LCOV - code coverage report
Current view: top level - xmlsecurity/source/xmlsec/nss - securityenvironment_nssimpl.cxx (source / functions) Hit Total Coverage
Test: commit e02a6cb2c3e2b23b203b422e4e0680877f232636 Lines: 0 481 0.0 %
Date: 2014-04-14 Functions: 0 42 0.0 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
       2             : /*
       3             :  * This file is part of the LibreOffice project.
       4             :  *
       5             :  * This Source Code Form is subject to the terms of the Mozilla Public
       6             :  * License, v. 2.0. If a copy of the MPL was not distributed with this
       7             :  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
       8             :  *
       9             :  * This file incorporates work covered by the following license notice:
      10             :  *
      11             :  *   Licensed to the Apache Software Foundation (ASF) under one or more
      12             :  *   contributor license agreements. See the NOTICE file distributed
      13             :  *   with this work for additional information regarding copyright
      14             :  *   ownership. The ASF licenses this file to you under the Apache
      15             :  *   License, Version 2.0 (the "License"); you may not use this file
      16             :  *   except in compliance with the License. You may obtain a copy of
      17             :  *   the License at http://www.apache.org/licenses/LICENSE-2.0 .
      18             :  */
      19             : 
      20             : #include "nssrenam.h"
      21             : #include "cert.h"
      22             : #include "secerr.h"
      23             : #include "ocsp.h"
      24             : 
      25             : #include <sal/config.h>
      26             : #include <sal/macros.h>
      27             : #include "securityenvironment_nssimpl.hxx"
      28             : #include "x509certificate_nssimpl.hxx"
      29             : #include <comphelper/servicehelper.hxx>
      30             : #include "../diagnose.hxx"
      31             : 
      32             : #include "xmlsecurity/xmlsec-wrapper.h"
      33             : 
      34             : #include <rtl/ustrbuf.hxx>
      35             : #include <comphelper/processfactory.hxx>
      36             : #include <comphelper/docpasswordrequest.hxx>
      37             : #include <xmlsecurity/biginteger.hxx>
      38             : #include <sal/log.hxx>
      39             : #include <com/sun/star/task/InteractionHandler.hpp>
      40             : #include <vector>
      41             : #include "boost/scoped_array.hpp"
      42             : #include <osl/thread.h>
      43             : 
      44             : #include "secerror.hxx"
      45             : 
      46             : // added for password exception
      47             : #include <com/sun/star/security/NoPasswordException.hpp>
      48             : namespace csss = ::com::sun::star::security;
      49             : using namespace xmlsecurity;
      50             : using namespace ::com::sun::star::security;
      51             : using namespace com::sun::star;
      52             : using namespace ::com::sun::star::uno ;
      53             : using namespace ::com::sun::star::lang ;
      54             : using ::com::sun::star::lang::XMultiServiceFactory ;
      55             : using ::com::sun::star::lang::XSingleServiceFactory ;
      56             : 
      57             : using ::com::sun::star::xml::crypto::XSecurityEnvironment ;
      58             : using ::com::sun::star::security::XCertificate ;
      59             : 
      60             : extern X509Certificate_NssImpl* NssCertToXCert( CERTCertificate* cert ) ;
      61             : extern X509Certificate_NssImpl* NssPrivKeyToXCert( SECKEYPrivateKey* ) ;
      62             : 
      63             : 
      64             : struct UsageDescription
      65             : {
      66             :     SECCertificateUsage usage;
      67             :     char const* description;
      68             : 
      69           0 :     UsageDescription()
      70             :     : usage( certificateUsageCheckAllUsages )
      71           0 :     , description( NULL )
      72           0 :     {}
      73             : 
      74           0 :     UsageDescription( SECCertificateUsage i_usage, char const* i_description )
      75             :     : usage( i_usage )
      76           0 :     , description( i_description )
      77           0 :     {}
      78             : 
      79             :     UsageDescription( const UsageDescription& aDescription )
      80             :     : usage( aDescription.usage )
      81             :     , description( aDescription.description )
      82             :     {}
      83             : 
      84           0 :     UsageDescription& operator =( const UsageDescription& aDescription )
      85             :     {
      86           0 :         usage = aDescription.usage;
      87           0 :         description = aDescription.description;
      88           0 :         return *this;
      89             :     }
      90             : };
      91             : 
      92             : 
      93             : 
      94           0 : char* GetPasswordFunction( PK11SlotInfo* pSlot, PRBool bRetry, void* /*arg*/ )
      95             : {
      96           0 :     uno::Reference< uno::XComponentContext > xContext( ::comphelper::getProcessComponentContext() );
      97             :     uno::Reference < task::XInteractionHandler2 > xInteractionHandler(
      98           0 :         task::InteractionHandler::createWithParent(xContext, 0) );
      99             : 
     100           0 :     task::PasswordRequestMode eMode = bRetry ? task::PasswordRequestMode_PASSWORD_REENTER : task::PasswordRequestMode_PASSWORD_ENTER;
     101             :     ::comphelper::DocPasswordRequest* pPasswordRequest = new ::comphelper::DocPasswordRequest(
     102           0 :         ::comphelper::DocPasswordRequestType_STANDARD, eMode, OUString::createFromAscii(PK11_GetTokenName(pSlot)) );
     103             : 
     104           0 :     uno::Reference< task::XInteractionRequest > xRequest( pPasswordRequest );
     105           0 :     xInteractionHandler->handle( xRequest );
     106             : 
     107           0 :     if ( pPasswordRequest->isPassword() )
     108             :     {
     109             :         OString aPassword(OUStringToOString(
     110             :             pPasswordRequest->getPassword(),
     111           0 :             osl_getThreadTextEncoding()));
     112           0 :         sal_Int32 nLen = aPassword.getLength();
     113           0 :         char* pPassword = (char*) PORT_Alloc( nLen+1 ) ;
     114           0 :         pPassword[nLen] = 0;
     115           0 :         memcpy( pPassword, aPassword.getStr(), nLen );
     116           0 :         return pPassword;
     117             :     }
     118           0 :     return NULL;
     119             : }
     120             : 
     121           0 : SecurityEnvironment_NssImpl :: SecurityEnvironment_NssImpl() :
     122           0 : m_pHandler( NULL ) , m_tSymKeyList() , m_tPubKeyList() , m_tPriKeyList() {
     123             : 
     124           0 :     PK11_SetPasswordFunc( GetPasswordFunction ) ;
     125           0 : }
     126             : 
     127           0 : SecurityEnvironment_NssImpl :: ~SecurityEnvironment_NssImpl() {
     128             : 
     129           0 :     PK11_SetPasswordFunc( NULL ) ;
     130             : 
     131           0 :     for (CIT_SLOTS i = m_Slots.begin(); i != m_Slots.end(); i++)
     132             :     {
     133           0 :         PK11_FreeSlot(*i);
     134             :     }
     135             : 
     136           0 :     if( !m_tSymKeyList.empty()  ) {
     137           0 :         std::list< PK11SymKey* >::iterator symKeyIt ;
     138             : 
     139           0 :         for( symKeyIt = m_tSymKeyList.begin() ; symKeyIt != m_tSymKeyList.end() ; ++symKeyIt )
     140           0 :             PK11_FreeSymKey( *symKeyIt ) ;
     141             :     }
     142             : 
     143           0 :     if( !m_tPubKeyList.empty()  ) {
     144           0 :         std::list< SECKEYPublicKey* >::iterator pubKeyIt ;
     145             : 
     146           0 :         for( pubKeyIt = m_tPubKeyList.begin() ; pubKeyIt != m_tPubKeyList.end() ; ++pubKeyIt )
     147           0 :             SECKEY_DestroyPublicKey( *pubKeyIt ) ;
     148             :     }
     149             : 
     150           0 :     if( !m_tPriKeyList.empty()  ) {
     151           0 :         std::list< SECKEYPrivateKey* >::iterator priKeyIt ;
     152             : 
     153           0 :         for( priKeyIt = m_tPriKeyList.begin() ; priKeyIt != m_tPriKeyList.end() ; ++priKeyIt )
     154           0 :             SECKEY_DestroyPrivateKey( *priKeyIt ) ;
     155             :     }
     156           0 : }
     157             : 
     158             : /* XServiceInfo */
     159           0 : OUString SAL_CALL SecurityEnvironment_NssImpl :: getImplementationName() throw( RuntimeException, std::exception ) {
     160           0 :     return impl_getImplementationName() ;
     161             : }
     162             : 
     163             : /* XServiceInfo */
     164           0 : sal_Bool SAL_CALL SecurityEnvironment_NssImpl :: supportsService( const OUString& serviceName) throw( RuntimeException, std::exception ) {
     165           0 :     Sequence< OUString > seqServiceNames = getSupportedServiceNames() ;
     166           0 :     const OUString* pArray = seqServiceNames.getConstArray() ;
     167           0 :     for( sal_Int32 i = 0 ; i < seqServiceNames.getLength() ; i ++ ) {
     168           0 :         if( *( pArray + i ) == serviceName )
     169           0 :             return sal_True ;
     170             :     }
     171           0 :     return sal_False ;
     172             : }
     173             : 
     174             : /* XServiceInfo */
     175           0 : Sequence< OUString > SAL_CALL SecurityEnvironment_NssImpl :: getSupportedServiceNames() throw( RuntimeException, std::exception ) {
     176           0 :     return impl_getSupportedServiceNames() ;
     177             : }
     178             : 
     179             : //Helper for XServiceInfo
     180           0 : Sequence< OUString > SecurityEnvironment_NssImpl :: impl_getSupportedServiceNames() {
     181           0 :     ::osl::Guard< ::osl::Mutex > aGuard( ::osl::Mutex::getGlobalMutex() ) ;
     182           0 :     Sequence< OUString > seqServiceNames( 1 ) ;
     183           0 :     seqServiceNames[0] = "com.sun.star.xml.crypto.SecurityEnvironment";
     184           0 :     return seqServiceNames ;
     185             : }
     186             : 
     187           0 : OUString SecurityEnvironment_NssImpl :: impl_getImplementationName() throw( RuntimeException ) {
     188           0 :     return OUString("com.sun.star.xml.security.bridge.xmlsec.SecurityEnvironment_NssImpl") ;
     189             : }
     190             : 
     191             : //Helper for registry
     192           0 : Reference< XInterface > SAL_CALL SecurityEnvironment_NssImpl :: impl_createInstance( const Reference< XMultiServiceFactory >& ) throw( RuntimeException ) {
     193           0 :     return Reference< XInterface >( *new SecurityEnvironment_NssImpl ) ;
     194             : }
     195             : 
     196           0 : Reference< XSingleServiceFactory > SecurityEnvironment_NssImpl :: impl_createFactory( const Reference< XMultiServiceFactory >& aServiceManager ) {
     197           0 :     return ::cppu::createSingleFactory( aServiceManager , impl_getImplementationName() , impl_createInstance , impl_getSupportedServiceNames() ) ;
     198             : }
     199             : 
     200             : /* XUnoTunnel */
     201           0 : sal_Int64 SAL_CALL SecurityEnvironment_NssImpl :: getSomething( const Sequence< sal_Int8 >& aIdentifier )
     202             :     throw( RuntimeException, std::exception )
     203             : {
     204           0 :     if( aIdentifier.getLength() == 16 && 0 == memcmp( getUnoTunnelId().getConstArray(), aIdentifier.getConstArray(), 16 ) ) {
     205           0 :         return sal::static_int_cast<sal_Int64>(reinterpret_cast<sal_uIntPtr>(this));
     206             :     }
     207           0 :     return 0 ;
     208             : }
     209             : 
     210             : /* XUnoTunnel extension */
     211             : 
     212             : namespace
     213             : {
     214             :     class theSecurityEnvironment_NssImplUnoTunnelId  : public rtl::Static< UnoTunnelIdInit, theSecurityEnvironment_NssImplUnoTunnelId > {};
     215             : }
     216             : 
     217           0 : const Sequence< sal_Int8>& SecurityEnvironment_NssImpl :: getUnoTunnelId() {
     218           0 :     return theSecurityEnvironment_NssImplUnoTunnelId::get().getSeq();
     219             : }
     220             : 
     221           0 : OUString SecurityEnvironment_NssImpl::getSecurityEnvironmentInformation() throw( ::com::sun::star::uno::RuntimeException, std::exception )
     222             : {
     223           0 :     OUStringBuffer buff;
     224           0 :     for (CIT_SLOTS is = m_Slots.begin(); is != m_Slots.end(); is++)
     225             :     {
     226           0 :         buff.append(OUString::createFromAscii(PK11_GetTokenName(*is)));
     227           0 :         buff.appendAscii("\n");
     228             :     }
     229           0 :     return buff.makeStringAndClear();
     230             : }
     231             : 
     232           0 : void SecurityEnvironment_NssImpl::addCryptoSlot( PK11SlotInfo* aSlot) throw( Exception , RuntimeException )
     233             : {
     234           0 :     PK11_ReferenceSlot(aSlot);
     235           0 :     m_Slots.push_back(aSlot);
     236           0 : }
     237             : 
     238           0 : CERTCertDBHandle* SecurityEnvironment_NssImpl :: getCertDb() throw( Exception , RuntimeException ) {
     239           0 :     return m_pHandler ;
     240             : }
     241             : 
     242             : //Could we have multiple cert dbs?
     243           0 : void SecurityEnvironment_NssImpl :: setCertDb( CERTCertDBHandle* aCertDb ) throw( Exception , RuntimeException ) {
     244           0 :     m_pHandler = aCertDb ;
     245           0 : }
     246             : 
     247           0 : void SecurityEnvironment_NssImpl :: adoptSymKey( PK11SymKey* aSymKey ) throw( Exception , RuntimeException ) {
     248             :     PK11SymKey* symkey ;
     249           0 :     std::list< PK11SymKey* >::iterator keyIt ;
     250             : 
     251           0 :     if( aSymKey != NULL ) {
     252             :         //First try to find the key in the list
     253           0 :         for( keyIt = m_tSymKeyList.begin() ; keyIt != m_tSymKeyList.end() ; ++keyIt ) {
     254           0 :             if( *keyIt == aSymKey )
     255           0 :                 return ;
     256             :         }
     257             : 
     258             :         //If we do not find the key in the list, add a new node
     259           0 :         symkey = PK11_ReferenceSymKey( aSymKey ) ;
     260           0 :         if( symkey == NULL )
     261           0 :             throw RuntimeException() ;
     262             : 
     263             :         try {
     264           0 :             m_tSymKeyList.push_back( symkey ) ;
     265           0 :         } catch ( Exception& ) {
     266           0 :             PK11_FreeSymKey( symkey ) ;
     267             :         }
     268             :     }
     269             : }
     270             : 
     271           0 : void SecurityEnvironment_NssImpl :: rejectSymKey( PK11SymKey* aSymKey ) throw( Exception , RuntimeException ) {
     272             :     PK11SymKey* symkey ;
     273           0 :     std::list< PK11SymKey* >::iterator keyIt ;
     274             : 
     275           0 :     if( aSymKey != NULL ) {
     276           0 :         for( keyIt = m_tSymKeyList.begin() ; keyIt != m_tSymKeyList.end() ; ++keyIt ) {
     277           0 :             if( *keyIt == aSymKey ) {
     278           0 :                 symkey = *keyIt ;
     279           0 :                 PK11_FreeSymKey( symkey ) ;
     280           0 :                 m_tSymKeyList.erase( keyIt ) ;
     281           0 :                 break ;
     282             :             }
     283             :         }
     284             :     }
     285           0 : }
     286             : 
     287           0 : PK11SymKey* SecurityEnvironment_NssImpl :: getSymKey( unsigned int position ) throw( Exception , RuntimeException ) {
     288             :     PK11SymKey* symkey ;
     289           0 :     std::list< PK11SymKey* >::iterator keyIt ;
     290             :     unsigned int pos ;
     291             : 
     292           0 :     symkey = NULL ;
     293           0 :     for( pos = 0, keyIt = m_tSymKeyList.begin() ; pos < position && keyIt != m_tSymKeyList.end() ; pos ++ , keyIt ++ ) ;
     294             : 
     295           0 :     if( pos == position && keyIt != m_tSymKeyList.end() )
     296           0 :         symkey = *keyIt ;
     297             : 
     298           0 :     return symkey ;
     299             : }
     300             : 
     301           0 : void SecurityEnvironment_NssImpl :: adoptPubKey( SECKEYPublicKey* aPubKey ) throw( Exception , RuntimeException ) {
     302             :     SECKEYPublicKey*    pubkey ;
     303           0 :     std::list< SECKEYPublicKey* >::iterator keyIt ;
     304             : 
     305           0 :     if( aPubKey != NULL ) {
     306             :         //First try to find the key in the list
     307           0 :         for( keyIt = m_tPubKeyList.begin() ; keyIt != m_tPubKeyList.end() ; ++keyIt ) {
     308           0 :             if( *keyIt == aPubKey )
     309           0 :                 return ;
     310             :         }
     311             : 
     312             :         //If we do not find the key in the list, add a new node
     313           0 :         pubkey = SECKEY_CopyPublicKey( aPubKey ) ;
     314           0 :         if( pubkey == NULL )
     315           0 :             throw RuntimeException() ;
     316             : 
     317             :         try {
     318           0 :             m_tPubKeyList.push_back( pubkey ) ;
     319           0 :         } catch ( Exception& ) {
     320           0 :             SECKEY_DestroyPublicKey( pubkey ) ;
     321             :         }
     322             :     }
     323             : }
     324             : 
     325           0 : void SecurityEnvironment_NssImpl :: rejectPubKey( SECKEYPublicKey* aPubKey ) throw( Exception , RuntimeException ) {
     326             :     SECKEYPublicKey*    pubkey ;
     327           0 :     std::list< SECKEYPublicKey* >::iterator keyIt ;
     328             : 
     329           0 :     if( aPubKey != NULL ) {
     330           0 :         for( keyIt = m_tPubKeyList.begin() ; keyIt != m_tPubKeyList.end() ; ++keyIt ) {
     331           0 :             if( *keyIt == aPubKey ) {
     332           0 :                 pubkey = *keyIt ;
     333           0 :                 SECKEY_DestroyPublicKey( pubkey ) ;
     334           0 :                 m_tPubKeyList.erase( keyIt ) ;
     335           0 :                 break ;
     336             :             }
     337             :         }
     338             :     }
     339           0 : }
     340             : 
     341           0 : SECKEYPublicKey* SecurityEnvironment_NssImpl :: getPubKey( unsigned int position ) throw( Exception , RuntimeException ) {
     342             :     SECKEYPublicKey* pubkey ;
     343           0 :     std::list< SECKEYPublicKey* >::iterator keyIt ;
     344             :     unsigned int pos ;
     345             : 
     346           0 :     pubkey = NULL ;
     347           0 :     for( pos = 0, keyIt = m_tPubKeyList.begin() ; pos < position && keyIt != m_tPubKeyList.end() ; pos ++ , keyIt ++ ) ;
     348             : 
     349           0 :     if( pos == position && keyIt != m_tPubKeyList.end() )
     350           0 :         pubkey = *keyIt ;
     351             : 
     352           0 :     return pubkey ;
     353             : }
     354             : 
     355           0 : void SecurityEnvironment_NssImpl :: adoptPriKey( SECKEYPrivateKey* aPriKey ) throw( Exception , RuntimeException ) {
     356             :     SECKEYPrivateKey*   prikey ;
     357           0 :     std::list< SECKEYPrivateKey* >::iterator keyIt ;
     358             : 
     359           0 :     if( aPriKey != NULL ) {
     360             :         //First try to find the key in the list
     361           0 :         for( keyIt = m_tPriKeyList.begin() ; keyIt != m_tPriKeyList.end() ; ++keyIt ) {
     362           0 :             if( *keyIt == aPriKey )
     363           0 :                 return ;
     364             :         }
     365             : 
     366             :         //If we do not find the key in the list, add a new node
     367           0 :         prikey = SECKEY_CopyPrivateKey( aPriKey ) ;
     368           0 :         if( prikey == NULL )
     369           0 :             throw RuntimeException() ;
     370             : 
     371             :         try {
     372           0 :             m_tPriKeyList.push_back( prikey ) ;
     373           0 :         } catch ( Exception& ) {
     374           0 :             SECKEY_DestroyPrivateKey( prikey ) ;
     375             :         }
     376             :     }
     377             : }
     378             : 
     379           0 : void SecurityEnvironment_NssImpl :: rejectPriKey( SECKEYPrivateKey* aPriKey ) throw( Exception , RuntimeException ) {
     380             :     SECKEYPrivateKey*   prikey ;
     381           0 :     std::list< SECKEYPrivateKey* >::iterator keyIt ;
     382             : 
     383           0 :     if( aPriKey != NULL ) {
     384           0 :         for( keyIt = m_tPriKeyList.begin() ; keyIt != m_tPriKeyList.end() ; ++keyIt ) {
     385           0 :             if( *keyIt == aPriKey ) {
     386           0 :                 prikey = *keyIt ;
     387           0 :                 SECKEY_DestroyPrivateKey( prikey ) ;
     388           0 :                 m_tPriKeyList.erase( keyIt ) ;
     389           0 :                 break ;
     390             :             }
     391             :         }
     392             :     }
     393           0 : }
     394             : 
     395           0 : SECKEYPrivateKey* SecurityEnvironment_NssImpl :: getPriKey( unsigned int position ) throw( ::com::sun::star::uno::Exception , ::com::sun::star::uno::RuntimeException )  {
     396             :     SECKEYPrivateKey* prikey ;
     397           0 :     std::list< SECKEYPrivateKey* >::iterator keyIt ;
     398             :     unsigned int pos ;
     399             : 
     400           0 :     prikey = NULL ;
     401           0 :     for( pos = 0, keyIt = m_tPriKeyList.begin() ; pos < position && keyIt != m_tPriKeyList.end() ; pos ++ , keyIt ++ ) ;
     402             : 
     403           0 :     if( pos == position && keyIt != m_tPriKeyList.end() )
     404           0 :         prikey = *keyIt ;
     405             : 
     406           0 :     return prikey ;
     407             : }
     408             : 
     409           0 : void SecurityEnvironment_NssImpl::updateSlots()
     410             : {
     411             :     //In case new tokens are present then we can obtain the corresponding slot
     412           0 :     PK11SlotList * soltList = NULL;
     413           0 :     PK11SlotListElement * soltEle = NULL;
     414           0 :     PK11SlotInfo * pSlot = NULL;
     415           0 :        PK11SymKey * pSymKey = NULL;
     416             : 
     417           0 :     osl::MutexGuard guard(m_mutex);
     418             : 
     419           0 :     m_Slots.clear();
     420           0 :     m_tSymKeyList.clear();
     421             : 
     422           0 :     soltList = PK11_GetAllTokens( CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, NULL ) ;
     423           0 :     if( soltList != NULL )
     424             :     {
     425           0 :         for( soltEle = soltList->head ; soltEle != NULL; soltEle = soltEle->next )
     426             :         {
     427           0 :             pSlot = soltEle->slot ;
     428             : 
     429           0 :             if(pSlot != NULL)
     430             :             {
     431             :                 SAL_INFO(
     432             :                     "xmlsecurity.xmlsec",
     433             :                     "Found a slot: SlotName=" << PK11_GetSlotName(pSlot)
     434             :                         << ", TokenName=" << PK11_GetTokenName(pSlot));
     435             : 
     436             : //The following code which is commented out checks if a slot, that is a smart card for example, is
     437             : //              able to generate a symmetric key of type CKM_DES3_CBC. If this fails then this token
     438             : //              will not be used. This key is possibly used for the encryption service. However, all
     439             : //              interfaces and services used for public key signature and encryption are not published
     440             : //              and the encryption is not used in OOo. Therefore it does not do any harm to remove
     441             : //              this code, hence allowing smart cards which cannot generate this type of key.
     442             : //
     443             : //              By doing this, the encryption may fail if a smart card is being used which does not
     444             : //              support this key generation.
     445             : //
     446           0 :                 pSymKey = PK11_KeyGen( pSlot , CKM_DES3_CBC, NULL, 128, NULL ) ;
     447             : //              if( pSymKey == NULL )
     448             : //              {
     449             : //                  PK11_FreeSlot( pSlot ) ;
     450             : //                  SAL_INFO( "xmlsecurity", "XMLSEC: Error - pSymKey is NULL" );
     451             : //                  continue;
     452             : //              }
     453           0 :                 addCryptoSlot(pSlot);
     454           0 :                 PK11_FreeSlot( pSlot ) ;
     455           0 :                 pSlot = NULL;
     456             : 
     457           0 :                 if (pSymKey != NULL)
     458             :                 {
     459           0 :                     adoptSymKey( pSymKey ) ;
     460           0 :                     PK11_FreeSymKey( pSymKey ) ;
     461           0 :                     pSymKey = NULL;
     462             :                 }
     463             : 
     464             :             }// end of if(pSlot != NULL)
     465             :         }// end of for
     466           0 :     }// end of if( soltList != NULL )
     467             : 
     468           0 : }
     469             : 
     470             : 
     471             : Sequence< Reference < XCertificate > >
     472           0 : SecurityEnvironment_NssImpl::getPersonalCertificates() throw( SecurityException , RuntimeException, std::exception )
     473             : {
     474             :     sal_Int32 length ;
     475             :     X509Certificate_NssImpl* xcert ;
     476           0 :     std::list< X509Certificate_NssImpl* > certsList ;
     477             : 
     478           0 :     updateSlots();
     479             :     //firstly, we try to find private keys in slot
     480           0 :     for (CIT_SLOTS is = m_Slots.begin(); is != m_Slots.end(); is++)
     481             :     {
     482           0 :         PK11SlotInfo *slot = *is;
     483             :         SECKEYPrivateKeyList* priKeyList ;
     484             :         SECKEYPrivateKeyListNode* curPri ;
     485             : 
     486           0 :         if( PK11_NeedLogin(slot ) ) {
     487           0 :             SECStatus nRet = PK11_Authenticate(slot, PR_TRUE, NULL);
     488             :             //PK11_Authenticate may fail in case the a slot has not been initialized.
     489             :             //this is the case if the user has a new profile, so that they have never
     490             :             //added a personal certificate.
     491           0 :             if( nRet != SECSuccess && PORT_GetError() != SEC_ERROR_IO) {
     492           0 :                 throw NoPasswordException();
     493             :             }
     494             :         }
     495             : 
     496           0 :         priKeyList = PK11_ListPrivateKeysInSlot(slot) ;
     497           0 :         if( priKeyList != NULL )
     498             :         {
     499           0 :             for( curPri = PRIVKEY_LIST_HEAD( priKeyList );
     500           0 :                 !PRIVKEY_LIST_END( curPri, priKeyList ) && curPri != NULL ;
     501             :                 curPri = PRIVKEY_LIST_NEXT( curPri ) )
     502             :             {
     503           0 :                 xcert = NssPrivKeyToXCert( curPri->key ) ;
     504           0 :                 if( xcert != NULL )
     505           0 :                     certsList.push_back( xcert ) ;
     506             :             }
     507           0 :             SECKEY_DestroyPrivateKeyList( priKeyList ) ;
     508             :         }
     509             : 
     510             : 
     511             :     }
     512             : 
     513             :     //secondly, we try to find certificate from registered private keys.
     514           0 :     if( !m_tPriKeyList.empty()  ) {
     515           0 :         std::list< SECKEYPrivateKey* >::iterator priKeyIt ;
     516             : 
     517           0 :         for( priKeyIt = m_tPriKeyList.begin() ; priKeyIt != m_tPriKeyList.end() ; ++priKeyIt ) {
     518           0 :             xcert = NssPrivKeyToXCert( *priKeyIt ) ;
     519           0 :             if( xcert != NULL )
     520           0 :                 certsList.push_back( xcert ) ;
     521             :         }
     522             :     }
     523             : 
     524           0 :     length = certsList.size() ;
     525           0 :     if( length != 0 ) {
     526             :         int i ;
     527           0 :         std::list< X509Certificate_NssImpl* >::iterator xcertIt ;
     528           0 :         Sequence< Reference< XCertificate > > certSeq( length ) ;
     529             : 
     530           0 :         for( i = 0, xcertIt = certsList.begin(); xcertIt != certsList.end(); ++xcertIt, ++i ) {
     531           0 :             certSeq[i] = *xcertIt ;
     532             :         }
     533             : 
     534           0 :         return certSeq ;
     535             :     }
     536             : 
     537           0 :     return Sequence< Reference < XCertificate > > ();
     538             : }
     539             : 
     540           0 : Reference< XCertificate > SecurityEnvironment_NssImpl :: getCertificate( const OUString& issuerName, const Sequence< sal_Int8 >& serialNumber ) throw( SecurityException , RuntimeException, std::exception )
     541             : {
     542           0 :     X509Certificate_NssImpl* xcert = NULL;
     543             : 
     544           0 :     if( m_pHandler != NULL ) {
     545             :         CERTIssuerAndSN issuerAndSN ;
     546             :         CERTCertificate* cert ;
     547             :         CERTName* nmIssuer ;
     548             :         char* chIssuer ;
     549             :         SECItem* derIssuer ;
     550             :         PRArenaPool* arena ;
     551             : 
     552           0 :         arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE ) ;
     553           0 :         if( arena == NULL )
     554           0 :             throw RuntimeException() ;
     555             : 
     556             :         // Create cert info from issue and serial
     557           0 :         OString ostr = OUStringToOString( issuerName , RTL_TEXTENCODING_UTF8 ) ;
     558           0 :         chIssuer = PL_strndup( ( char* )ostr.getStr(), ( int )ostr.getLength() ) ;
     559           0 :         nmIssuer = CERT_AsciiToName( chIssuer ) ;
     560           0 :         if( nmIssuer == NULL ) {
     561           0 :             PL_strfree( chIssuer ) ;
     562           0 :             PORT_FreeArena( arena, PR_FALSE ) ;
     563           0 :             return NULL; // no need for exception cf. i40394
     564             :         }
     565             : 
     566           0 :         derIssuer = SEC_ASN1EncodeItem( arena, NULL, ( void* )nmIssuer, SEC_ASN1_GET( CERT_NameTemplate ) ) ;
     567           0 :         if( derIssuer == NULL ) {
     568           0 :             PL_strfree( chIssuer ) ;
     569           0 :             CERT_DestroyName( nmIssuer ) ;
     570           0 :             PORT_FreeArena( arena, PR_FALSE ) ;
     571           0 :             throw RuntimeException() ;
     572             :         }
     573             : 
     574           0 :         memset( &issuerAndSN, 0, sizeof( issuerAndSN ) ) ;
     575             : 
     576           0 :         issuerAndSN.derIssuer.data = derIssuer->data ;
     577           0 :         issuerAndSN.derIssuer.len = derIssuer->len ;
     578             : 
     579           0 :         issuerAndSN.serialNumber.data = ( unsigned char* )&serialNumber[0] ;
     580           0 :         issuerAndSN.serialNumber.len = serialNumber.getLength() ;
     581             : 
     582           0 :         cert = CERT_FindCertByIssuerAndSN( m_pHandler, &issuerAndSN ) ;
     583           0 :         if( cert != NULL ) {
     584           0 :             xcert = NssCertToXCert( cert ) ;
     585             :         } else {
     586           0 :             xcert = NULL ;
     587             :         }
     588             : 
     589           0 :         PL_strfree( chIssuer ) ;
     590           0 :         CERT_DestroyName( nmIssuer ) ;
     591             :         //SECITEM_FreeItem( derIssuer, PR_FALSE ) ;
     592           0 :         CERT_DestroyCertificate( cert ) ;
     593           0 :         PORT_FreeArena( arena, PR_FALSE ) ;
     594             :     } else {
     595           0 :         xcert = NULL ;
     596             :     }
     597             : 
     598           0 :     return xcert ;
     599             : }
     600             : 
     601           0 : Reference< XCertificate > SecurityEnvironment_NssImpl :: getCertificate( const OUString& issuerName, const OUString& serialNumber ) throw( SecurityException , RuntimeException ) {
     602           0 :     Sequence< sal_Int8 > serial = numericStringToBigInteger( serialNumber ) ;
     603           0 :     return getCertificate( issuerName, serial ) ;
     604             : }
     605             : 
     606           0 : Sequence< Reference < XCertificate > > SecurityEnvironment_NssImpl :: buildCertificatePath( const Reference< XCertificate >& begin ) throw( SecurityException , RuntimeException, std::exception ) {
     607             :     const X509Certificate_NssImpl* xcert ;
     608             :     const CERTCertificate* cert ;
     609             :     CERTCertList* certChain ;
     610             : 
     611           0 :     Reference< XUnoTunnel > xCertTunnel( begin, UNO_QUERY ) ;
     612           0 :     if( !xCertTunnel.is() ) {
     613           0 :         throw RuntimeException() ;
     614             :     }
     615             : 
     616             :     xcert = reinterpret_cast<X509Certificate_NssImpl*>(
     617           0 :         sal::static_int_cast<sal_uIntPtr>(xCertTunnel->getSomething( X509Certificate_NssImpl::getUnoTunnelId() ))) ;
     618           0 :     if( xcert == NULL ) {
     619           0 :         throw RuntimeException() ;
     620             :     }
     621             : 
     622           0 :     cert = xcert->getNssCert() ;
     623           0 :     if( cert != NULL ) {
     624             :         int64 timeboundary ;
     625             : 
     626             :         //Get the system clock time
     627           0 :         timeboundary = PR_Now() ;
     628             : 
     629           0 :         certChain = CERT_GetCertChainFromCert( ( CERTCertificate* )cert, timeboundary, certUsageAnyCA ) ;
     630             :     } else {
     631           0 :         certChain = NULL ;
     632             :     }
     633             : 
     634           0 :     if( certChain != NULL ) {
     635             :         X509Certificate_NssImpl* pCert ;
     636             :         CERTCertListNode* node ;
     637             :         int len ;
     638             : 
     639           0 :         for( len = 0, node = CERT_LIST_HEAD( certChain ); !CERT_LIST_END( node, certChain ); node = CERT_LIST_NEXT( node ), len ++ ) ;
     640           0 :         Sequence< Reference< XCertificate > > xCertChain( len ) ;
     641             : 
     642           0 :         for( len = 0, node = CERT_LIST_HEAD( certChain ); !CERT_LIST_END( node, certChain ); node = CERT_LIST_NEXT( node ), len ++ ) {
     643           0 :             pCert = new X509Certificate_NssImpl() ;
     644           0 :             if( pCert == NULL ) {
     645           0 :                 CERT_DestroyCertList( certChain ) ;
     646           0 :                 throw RuntimeException() ;
     647             :             }
     648             : 
     649           0 :             pCert->setCert( node->cert ) ;
     650             : 
     651           0 :             xCertChain[len] = pCert ;
     652             :         }
     653             : 
     654           0 :         CERT_DestroyCertList( certChain ) ;
     655             : 
     656           0 :         return xCertChain ;
     657             :     }
     658             : 
     659           0 :     return Sequence< Reference < XCertificate > >();
     660             : }
     661             : 
     662           0 : Reference< XCertificate > SecurityEnvironment_NssImpl :: createCertificateFromRaw( const Sequence< sal_Int8 >& rawCertificate ) throw( SecurityException , RuntimeException, std::exception ) {
     663             :     X509Certificate_NssImpl* xcert ;
     664             : 
     665           0 :     if( rawCertificate.getLength() > 0 ) {
     666           0 :         xcert = new X509Certificate_NssImpl() ;
     667           0 :         if( xcert == NULL )
     668           0 :             throw RuntimeException() ;
     669             : 
     670           0 :         xcert->setRawCert( rawCertificate ) ;
     671             :     } else {
     672           0 :         xcert = NULL ;
     673             :     }
     674             : 
     675           0 :     return xcert ;
     676             : }
     677             : 
     678           0 : Reference< XCertificate > SecurityEnvironment_NssImpl :: createCertificateFromAscii( const OUString& asciiCertificate ) throw( SecurityException , RuntimeException, std::exception )
     679             : {
     680             :     xmlChar* chCert ;
     681             :     xmlSecSize certSize ;
     682             : 
     683           0 :     OString oscert = OUStringToOString( asciiCertificate , RTL_TEXTENCODING_ASCII_US ) ;
     684             : 
     685           0 :     chCert = xmlStrndup( ( const xmlChar* )oscert.getStr(), ( int )oscert.getLength() ) ;
     686             : 
     687           0 :     certSize = xmlSecBase64Decode( chCert, ( xmlSecByte* )chCert, xmlStrlen( chCert ) ) ;
     688             : 
     689           0 :     if(certSize > 0)
     690             :     {
     691           0 :         Sequence< sal_Int8 > rawCert( certSize ) ;
     692           0 :         for( unsigned int i = 0 ; i < certSize ; i ++ )
     693           0 :             rawCert[i] = *( chCert + i ) ;
     694             : 
     695           0 :         xmlFree( chCert ) ;
     696             : 
     697           0 :         return createCertificateFromRaw( rawCert ) ;
     698             :     }
     699             :     else
     700             :     {
     701           0 :         return NULL;
     702           0 :     }
     703             : }
     704             : 
     705           0 : sal_Int32 SecurityEnvironment_NssImpl ::
     706             : verifyCertificate( const Reference< csss::XCertificate >& aCert,
     707             :                    const Sequence< Reference< csss::XCertificate > >&  intermediateCerts )
     708             :     throw( ::com::sun::star::uno::SecurityException, ::com::sun::star::uno::RuntimeException, std::exception )
     709             : {
     710           0 :     sal_Int32 validity = csss::CertificateValidity::INVALID;
     711             :     const X509Certificate_NssImpl* xcert ;
     712             :     const CERTCertificate* cert ;
     713           0 :     ::std::vector<CERTCertificate*> vecTmpNSSCertificates;
     714           0 :     Reference< XUnoTunnel > xCertTunnel( aCert, UNO_QUERY ) ;
     715           0 :     if( !xCertTunnel.is() ) {
     716           0 :         throw RuntimeException() ;
     717             :     }
     718             : 
     719             :     xmlsec_trace("Start verification of certificate: \n %s \n",
     720             :               OUStringToOString(
     721           0 :                   aCert->getSubjectName(), osl_getThreadTextEncoding()).getStr());
     722             : 
     723             :     xcert = reinterpret_cast<X509Certificate_NssImpl*>(
     724           0 :        sal::static_int_cast<sal_uIntPtr>(xCertTunnel->getSomething( X509Certificate_NssImpl::getUnoTunnelId() ))) ;
     725           0 :     if( xcert == NULL ) {
     726           0 :         throw RuntimeException() ;
     727             :     }
     728             : 
     729             :     //CERT_PKIXVerifyCert does not take a db as argument. It will therefore
     730             :     //internally use CERT_GetDefaultCertDB
     731             :     //Make sure m_pHandler is the default DB
     732             :     OSL_ASSERT(m_pHandler == CERT_GetDefaultCertDB());
     733           0 :     CERTCertDBHandle * certDb = m_pHandler != NULL ? m_pHandler : CERT_GetDefaultCertDB();
     734           0 :     cert = xcert->getNssCert() ;
     735           0 :     if( cert != NULL )
     736             :     {
     737             : 
     738             :         //prepare the intermediate certificates
     739           0 :         for (sal_Int32 i = 0; i < intermediateCerts.getLength(); i++)
     740             :         {
     741           0 :             Sequence<sal_Int8> der = intermediateCerts[i]->getEncoded();
     742             :             SECItem item;
     743           0 :             item.type = siBuffer;
     744           0 :             item.data = (unsigned char*)der.getArray();
     745           0 :             item.len = der.getLength();
     746             : 
     747             :             CERTCertificate* certTmp = CERT_NewTempCertificate(certDb, &item,
     748             :                                            NULL     /* nickname */,
     749             :                                            PR_FALSE /* isPerm */,
     750           0 :                                            PR_TRUE  /* copyDER */);
     751           0 :              if (!certTmp)
     752             :              {
     753             :                  xmlsec_trace("Failed to add a temporary certificate: %s",
     754           0 :                            OUStringToOString(intermediateCerts[i]->getIssuerName(),
     755           0 :                                              osl_getThreadTextEncoding()).getStr());
     756             : 
     757             :              }
     758             :              else
     759             :              {
     760             :                  xmlsec_trace("Added temporary certificate: %s",
     761           0 :                            certTmp->subjectName ? certTmp->subjectName : "");
     762           0 :                  vecTmpNSSCertificates.push_back(certTmp);
     763             :              }
     764           0 :         }
     765             : 
     766             : 
     767             :         SECStatus status ;
     768             : 
     769             :         CERTVerifyLog log;
     770           0 :         log.arena = PORT_NewArena(512);
     771           0 :         log.head = log.tail = NULL;
     772           0 :         log.count = 0;
     773             : 
     774           0 :         CERT_EnableOCSPChecking(certDb);
     775           0 :         CERT_DisableOCSPDefaultResponder(certDb);
     776             :         CERTValOutParam cvout[5];
     777             :         CERTValInParam cvin[3];
     778           0 :         int ncvinCount=0;
     779             : 
     780             : #if ( NSS_VMAJOR > 3 ) || ( NSS_VMAJOR == 3 && NSS_VMINOR > 12 ) || ( NSS_VMAJOR == 3 && NSS_VMINOR == 12 && NSS_VPATCH > 0 )
     781           0 :         cvin[ncvinCount].type = cert_pi_useAIACertFetch;
     782           0 :         cvin[ncvinCount].value.scalar.b = PR_TRUE;
     783           0 :         ncvinCount++;
     784             : #endif
     785             : 
     786             :         PRUint64 revFlagsLeaf[2];
     787             :         PRUint64 revFlagsChain[2];
     788             :         CERTRevocationFlags rev;
     789           0 :         rev.leafTests.number_of_defined_methods = 2;
     790           0 :         rev.leafTests.cert_rev_flags_per_method = revFlagsLeaf;
     791             :         //the flags are defined in cert.h
     792             :         //We check both leaf and chain.
     793             :         //It is enough if one revocation method has fresh info,
     794             :         //but at least one must have some. Otherwise validation fails.
     795             :         //!!! using leaf test and CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE
     796             :         // when validating a root certificate will result in "revoked". Usually
     797             :         //there is no revocation information available for the root cert because
     798             :         //it must be trusted anyway and it does itself issue revocation information.
     799             :         //When we use the flag here and OOo shows the certification path then the root
     800             :         //cert is invalid while all other can be valid. It would probably best if
     801             :         //this interface method returned the whole chain.
     802             :         //Otherwise we need to check if the certificate is self-signed and if it is
     803             :         //then not use the flag when doing the leaf-test.
     804           0 :         rev.leafTests.cert_rev_flags_per_method[cert_revocation_method_crl] =
     805             :             CERT_REV_M_TEST_USING_THIS_METHOD
     806           0 :             | CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE;
     807           0 :         rev.leafTests.cert_rev_flags_per_method[cert_revocation_method_ocsp] =
     808             :             CERT_REV_M_TEST_USING_THIS_METHOD
     809           0 :             | CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE;
     810           0 :         rev.leafTests.number_of_preferred_methods = 0;
     811           0 :         rev.leafTests.preferred_methods = NULL;
     812             :         rev.leafTests.cert_rev_method_independent_flags =
     813           0 :             CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST;
     814             : 
     815           0 :         rev.chainTests.number_of_defined_methods = 2;
     816           0 :         rev.chainTests.cert_rev_flags_per_method = revFlagsChain;
     817           0 :         rev.chainTests.cert_rev_flags_per_method[cert_revocation_method_crl] =
     818             :             CERT_REV_M_TEST_USING_THIS_METHOD
     819           0 :             | CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE;
     820           0 :         rev.chainTests.cert_rev_flags_per_method[cert_revocation_method_ocsp] =
     821             :             CERT_REV_M_TEST_USING_THIS_METHOD
     822           0 :             | CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE;
     823           0 :         rev.chainTests.number_of_preferred_methods = 0;
     824           0 :         rev.chainTests.preferred_methods = NULL;
     825             :         rev.chainTests.cert_rev_method_independent_flags =
     826           0 :             CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST;
     827             : 
     828             : 
     829           0 :         cvin[ncvinCount].type = cert_pi_revocationFlags;
     830           0 :         cvin[ncvinCount].value.pointer.revocation = &rev;
     831           0 :         ncvinCount++;
     832             :         // does not work, not implemented yet in 3.12.4
     833             : //         cvin[ncvinCount].type = cert_pi_keyusage;
     834             : //         cvin[ncvinCount].value.scalar.ui = KU_DIGITAL_SIGNATURE;
     835             : //         ncvinCount++;
     836           0 :         cvin[ncvinCount].type = cert_pi_end;
     837             : 
     838           0 :         cvout[0].type = cert_po_trustAnchor;
     839           0 :         cvout[0].value.pointer.cert = NULL;
     840           0 :         cvout[1].type = cert_po_errorLog;
     841           0 :         cvout[1].value.pointer.log = &log;
     842           0 :         cvout[2].type = cert_po_end;
     843             : 
     844             :         // We check SSL server certificates, CA certificates and signing sertificates.
     845             :         //
     846             :         // ToDo check keyusage, looking at CERT_KeyUsageAndTypeForCertUsage (
     847             :         // mozilla/security/nss/lib/certdb/certdb.c indicates that
     848             :         // certificateUsageSSLClient, certificateUsageSSLServer and certificateUsageSSLCA
     849             :         // are sufficient. They cover the key usages for digital signature, key agreement
     850             :         // and encipherment and certificate signature
     851             : 
     852             :         //never use the following usages because they are not checked properly
     853             :         // certificateUsageUserCertImport
     854             :         // certificateUsageVerifyCA
     855             :         // certificateUsageAnyCA
     856             :         // certificateUsageProtectedObjectSigner
     857             : 
     858           0 :         UsageDescription arUsages[5];
     859           0 :         arUsages[0] = UsageDescription( certificateUsageSSLClient, "certificateUsageSSLClient"  );
     860           0 :         arUsages[1] = UsageDescription( certificateUsageSSLServer, "certificateUsageSSLServer"  );
     861           0 :         arUsages[2] = UsageDescription( certificateUsageSSLCA, "certificateUsageSSLCA"  );
     862           0 :         arUsages[3] = UsageDescription( certificateUsageEmailSigner, "certificateUsageEmailSigner" );
     863           0 :         arUsages[4] = UsageDescription( certificateUsageEmailRecipient, "certificateUsageEmailRecipient" );
     864             : 
     865           0 :         int numUsages = SAL_N_ELEMENTS(arUsages);
     866           0 :         for (int i = 0; i < numUsages; i++)
     867             :         {
     868             :             xmlsec_trace("Testing usage %d of %d: %s (0x%x)", i + 1,
     869           0 :                       numUsages, arUsages[i].description, (int) arUsages[i].usage);
     870             : 
     871             :             status = CERT_PKIXVerifyCert(const_cast<CERTCertificate *>(cert), arUsages[i].usage,
     872           0 :                                          cvin, cvout, NULL);
     873           0 :             if( status == SECSuccess )
     874             :             {
     875           0 :                 xmlsec_trace("CERT_PKIXVerifyCert returned SECSuccess.");
     876             :                 //When an intermediate or root certificate is checked then we expect the usage
     877             :                 //certificateUsageSSLCA. This, however, will be only set when in the trust settings dialog
     878             :                 //the button "This certificate can identify websites" is checked. If for example only
     879             :                 //"This certificate can identify mail users" is set then the end certificate can
     880             :                 //be validated and the returned usage will conain certificateUsageEmailRecipient.
     881             :                 //But checking directly the root or intermediate certificate will fail. In the
     882             :                 //certificate path view the end certificate will be shown as valid but the others
     883             :                 //will be displayed as invalid.
     884             : 
     885           0 :                 validity = csss::CertificateValidity::VALID;
     886           0 :                 xmlsec_trace("Certificate is valid.\n");
     887           0 :                 CERTCertificate * issuerCert = cvout[0].value.pointer.cert;
     888           0 :                 if (issuerCert)
     889             :                 {
     890           0 :                     xmlsec_trace("Root certificate: %s", issuerCert->subjectName);
     891           0 :                     CERT_DestroyCertificate(issuerCert);
     892             :                 };
     893             : 
     894           0 :                 break;
     895             :             }
     896             :             else
     897             :             {
     898           0 :                 PRIntn err = PR_GetError();
     899           0 :                 xmlsec_trace("Error: , %d = %s", err, getCertError(err));
     900             : 
     901             :                 /* Display validation results */
     902           0 :                 if ( log.count > 0)
     903             :                 {
     904           0 :                     CERTVerifyLogNode *node = NULL;
     905           0 :                     printChainFailure(&log);
     906             : 
     907           0 :                     for (node = log.head; node; node = node->next) {
     908           0 :                         if (node->cert)
     909           0 :                             CERT_DestroyCertificate(node->cert);
     910             :                     }
     911           0 :                     log.head = log.tail = NULL;
     912           0 :                     log.count = 0;
     913             :                 }
     914           0 :                 xmlsec_trace("Certificate is invalid.\n");
     915             :             }
     916             :         }
     917             : 
     918             :     }
     919             :     else
     920             :     {
     921           0 :         validity = ::com::sun::star::security::CertificateValidity::INVALID ;
     922             :     }
     923             : 
     924             :     //Destroying the temporary certificates
     925           0 :     std::vector<CERTCertificate*>::const_iterator cert_i;
     926           0 :     for (cert_i = vecTmpNSSCertificates.begin(); cert_i != vecTmpNSSCertificates.end(); ++cert_i)
     927             :     {
     928           0 :         xmlsec_trace("Destroying temporary certificate");
     929           0 :         CERT_DestroyCertificate(*cert_i);
     930             :     }
     931           0 :     return validity ;
     932             : }
     933             : 
     934           0 : sal_Int32 SecurityEnvironment_NssImpl::getCertificateCharacters(
     935             :     const ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificate >& aCert ) throw( ::com::sun::star::uno::SecurityException, ::com::sun::star::uno::RuntimeException, std::exception ) {
     936             :     sal_Int32 characters ;
     937             :     const X509Certificate_NssImpl* xcert ;
     938             :     const CERTCertificate* cert ;
     939             : 
     940           0 :     Reference< XUnoTunnel > xCertTunnel( aCert, UNO_QUERY ) ;
     941           0 :     if( !xCertTunnel.is() ) {
     942           0 :         throw RuntimeException() ;
     943             :     }
     944             : 
     945             :     xcert = reinterpret_cast<X509Certificate_NssImpl*>(
     946           0 :         sal::static_int_cast<sal_uIntPtr>(xCertTunnel->getSomething( X509Certificate_NssImpl::getUnoTunnelId() ))) ;
     947           0 :     if( xcert == NULL ) {
     948           0 :         throw RuntimeException() ;
     949             :     }
     950             : 
     951           0 :     cert = xcert->getNssCert() ;
     952             : 
     953           0 :     characters = 0x00000000 ;
     954             : 
     955             :     //Firstly, find out whether or not the cert is self-signed.
     956           0 :     if( SECITEM_CompareItem( &(cert->derIssuer), &(cert->derSubject) ) == SECEqual ) {
     957           0 :         characters |= ::com::sun::star::security::CertificateCharacters::SELF_SIGNED ;
     958             :     } else {
     959           0 :         characters &= ~ ::com::sun::star::security::CertificateCharacters::SELF_SIGNED ;
     960             :     }
     961             : 
     962             :     //Secondly, find out whether or not the cert has a private key.
     963             : 
     964             :     /*
     965             :      * i40394
     966             :      *
     967             :      * mmi : need to check whether the cert's slot is valid first
     968             :      */
     969           0 :     SECKEYPrivateKey* priKey = NULL;
     970             : 
     971           0 :     if (cert->slot != NULL)
     972             :     {
     973           0 :         priKey = PK11_FindPrivateKeyFromCert( cert->slot, ( CERTCertificate* )cert, NULL ) ;
     974             :     }
     975           0 :     if(priKey == NULL)
     976             :     {
     977           0 :         for (CIT_SLOTS is = m_Slots.begin(); is != m_Slots.end(); is++)
     978             :         {
     979           0 :             priKey = PK11_FindPrivateKeyFromCert(*is, (CERTCertificate*)cert, NULL);
     980           0 :             if (priKey)
     981           0 :                 break;
     982             :         }
     983             :     }
     984           0 :     if( priKey != NULL ) {
     985           0 :         characters |=  ::com::sun::star::security::CertificateCharacters::HAS_PRIVATE_KEY ;
     986             : 
     987           0 :         SECKEY_DestroyPrivateKey( priKey ) ;
     988             :     } else {
     989           0 :         characters &= ~ ::com::sun::star::security::CertificateCharacters::HAS_PRIVATE_KEY ;
     990             :     }
     991             : 
     992           0 :     return characters ;
     993             : }
     994             : 
     995           0 : X509Certificate_NssImpl* NssCertToXCert( CERTCertificate* cert )
     996             : {
     997             :     X509Certificate_NssImpl* xcert ;
     998             : 
     999           0 :     if( cert != NULL ) {
    1000           0 :         xcert = new X509Certificate_NssImpl() ;
    1001           0 :         if( xcert == NULL ) {
    1002           0 :             xcert = NULL ;
    1003             :         } else {
    1004           0 :             xcert->setCert( cert ) ;
    1005             :         }
    1006             :     } else {
    1007           0 :         xcert = NULL ;
    1008             :     }
    1009             : 
    1010           0 :     return xcert ;
    1011             : }
    1012             : 
    1013           0 : X509Certificate_NssImpl* NssPrivKeyToXCert( SECKEYPrivateKey* priKey )
    1014             : {
    1015             :     CERTCertificate* cert ;
    1016             :     X509Certificate_NssImpl* xcert ;
    1017             : 
    1018           0 :     if( priKey != NULL ) {
    1019           0 :         cert = PK11_GetCertFromPrivateKey( priKey ) ;
    1020             : 
    1021           0 :         if( cert != NULL ) {
    1022           0 :             xcert = NssCertToXCert( cert ) ;
    1023             :         } else {
    1024           0 :             xcert = NULL ;
    1025             :         }
    1026             : 
    1027           0 :         CERT_DestroyCertificate( cert ) ;
    1028             :     } else {
    1029           0 :         xcert = NULL ;
    1030             :     }
    1031             : 
    1032           0 :     return xcert ;
    1033             : }
    1034             : 
    1035             : 
    1036             : /* Native methods */
    1037           0 : xmlSecKeysMngrPtr SecurityEnvironment_NssImpl::createKeysManager() throw( Exception, RuntimeException ) {
    1038             : 
    1039             :     unsigned int i ;
    1040           0 :     CERTCertDBHandle* handler = NULL ;
    1041           0 :     PK11SymKey* symKey = NULL ;
    1042           0 :     SECKEYPublicKey* pubKey = NULL ;
    1043           0 :     SECKEYPrivateKey* priKey = NULL ;
    1044           0 :     xmlSecKeysMngrPtr pKeysMngr = NULL ;
    1045             : 
    1046           0 :     handler = this->getCertDb() ;
    1047             : 
    1048             :     /*-
    1049             :      * The following lines is based on the private version of xmlSec-NSS
    1050             :      * crypto engine
    1051             :      */
    1052           0 :     int cSlots = m_Slots.size();
    1053           0 :     boost::scoped_array<PK11SlotInfo*> sarSlots(new PK11SlotInfo*[cSlots]);
    1054           0 :     PK11SlotInfo**  slots = sarSlots.get();
    1055           0 :     int count = 0;
    1056           0 :     for (CIT_SLOTS islots = m_Slots.begin();islots != m_Slots.end(); islots++, count++)
    1057           0 :         slots[count] = *islots;
    1058             : 
    1059           0 :     pKeysMngr = xmlSecNssAppliedKeysMngrCreate(slots, cSlots, handler ) ;
    1060           0 :     if( pKeysMngr == NULL )
    1061           0 :         throw RuntimeException() ;
    1062             : 
    1063             :     /*-
    1064             :      * Adopt symmetric key into keys manager
    1065             :      */
    1066           0 :     for( i = 0 ; ( symKey = this->getSymKey( i ) ) != NULL ; i ++ ) {
    1067           0 :         if( xmlSecNssAppliedKeysMngrSymKeyLoad( pKeysMngr, symKey ) < 0 ) {
    1068           0 :             throw RuntimeException() ;
    1069             :         }
    1070             :     }
    1071             : 
    1072             :     /*-
    1073             :      * Adopt asymmetric public key into keys manager
    1074             :      */
    1075           0 :     for( i = 0 ; ( pubKey = this->getPubKey( i ) ) != NULL ; i ++ ) {
    1076           0 :         if( xmlSecNssAppliedKeysMngrPubKeyLoad( pKeysMngr, pubKey ) < 0 ) {
    1077           0 :             throw RuntimeException() ;
    1078             :         }
    1079             :     }
    1080             : 
    1081             :     /*-
    1082             :      * Adopt asymmetric private key into keys manager
    1083             :      */
    1084           0 :     for( i = 0 ; ( priKey = this->getPriKey( i ) ) != NULL ; i ++ ) {
    1085           0 :         if( xmlSecNssAppliedKeysMngrPriKeyLoad( pKeysMngr, priKey ) < 0 ) {
    1086           0 :             throw RuntimeException() ;
    1087             :         }
    1088             :     }
    1089           0 :     return pKeysMngr ;
    1090             : }
    1091           0 : void SecurityEnvironment_NssImpl::destroyKeysManager(xmlSecKeysMngrPtr pKeysMngr) throw( Exception, RuntimeException ) {
    1092           0 :     if( pKeysMngr != NULL ) {
    1093           0 :         xmlSecKeysMngrDestroy( pKeysMngr ) ;
    1094             :     }
    1095           0 : }
    1096             : 
    1097             : /* vim:set shiftwidth=4 softtabstop=4 expandtab: */

Generated by: LCOV version 1.10