManager.get());
if (ErrorResource(aResId).getString(
ERRCODE_AREA_UUI_UNKNOWNAUTH + failure + DESCRIPTION_1,
&aMessage_1))
{
aMessage_1 = UUIInteractionHelper::replaceMessageWithArguments(
aMessage_1, aArguments_1 );
xDialog->setDescription1Text( aMessage_1 );
}
rtl::OUString aTitle;
ErrorResource(aResId).getString(
ERRCODE_AREA_UUI_UNKNOWNAUTH + failure + TITLE, &aTitle);
xDialog->SetText( aTitle );
}
return static_cast<sal_Bool> (xDialog->Execute());
}
catch (std::bad_alloc const &)
{
throw uno::RuntimeException(
rtl::OUString(RTL_CONSTASCII_USTRINGPARAM("out of memory")),
uno::Reference< uno::XInterface >());
}
}
void
handleCertificateValidationRequest_(
Window * pParent,
uno::Reference< lang::XMultiServiceFactory > const & xServiceFactory,
ucb::CertificateValidationRequest const & rRequest,
uno::Sequence< uno::Reference< task::XInteractionContinuation > > const &
rContinuations)
SAL_THROW((uno::RuntimeException))
{
uno::Reference< task::XInteractionApprove > xApprove;
uno::Reference< task::XInteractionAbort > xAbort;
getContinuations(rContinuations, &xApprove, &xAbort);
sal_Int32 failures = rRequest.CertificateValidity;
sal_Bool trustCert = sal_True;
if ( ((failures & security::CertificateValidity::UNTRUSTED)
== security::CertificateValidity::UNTRUSTED ) ||
((failures & security::CertificateValidity::ISSUER_UNTRUSTED)
== security::CertificateValidity::ISSUER_UNTRUSTED) ||
((failures & security::CertificateValidity::ROOT_UNTRUSTED)
== security::CertificateValidity::ROOT_UNTRUSTED) )
{
trustCert = executeUnknownAuthDialog( pParent,
xServiceFactory,
rRequest.Certificate );
}
uno::Sequence< uno::Reference< security::XCertificateExtension > > extensions = rRequest.Certificate->getExtensions();
uno::Sequence< security::CertAltNameEntry > altNames;
for (sal_Int32 i = 0 ; i < extensions.getLength(); i++){
uno::Reference< security::XCertificateExtension >element = extensions[i];
rtl::OString aId ( (const sal_Char *)element->getExtensionId().getArray(), element->getExtensionId().getLength());
if (aId.equals(OID_SUBJECT_ALTERNATIVE_NAME))
{
uno::Reference< security::XSanExtension > sanExtension ( element, uno::UNO_QUERY );
altNames = sanExtension->getAlternativeNames();
break;
}
}
::rtl::OUString certHostName = getContentPart( rRequest.Certificate->getSubjectName() );
uno::Sequence< ::rtl::OUString > certHostNames(altNames.getLength() + 1);
certHostNames[0] = certHostName;
for(int n = 1; n < altNames.getLength(); n++){
if (altNames[n].Type == security::ExtAltNameType_DNS_NAME){
altNames[n].Value >>= certHostNames[n];
}
}
if ( (!isDomainMatch(
rRequest.HostName,
certHostNames )) &&
trustCert )
{
trustCert = executeSSLWarnDialog( pParent,
xServiceFactory,
rRequest.Certificate,
SSLWARN_TYPE_DOMAINMISMATCH,
rRequest.HostName );
}
if ( (((failures & security::CertificateValidity::TIME_INVALID)
== security::CertificateValidity::TIME_INVALID) ||
((failures & security::CertificateValidity::NOT_TIME_NESTED)
== security::CertificateValidity::NOT_TIME_NESTED)) &&
trustCert )
{
trustCert = executeSSLWarnDialog( pParent,
xServiceFactory,
rRequest.Certificate,
SSLWARN_TYPE_EXPIRED,
rRequest.HostName );
}
if ( (((failures & security::CertificateValidity::REVOKED)
== security::CertificateValidity::REVOKED) ||
((failures & security::CertificateValidity::SIGNATURE_INVALID)
== security::CertificateValidity::SIGNATURE_INVALID) ||
((failures & security::CertificateValidity::EXTENSION_INVALID)
== security::CertificateValidity::EXTENSION_INVALID) ||
((failures & security::CertificateValidity::INVALID)
== security::CertificateValidity::INVALID)) &&
trustCert )
{
trustCert = executeSSLWarnDialog( pParent,
xServiceFactory,
rRequest.Certificate,
SSLWARN_TYPE_INVALID,
rRequest.HostName );
}
if ( trustCert )
{
if (xApprove.is())
xApprove->select();
}
else
{
if (xAbort.is())
xAbort->select();
}
}
} // namespace
bool
UUIInteractionHelper::handleCertificateValidationRequest(
uno::Reference< task::XInteractionRequest > const & rRequest)
SAL_THROW((uno::RuntimeException))
{
uno::Any aAnyRequest(rRequest->getRequest());
ucb::CertificateValidationRequest aCertificateValidationRequest;
if (aAnyRequest >>= aCertificateValidationRequest)
{
handleCertificateValidationRequest_(getParentProperty(),
m_xServiceFactory,
aCertificateValidationRequest,
rRequest->getContinuations());
return true;
}
return false;
}
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */