LCOV - code coverage report
Current view: top level - uui/source - iahndl-ssl.cxx (source / functions) Hit Total Coverage
Test: commit 10e77ab3ff6f4314137acd6e2702a6e5c1ce1fae Lines: 1 157 0.6 %
Date: 2014-11-03 Functions: 2 9 22.2 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
       2             : /*
       3             :  * This file is part of the LibreOffice project.
       4             :  *
       5             :  * This Source Code Form is subject to the terms of the Mozilla Public
       6             :  * License, v. 2.0. If a copy of the MPL was not distributed with this
       7             :  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
       8             :  *
       9             :  * This file incorporates work covered by the following license notice:
      10             :  *
      11             :  *   Licensed to the Apache Software Foundation (ASF) under one or more
      12             :  *   contributor license agreements. See the NOTICE file distributed
      13             :  *   with this work for additional information regarding copyright
      14             :  *   ownership. The ASF licenses this file to you under the Apache
      15             :  *   License, Version 2.0 (the "License"); you may not use this file
      16             :  *   except in compliance with the License. You may obtain a copy of
      17             :  *   the License at http://www.apache.org/licenses/LICENSE-2.0 .
      18             :  */
      19             : 
      20             : 
      21             : #include <com/sun/star/security/CertificateValidity.hpp>
      22             : #include <com/sun/star/security/XCertificateExtension.hpp>
      23             : #include <com/sun/star/security/XSanExtension.hpp>
      24             : #include <com/sun/star/security/ExtAltNameType.hpp>
      25             : #include <com/sun/star/task/XInteractionAbort.hpp>
      26             : #include <com/sun/star/task/XInteractionApprove.hpp>
      27             : #include <com/sun/star/task/XInteractionRequest.hpp>
      28             : #include <com/sun/star/ucb/CertificateValidationRequest.hpp>
      29             : #include <com/sun/star/uno/Reference.hxx>
      30             : 
      31             : #include <osl/mutex.hxx>
      32             : #include <com/sun/star/uno/Sequence.hxx>
      33             : #include <svl/zforlist.hxx>
      34             : #include <vcl/svapp.hxx>
      35             : #include <vcl/settings.hxx>
      36             : 
      37             : #include "ids.hrc"
      38             : #include "getcontinuations.hxx"
      39             : #include "sslwarndlg.hxx"
      40             : #include "unknownauthdlg.hxx"
      41             : 
      42             : #include "iahndl.hxx"
      43             : 
      44             : #include <boost/scoped_ptr.hpp>
      45             : 
      46             : #define DESCRIPTION_1 1
      47             : #define TITLE 3
      48             : 
      49             : #define OID_SUBJECT_ALTERNATIVE_NAME "2.5.29.17"
      50             : 
      51             : 
      52             : using namespace com::sun::star;
      53             : 
      54             : namespace {
      55             : 
      56             : OUString
      57           0 : getContentPart( const OUString& _rRawString )
      58             : {
      59             :     // search over some parts to find a string
      60             :     static char const * aIDs[] = { "CN=", "OU=", "O=", "E=", NULL };
      61           0 :     OUString sPart;
      62           0 :     int i = 0;
      63           0 :     while ( aIDs[i] )
      64             :     {
      65           0 :         OUString sPartId = OUString::createFromAscii( aIDs[i++] );
      66           0 :         sal_Int32 nContStart = _rRawString.indexOf( sPartId );
      67           0 :         if ( nContStart != -1 )
      68             :         {
      69           0 :             nContStart += sPartId.getLength();
      70           0 :             sal_Int32 nContEnd = _rRawString.indexOf( ',', nContStart );
      71           0 :             if ( nContEnd != -1 )
      72           0 :                 sPart = _rRawString.copy( nContStart, nContEnd - nContStart );
      73             :             else
      74           0 :                 sPart = _rRawString.copy( nContStart );
      75           0 :             break;
      76             :         }
      77           0 :     }
      78           0 :     return sPart;
      79             : }
      80             : 
      81             : bool
      82           0 : isDomainMatch(
      83             :               const OUString& hostName, const uno::Sequence< OUString >& certHostNames)
      84             : {
      85           0 :     for ( int i = 0; i < certHostNames.getLength(); i++){
      86           0 :         OUString element = certHostNames[i];
      87             : 
      88           0 :        if (element.isEmpty())
      89           0 :            continue;
      90             : 
      91           0 :        if (hostName.equalsIgnoreAsciiCase( element ))
      92           0 :            return true;
      93             : 
      94           0 :        if (element.startsWith("*") &&
      95           0 :            hostName.getLength() >= element.getLength()  )
      96             :        {
      97           0 :            OUString cmpStr = element.copy( 1 );
      98           0 :            if ( hostName.matchIgnoreAsciiCase(
      99           0 :                     cmpStr, hostName.getLength() - cmpStr.getLength()) )
     100           0 :                return true;
     101             :        }
     102           0 :     }
     103             : 
     104           0 :     return false;
     105             : }
     106             : 
     107             : OUString
     108           0 : getLocalizedDatTimeStr(
     109             :     uno::Reference< uno::XComponentContext> const & xContext,
     110             :     util::DateTime const & rDateTime )
     111             : {
     112           0 :     OUString aDateTimeStr;
     113           0 :     Date  aDate( Date::EMPTY );
     114           0 :     tools::Time  aTime( tools::Time::EMPTY );
     115             : 
     116           0 :     aDate = Date( rDateTime.Day, rDateTime.Month, rDateTime.Year );
     117           0 :     aTime = tools::Time( rDateTime.Hours, rDateTime.Minutes, rDateTime.Seconds );
     118             : 
     119           0 :     LanguageType eUILang = Application::GetSettings().GetUILanguageTag().getLanguageType();
     120           0 :     SvNumberFormatter *pNumberFormatter = new SvNumberFormatter( xContext, eUILang );
     121           0 :     OUString      aTmpStr;
     122           0 :     Color*      pColor = NULL;
     123           0 :     Date*       pNullDate = pNumberFormatter->GetNullDate();
     124             :     sal_uInt32  nFormat
     125           0 :         = pNumberFormatter->GetStandardFormat( NUMBERFORMAT_DATE, eUILang );
     126             : 
     127           0 :     pNumberFormatter->GetOutputString( aDate - *pNullDate, nFormat, aTmpStr, &pColor );
     128           0 :     aDateTimeStr = aTmpStr + " ";
     129             : 
     130           0 :     nFormat = pNumberFormatter->GetStandardFormat( NUMBERFORMAT_TIME, eUILang );
     131             :     pNumberFormatter->GetOutputString(
     132           0 :         aTime.GetTimeInDays(), nFormat, aTmpStr, &pColor );
     133           0 :     aDateTimeStr += aTmpStr;
     134             : 
     135           0 :     return aDateTimeStr;
     136             : }
     137             : 
     138             : bool
     139           0 : executeUnknownAuthDialog(
     140             :     vcl::Window * pParent,
     141             :     uno::Reference< uno::XComponentContext > const & xContext,
     142             :     const uno::Reference< security::XCertificate >& rXCert)
     143             : {
     144             :     try
     145             :     {
     146           0 :         SolarMutexGuard aGuard;
     147             : 
     148             :         boost::scoped_ptr< UnknownAuthDialog > xDialog(
     149           0 :             new UnknownAuthDialog(pParent, rXCert, xContext));
     150             : 
     151             :         // Get correct resource string
     152           0 :         OUString aMessage;
     153             : 
     154           0 :         std::vector< OUString > aArguments;
     155           0 :         aArguments.push_back( getContentPart( rXCert->getSubjectName()) );
     156             : 
     157           0 :         boost::scoped_ptr< ResMgr > xManager(ResMgr::CreateResMgr("uui"));
     158           0 :         if (xManager.get())
     159             :         {
     160           0 :             ResId aResId(RID_UUI_ERRHDL, *xManager.get());
     161           0 :             if (ErrorResource(aResId).getString(
     162           0 :                     ERRCODE_UUI_UNKNOWNAUTH_UNTRUSTED, aMessage))
     163             :             {
     164           0 :                 aMessage = UUIInteractionHelper::replaceMessageWithArguments(
     165           0 :                     aMessage, aArguments );
     166           0 :                 xDialog->setDescriptionText( aMessage );
     167             :             }
     168             :         }
     169             : 
     170           0 :         return static_cast<bool>(xDialog->Execute());
     171             :     }
     172           0 :     catch (std::bad_alloc const &)
     173             :     {
     174           0 :         throw uno::RuntimeException("out of memory");
     175             :     }
     176             : }
     177             : 
     178             : bool
     179           0 : executeSSLWarnDialog(
     180             :     vcl::Window * pParent,
     181             :     uno::Reference< uno::XComponentContext > const & xContext,
     182             :     const uno::Reference< security::XCertificate >& rXCert,
     183             :     sal_Int32 const & failure,
     184             :     const OUString & hostName )
     185             : {
     186             :     try
     187             :     {
     188           0 :         SolarMutexGuard aGuard;
     189             : 
     190             :         boost::scoped_ptr< SSLWarnDialog > xDialog(
     191           0 :            new SSLWarnDialog(pParent, rXCert, xContext));
     192             : 
     193             :         // Get correct resource string
     194           0 :         OUString aMessage_1;
     195           0 :         std::vector< OUString > aArguments_1;
     196             : 
     197           0 :         switch( failure )
     198             :         {
     199             :             case SSLWARN_TYPE_DOMAINMISMATCH:
     200           0 :                 aArguments_1.push_back( hostName );
     201             :                 aArguments_1.push_back(
     202           0 :                     getContentPart( rXCert->getSubjectName()) );
     203           0 :                 aArguments_1.push_back( hostName );
     204           0 :                 break;
     205             :             case SSLWARN_TYPE_EXPIRED:
     206             :                 aArguments_1.push_back(
     207           0 :                     getContentPart( rXCert->getSubjectName()) );
     208             :                 aArguments_1.push_back(
     209             :                     getLocalizedDatTimeStr( xContext,
     210           0 :                                             rXCert->getNotValidAfter() ) );
     211             :                 aArguments_1.push_back(
     212             :                     getLocalizedDatTimeStr( xContext,
     213           0 :                                             rXCert->getNotValidAfter() ) );
     214           0 :                 break;
     215             :             case SSLWARN_TYPE_INVALID:
     216           0 :                 break;
     217             :         }
     218             : 
     219           0 :         boost::scoped_ptr< ResMgr > xManager(ResMgr::CreateResMgr("uui"));
     220             : 
     221           0 :         if (xManager.get())
     222             :         {
     223           0 :             ResId aResId(RID_UUI_ERRHDL, *xManager.get());
     224           0 :             if (ErrorResource(aResId).getString(
     225           0 :                     ERRCODE_AREA_UUI_UNKNOWNAUTH + failure + DESCRIPTION_1,
     226           0 :                     aMessage_1))
     227             :             {
     228           0 :                 aMessage_1 = UUIInteractionHelper::replaceMessageWithArguments(
     229           0 :                     aMessage_1, aArguments_1 );
     230           0 :                 xDialog->setDescription1Text( aMessage_1 );
     231             :             }
     232             : 
     233           0 :             OUString aTitle;
     234           0 :             if (ErrorResource(aResId).getString(
     235           0 :                 ERRCODE_AREA_UUI_UNKNOWNAUTH + failure + TITLE, aTitle))
     236             :             {
     237           0 :                 xDialog->SetText(aTitle);
     238           0 :             }
     239             :         }
     240             : 
     241           0 :         return static_cast<bool>(xDialog->Execute());
     242             :     }
     243           0 :     catch (std::bad_alloc const &)
     244             :     {
     245           0 :         throw uno::RuntimeException("out of memory");
     246             :     }
     247             : }
     248             : 
     249             : void
     250           0 : handleCertificateValidationRequest_(
     251             :     vcl::Window * pParent,
     252             :     uno::Reference< uno::XComponentContext > const & xContext,
     253             :     ucb::CertificateValidationRequest const & rRequest,
     254             :     uno::Sequence< uno::Reference< task::XInteractionContinuation > > const &
     255             :         rContinuations)
     256             : {
     257           0 :     uno::Reference< task::XInteractionApprove > xApprove;
     258           0 :     uno::Reference< task::XInteractionAbort > xAbort;
     259           0 :     getContinuations(rContinuations, &xApprove, &xAbort);
     260             : 
     261           0 :     sal_Int32 failures = rRequest.CertificateValidity;
     262           0 :     bool trustCert = true;
     263             : 
     264           0 :     if ( ((failures & security::CertificateValidity::UNTRUSTED)
     265           0 :              == security::CertificateValidity::UNTRUSTED ) ||
     266           0 :          ((failures & security::CertificateValidity::ISSUER_UNTRUSTED)
     267           0 :              == security::CertificateValidity::ISSUER_UNTRUSTED) ||
     268           0 :          ((failures & security::CertificateValidity::ROOT_UNTRUSTED)
     269             :              == security::CertificateValidity::ROOT_UNTRUSTED) )
     270             :     {
     271             :         trustCert = executeUnknownAuthDialog( pParent,
     272             :                                               xContext,
     273           0 :                                               rRequest.Certificate );
     274             :     }
     275             : 
     276           0 :     uno::Sequence< uno::Reference< security::XCertificateExtension > > extensions = rRequest.Certificate->getExtensions();
     277           0 :     uno::Sequence< security::CertAltNameEntry > altNames;
     278           0 :     for (sal_Int32 i = 0 ; i < extensions.getLength(); i++){
     279           0 :         uno::Reference< security::XCertificateExtension >element = extensions[i];
     280             : 
     281           0 :         OString aId ( (const sal_Char *)element->getExtensionId().getArray(), element->getExtensionId().getLength());
     282           0 :         if (aId.equals(OID_SUBJECT_ALTERNATIVE_NAME))
     283             :         {
     284           0 :            uno::Reference< security::XSanExtension > sanExtension ( element, uno::UNO_QUERY );
     285           0 :            altNames =  sanExtension->getAlternativeNames();
     286           0 :            break;
     287             :         }
     288           0 :     }
     289             : 
     290           0 :     OUString certHostName = getContentPart( rRequest.Certificate->getSubjectName() );
     291           0 :     uno::Sequence< OUString > certHostNames(altNames.getLength() + 1);
     292             : 
     293           0 :     certHostNames[0] = certHostName;
     294             : 
     295           0 :     for(int n = 0; n < altNames.getLength(); ++n)
     296             :     {
     297           0 :         if (altNames[n].Type ==  security::ExtAltNameType_DNS_NAME){
     298           0 :            altNames[n].Value >>= certHostNames[n+1];
     299             :         }
     300             :     }
     301             : 
     302           0 :     if ( (!isDomainMatch(
     303             :               rRequest.HostName,
     304           0 :               certHostNames )) &&
     305             :           trustCert )
     306             :     {
     307             :         trustCert = executeSSLWarnDialog( pParent,
     308             :                                           xContext,
     309             :                                           rRequest.Certificate,
     310             :                                           SSLWARN_TYPE_DOMAINMISMATCH,
     311           0 :                                           rRequest.HostName );
     312             :     }
     313             : 
     314           0 :     else if ( (((failures & security::CertificateValidity::TIME_INVALID)
     315           0 :                 == security::CertificateValidity::TIME_INVALID) ||
     316           0 :                ((failures & security::CertificateValidity::NOT_TIME_NESTED)
     317           0 :                 == security::CertificateValidity::NOT_TIME_NESTED)) &&
     318             :               trustCert )
     319             :     {
     320             :         trustCert = executeSSLWarnDialog( pParent,
     321             :                                           xContext,
     322             :                                           rRequest.Certificate,
     323             :                                           SSLWARN_TYPE_EXPIRED,
     324           0 :                                           rRequest.HostName );
     325             :     }
     326             : 
     327           0 :     else if ( (((failures & security::CertificateValidity::REVOKED)
     328           0 :                 == security::CertificateValidity::REVOKED) ||
     329           0 :                ((failures & security::CertificateValidity::SIGNATURE_INVALID)
     330           0 :                 == security::CertificateValidity::SIGNATURE_INVALID) ||
     331           0 :                ((failures & security::CertificateValidity::EXTENSION_INVALID)
     332           0 :                 == security::CertificateValidity::EXTENSION_INVALID) ||
     333           0 :                ((failures & security::CertificateValidity::INVALID)
     334           0 :                 == security::CertificateValidity::INVALID)) &&
     335             :               trustCert )
     336             :     {
     337             :         trustCert = executeSSLWarnDialog( pParent,
     338             :                                           xContext,
     339             :                                           rRequest.Certificate,
     340             :                                           SSLWARN_TYPE_INVALID,
     341           0 :                                           rRequest.HostName );
     342             :     }
     343             : 
     344           0 :     if ( trustCert )
     345             :     {
     346           0 :         if (xApprove.is())
     347           0 :             xApprove->select();
     348             :     }
     349             :     else
     350             :     {
     351           0 :         if (xAbort.is())
     352           0 :             xAbort->select();
     353           0 :     }
     354           0 : }
     355             : 
     356             : } // namespace
     357             : 
     358             : bool
     359           0 : UUIInteractionHelper::handleCertificateValidationRequest(
     360             :     uno::Reference< task::XInteractionRequest > const & rRequest)
     361             : {
     362           0 :     uno::Any aAnyRequest(rRequest->getRequest());
     363             : 
     364           0 :     ucb::CertificateValidationRequest aCertificateValidationRequest;
     365           0 :     if (aAnyRequest >>= aCertificateValidationRequest)
     366             :     {
     367             :         handleCertificateValidationRequest_(getParentProperty(),
     368             :                                             m_xContext,
     369             :                                             aCertificateValidationRequest,
     370           0 :                                             rRequest->getContinuations());
     371           0 :         return true;
     372             :     }
     373             : 
     374           0 :     return false;
     375         180 : }
     376             : 
     377             : /* vim:set shiftwidth=4 softtabstop=4 expandtab: */

Generated by: LCOV version 1.10