Line data Source code
1 : /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 : /*
3 : * This file is part of the LibreOffice project.
4 : *
5 : * This Source Code Form is subject to the terms of the Mozilla Public
6 : * License, v. 2.0. If a copy of the MPL was not distributed with this
7 : * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 : *
9 : * This file incorporates work covered by the following license notice:
10 : *
11 : */
12 :
13 : #include <com/sun/star/security/CertificateContainer.hpp>
14 : #include <com/sun/star/security/XCertificate.hpp>
15 : #include <com/sun/star/security/XCertificateContainer.hpp>
16 : #include <com/sun/star/security/CertificateValidity.hpp>
17 : #include <com/sun/star/xml/crypto/SEInitializer.hpp>
18 : #include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp>
19 :
20 : #include <comphelper/sequence.hxx>
21 : #include <ucbhelper/simplecertificatevalidationrequest.hxx>
22 :
23 : #include "certvalidation_handler.hxx"
24 :
25 : #define STD_TO_OUSTR( str ) OUString( str.c_str(), str.length( ), RTL_TEXTENCODING_UTF8 )
26 :
27 : using namespace std;
28 : using namespace com::sun::star;
29 :
30 : namespace cmis
31 : {
32 0 : bool CertValidationHandler::validateCertificate( vector< string > aCertificates )
33 : {
34 0 : bool bValidate = false;
35 0 : if ( !aCertificates.empty() && m_xEnv.is() )
36 : {
37 0 : uno::Reference< xml::crypto::XSEInitializer > xSEInitializer;
38 : try
39 : {
40 0 : xSEInitializer = xml::crypto::SEInitializer::create( m_xContext );
41 : }
42 0 : catch ( uno::Exception const & )
43 : {
44 : }
45 :
46 0 : if ( xSEInitializer.is() )
47 : {
48 : uno::Reference< xml::crypto::XXMLSecurityContext > xSecurityContext(
49 0 : xSEInitializer->createSecurityContext( OUString() ) );
50 :
51 : uno::Reference< xml::crypto::XSecurityEnvironment > xSecurityEnv(
52 0 : xSecurityContext->getSecurityEnvironment() );
53 :
54 0 : vector< string >::iterator pIt = aCertificates.begin();
55 0 : string sCert = *pIt;
56 : // We need to get rid of the PEM header/footer lines
57 0 : OUString sCleanCert = STD_TO_OUSTR( sCert );
58 0 : sCleanCert = sCleanCert.replaceAll( "-----BEGIN CERTIFICATE-----", "" );
59 0 : sCleanCert = sCleanCert.replaceAll( "-----END CERTIFICATE-----", "" );
60 : uno::Reference< security::XCertificate > xCert(
61 0 : xSecurityEnv->createCertificateFromAscii(
62 0 : sCleanCert ) );
63 :
64 0 : uno::Reference< security::XCertificateContainer > xCertificateContainer;
65 : try
66 : {
67 0 : xCertificateContainer = security::CertificateContainer::create( m_xContext );
68 : }
69 0 : catch ( uno::Exception const & )
70 : {
71 : }
72 :
73 0 : if ( xCertificateContainer.is( ) )
74 : {
75 : security::CertificateContainerStatus status(
76 0 : xCertificateContainer->hasCertificate(
77 0 : m_sHostname, xCert->getSubjectName() ) );
78 :
79 0 : if ( status != security::CertificateContainerStatus_NOCERT )
80 0 : return status == security::CertificateContainerStatus_TRUSTED;
81 : }
82 :
83 : // If we had no certificate, ask what to do
84 0 : std::vector< uno::Reference< security::XCertificate > > vecCerts;
85 :
86 0 : for ( ++pIt; pIt != aCertificates.end(); ++pIt )
87 : {
88 0 : sCert = *pIt;
89 : uno::Reference< security::XCertificate> xImCert(
90 0 : xSecurityEnv->createCertificateFromAscii(
91 0 : STD_TO_OUSTR( sCert ) ) );
92 0 : if ( xImCert.is() )
93 0 : vecCerts.push_back( xImCert );
94 0 : }
95 :
96 0 : sal_Int64 certValidity = xSecurityEnv->verifyCertificate( xCert,
97 0 : ::comphelper::containerToSequence( vecCerts ) );
98 :
99 : uno::Reference< task::XInteractionHandler > xIH(
100 0 : m_xEnv->getInteractionHandler() );
101 0 : if ( xIH.is() )
102 : {
103 : rtl::Reference< ucbhelper::SimpleCertificateValidationRequest >
104 : xRequest( new ucbhelper::SimpleCertificateValidationRequest(
105 0 : sal_Int32( certValidity ), xCert, m_sHostname ) );
106 0 : xIH->handle( xRequest.get() );
107 : rtl::Reference< ucbhelper::InteractionContinuation > xSelection
108 0 : = xRequest->getSelection();
109 :
110 0 : if ( xSelection.is() )
111 : {
112 : uno::Reference< task::XInteractionApprove > xApprove(
113 0 : xSelection.get(), uno::UNO_QUERY );
114 0 : bValidate = xApprove.is();
115 :
116 : // Store the decision in the container
117 0 : xCertificateContainer->addCertificate(
118 0 : m_sHostname, xCert->getSubjectName(), bValidate );
119 0 : }
120 0 : }
121 0 : }
122 : }
123 0 : return bValidate;
124 : }
125 0 : }
126 :
127 : /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|
