1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
 * This file is part of the LibreOffice project.
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 *
 * This file incorporates work covered by the following license notice:
 *
 */

#include <com/sun/star/security/CertificateContainer.hpp>
#include <com/sun/star/security/XCertificate.hpp>
#include <com/sun/star/security/XCertificateContainer.hpp>
#include <com/sun/star/xml/crypto/SEInitializer.hpp>
#include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp>

#include <rtl/ref.hxx>
#include <comphelper/sequence.hxx>
#include <ucbhelper/simplecertificatevalidationrequest.hxx>

#include "certvalidation_handler.hxx"

#define STD_TO_OUSTR( str ) OUString( str.c_str(), str.length( ), RTL_TEXTENCODING_UTF8 )

using namespace std;
using namespace com::sun::star;

namespace cmis
{
    bool CertValidationHandler::validateCertificate( vector< string > aCertificates )<--- The function 'validateCertificate' is never used.
    {
        bool bValidate = false;
        if ( !aCertificates.empty() && m_xEnv.is() )
        {
            uno::Reference< xml::crypto::XSEInitializer > xSEInitializer;
            try
            {
                xSEInitializer = xml::crypto::SEInitializer::create( m_xContext );
            }
            catch ( uno::Exception const & )
            {
            }

            if ( xSEInitializer.is() )
            {
                uno::Reference< xml::crypto::XXMLSecurityContext > xSecurityContext(
                    xSEInitializer->createSecurityContext( OUString() ) );

                uno::Reference< xml::crypto::XSecurityEnvironment > xSecurityEnv(
                        xSecurityContext->getSecurityEnvironment() );

                vector< string >::iterator pIt = aCertificates.begin();
                string sCert = *pIt;
                // We need to get rid of the PEM header/footer lines
                OUString sCleanCert = STD_TO_OUSTR( sCert );
                sCleanCert = sCleanCert.replaceAll( "-----BEGIN CERTIFICATE-----", "" );
                sCleanCert = sCleanCert.replaceAll( "-----END CERTIFICATE-----", "" );
                uno::Reference< security::XCertificate > xCert(
                        xSecurityEnv->createCertificateFromAscii(
                            sCleanCert ) );

                uno::Reference< security::XCertificateContainer > xCertificateContainer;
                try
                {
                    xCertificateContainer = security::CertificateContainer::create( m_xContext );
                }
                catch ( uno::Exception const & )
                {
                }

                if ( xCertificateContainer.is( ) )
                {
                    security::CertificateContainerStatus status(
                        xCertificateContainer->hasCertificate(
                            m_sHostname, xCert->getSubjectName() ) );

                    if ( status != security::CertificateContainerStatus_NOCERT )
                        return status == security::CertificateContainerStatus_TRUSTED;
                }

                // If we had no certificate, ask what to do
                std::vector< uno::Reference< security::XCertificate > > vecCerts;

                for ( ++pIt; pIt != aCertificates.end(); ++pIt )
                {
                    sCert = *pIt;
                    uno::Reference< security::XCertificate> xImCert(
                        xSecurityEnv->createCertificateFromAscii(
                            STD_TO_OUSTR( sCert ) ) );
                    if ( xImCert.is() )
                        vecCerts.push_back( xImCert );
                }

                sal_Int64 certValidity = xSecurityEnv->verifyCertificate( xCert,
                    ::comphelper::containerToSequence( vecCerts ) );

                uno::Reference< task::XInteractionHandler > xIH(
                    m_xEnv->getInteractionHandler() );
                if ( xIH.is() )
                {
                    rtl::Reference< ucbhelper::SimpleCertificateValidationRequest >
                        xRequest( new ucbhelper::SimpleCertificateValidationRequest(
                                   sal_Int32( certValidity ), xCert, m_sHostname ) );
                    xIH->handle( xRequest.get() );
                    rtl::Reference< ucbhelper::InteractionContinuation > xSelection
                        = xRequest->getSelection();

                    if ( xSelection.is() )
                    {
                        uno::Reference< task::XInteractionApprove > xApprove(
                            xSelection.get(), uno::UNO_QUERY );
                        bValidate = xApprove.is();

                        // Store the decision in the container
                        xCertificateContainer->addCertificate(
                            m_sHostname, xCert->getSubjectName(), bValidate );
                    }
                }
            }
        }
        return bValidate;
    }
}

/* vim:set shiftwidth=4 softtabstop=4 expandtab: */