LCOV - code coverage report
Current view: top level - libreoffice/uui/source - iahndl-ssl.cxx (source / functions) Hit Total Coverage
Test: libreoffice_filtered.info Lines: 0 134 0.0 %
Date: 2012-12-27 Functions: 0 7 0.0 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
       2             : /*
       3             :  * This file is part of the LibreOffice project.
       4             :  *
       5             :  * This Source Code Form is subject to the terms of the Mozilla Public
       6             :  * License, v. 2.0. If a copy of the MPL was not distributed with this
       7             :  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
       8             :  *
       9             :  * This file incorporates work covered by the following license notice:
      10             :  *
      11             :  *   Licensed to the Apache Software Foundation (ASF) under one or more
      12             :  *   contributor license agreements. See the NOTICE file distributed
      13             :  *   with this work for additional information regarding copyright
      14             :  *   ownership. The ASF licenses this file to you under the Apache
      15             :  *   License, Version 2.0 (the "License"); you may not use this file
      16             :  *   except in compliance with the License. You may obtain a copy of
      17             :  *   the License at http://www.apache.org/licenses/LICENSE-2.0 .
      18             :  */
      19             : 
      20             : 
      21             : #include "com/sun/star/security/CertificateValidity.hpp"
      22             : #include "com/sun/star/security/XCertificateExtension.hpp"
      23             : #include "com/sun/star/security/XSanExtension.hpp"
      24             : #include <com/sun/star/security/ExtAltNameType.hpp>
      25             : #include "com/sun/star/task/XInteractionAbort.hpp"
      26             : #include "com/sun/star/task/XInteractionApprove.hpp"
      27             : #include "com/sun/star/task/XInteractionRequest.hpp"
      28             : #include "com/sun/star/ucb/CertificateValidationRequest.hpp"
      29             : #include <com/sun/star/uno/Reference.hxx>
      30             : 
      31             : #include "osl/mutex.hxx"
      32             : #include <com/sun/star/uno/Sequence.hxx>
      33             : #include "svl/zforlist.hxx"
      34             : #include "vcl/svapp.hxx"
      35             : 
      36             : #include "ids.hrc"
      37             : #include "getcontinuations.hxx"
      38             : #include "sslwarndlg.hxx"
      39             : #include "unknownauthdlg.hxx"
      40             : 
      41             : #include "iahndl.hxx"
      42             : 
      43             : #include <boost/scoped_ptr.hpp>
      44             : 
      45             : #define DESCRIPTION_1 1
      46             : #define TITLE 3
      47             : 
      48             : #define OID_SUBJECT_ALTERNATIVE_NAME "2.5.29.17"
      49             : 
      50             : 
      51             : using namespace com::sun::star;
      52             : 
      53             : namespace {
      54             : 
      55             : String
      56           0 : getContentPart( const String& _rRawString )
      57             : {
      58             :     // search over some parts to find a string
      59             :     static char const * aIDs[] = { "CN=", "OU=", "O=", "E=", NULL };
      60           0 :     String sPart;
      61           0 :     int i = 0;
      62           0 :     while ( aIDs[i] )
      63             :     {
      64           0 :         String sPartId = rtl::OUString::createFromAscii( aIDs[i++] );
      65           0 :         xub_StrLen nContStart = _rRawString.Search( sPartId );
      66           0 :         if ( nContStart != STRING_NOTFOUND )
      67             :         {
      68           0 :             nContStart = nContStart + sPartId.Len();
      69             :             xub_StrLen nContEnd
      70           0 :                 = _rRawString.Search( sal_Unicode( ',' ), nContStart );
      71           0 :             sPart = String( _rRawString, nContStart, nContEnd - nContStart );
      72             :             break;
      73             :         }
      74           0 :     }
      75           0 :     return sPart;
      76             : }
      77             : 
      78             : bool
      79           0 : isDomainMatch(
      80             :               rtl::OUString hostName, uno::Sequence< ::rtl::OUString > certHostNames)
      81             : {
      82           0 :     for ( int i = 0; i < certHostNames.getLength(); i++){
      83           0 :         ::rtl::OUString element = certHostNames[i];
      84             : 
      85           0 :        if (element.isEmpty())
      86           0 :            continue;
      87             : 
      88           0 :        if (hostName.equalsIgnoreAsciiCase( element ))
      89           0 :            return true;
      90             : 
      91           0 :        if ( 0 == element.indexOf( '*' ) &&
      92           0 :                  hostName.getLength() >= element.getLength()  )
      93             :        {
      94           0 :            rtl::OUString cmpStr = element.copy( 1 );
      95           0 :            if ( hostName.matchIgnoreAsciiCase(
      96           0 :                     cmpStr, hostName.getLength() - cmpStr.getLength()) )
      97           0 :                return true;
      98             :        }
      99           0 :     }
     100             : 
     101           0 :     return false;
     102             : }
     103             : 
     104             : rtl::OUString
     105           0 : getLocalizedDatTimeStr(
     106             :     uno::Reference< lang::XMultiServiceFactory > const & xServiceFactory,
     107             :     util::DateTime const & rDateTime )
     108             : {
     109           0 :     rtl::OUString aDateTimeStr;
     110           0 :     Date  aDate( Date::EMPTY );
     111           0 :     Time  aTime( Time::EMPTY );
     112             : 
     113           0 :     aDate = Date( rDateTime.Day, rDateTime.Month, rDateTime.Year );
     114           0 :     aTime = Time( rDateTime.Hours, rDateTime.Minutes, rDateTime.Seconds );
     115             : 
     116           0 :     LanguageType eUILang = Application::GetSettings().GetUILanguageTag().getLanguageType();
     117             :     SvNumberFormatter *pNumberFormatter
     118           0 :         = new SvNumberFormatter( xServiceFactory, eUILang );
     119           0 :     String      aTmpStr;
     120           0 :     Color*      pColor = NULL;
     121           0 :     Date*       pNullDate = pNumberFormatter->GetNullDate();
     122             :     sal_uInt32  nFormat
     123           0 :         = pNumberFormatter->GetStandardFormat( NUMBERFORMAT_DATE, eUILang );
     124             : 
     125             :     pNumberFormatter->GetOutputString(
     126           0 :         aDate - *pNullDate, nFormat, aTmpStr, &pColor );
     127           0 :     aDateTimeStr = aTmpStr + rtl::OUString(" ");
     128             : 
     129           0 :     nFormat = pNumberFormatter->GetStandardFormat( NUMBERFORMAT_TIME, eUILang );
     130             :     pNumberFormatter->GetOutputString(
     131           0 :         aTime.GetTimeInDays(), nFormat, aTmpStr, &pColor );
     132           0 :     aDateTimeStr += aTmpStr;
     133             : 
     134           0 :     return aDateTimeStr;
     135             : }
     136             : 
     137             : sal_Bool
     138           0 : executeUnknownAuthDialog(
     139             :     Window * pParent,
     140             :     uno::Reference< lang::XMultiServiceFactory > const & xServiceFactory,
     141             :     const uno::Reference< security::XCertificate >& rXCert)
     142             :     SAL_THROW((uno::RuntimeException))
     143             : {
     144             :     try
     145             :     {
     146           0 :         SolarMutexGuard aGuard;
     147             : 
     148           0 :         boost::scoped_ptr< ResMgr > xManager(ResMgr::CreateResMgr("uui"));
     149             :         boost::scoped_ptr< UnknownAuthDialog > xDialog(
     150             :             new UnknownAuthDialog( pParent,
     151             :                                    rXCert,
     152             :                                    xServiceFactory,
     153           0 :                                    xManager.get()));
     154             : 
     155             :         // Get correct resource string
     156           0 :         rtl::OUString aMessage;
     157             : 
     158           0 :         std::vector< rtl::OUString > aArguments;
     159           0 :         aArguments.push_back( getContentPart( rXCert->getSubjectName()) );
     160             : 
     161           0 :         if (xManager.get())
     162             :         {
     163           0 :             ResId aResId(RID_UUI_ERRHDL, *xManager.get());
     164           0 :             if (ErrorResource(aResId).getString(
     165           0 :                     ERRCODE_UUI_UNKNOWNAUTH_UNTRUSTED, aMessage))
     166             :             {
     167             :                 aMessage = UUIInteractionHelper::replaceMessageWithArguments(
     168           0 :                     aMessage, aArguments );
     169           0 :                 xDialog->setDescriptionText( aMessage );
     170             :             }
     171             :         }
     172             : 
     173           0 :         return static_cast<sal_Bool> (xDialog->Execute());
     174             :     }
     175           0 :     catch (std::bad_alloc const &)
     176             :     {
     177             :         throw uno::RuntimeException(
     178             :                   rtl::OUString("out of memory"),
     179           0 :                   uno::Reference< uno::XInterface >());
     180             :     }
     181             : }
     182             : 
     183             : sal_Bool
     184           0 : executeSSLWarnDialog(
     185             :     Window * pParent,
     186             :     uno::Reference< lang::XMultiServiceFactory > const & xServiceFactory,
     187             :     const uno::Reference< security::XCertificate >& rXCert,
     188             :     sal_Int32 const & failure,
     189             :     const rtl::OUString & hostName )
     190             :     SAL_THROW((uno::RuntimeException))
     191             : {
     192             :     try
     193             :     {
     194           0 :         SolarMutexGuard aGuard;
     195             : 
     196           0 :         boost::scoped_ptr< ResMgr > xManager(ResMgr::CreateResMgr("uui"));
     197             :         boost::scoped_ptr< SSLWarnDialog > xDialog(
     198             :            new SSLWarnDialog( pParent,
     199             :                               rXCert,
     200             :                               xServiceFactory,
     201           0 :                               xManager.get()));
     202             : 
     203             :         // Get correct resource string
     204           0 :         rtl::OUString aMessage_1;
     205           0 :         std::vector< rtl::OUString > aArguments_1;
     206             : 
     207           0 :         switch( failure )
     208             :         {
     209             :             case SSLWARN_TYPE_DOMAINMISMATCH:
     210           0 :                 aArguments_1.push_back( hostName );
     211             :                 aArguments_1.push_back(
     212           0 :                     getContentPart( rXCert->getSubjectName()) );
     213           0 :                 aArguments_1.push_back( hostName );
     214           0 :                 break;
     215             :             case SSLWARN_TYPE_EXPIRED:
     216             :                 aArguments_1.push_back(
     217           0 :                     getContentPart( rXCert->getSubjectName()) );
     218             :                 aArguments_1.push_back(
     219             :                     getLocalizedDatTimeStr( xServiceFactory,
     220           0 :                                             rXCert->getNotValidAfter() ) );
     221             :                 aArguments_1.push_back(
     222             :                     getLocalizedDatTimeStr( xServiceFactory,
     223           0 :                                             rXCert->getNotValidAfter() ) );
     224           0 :                 break;
     225             :             case SSLWARN_TYPE_INVALID:
     226           0 :                 break;
     227             :         }
     228             : 
     229           0 :         if (xManager.get())
     230             :         {
     231           0 :             ResId aResId(RID_UUI_ERRHDL, *xManager.get());
     232           0 :             if (ErrorResource(aResId).getString(
     233             :                     ERRCODE_AREA_UUI_UNKNOWNAUTH + failure + DESCRIPTION_1,
     234           0 :                     aMessage_1))
     235             :             {
     236             :                 aMessage_1 = UUIInteractionHelper::replaceMessageWithArguments(
     237           0 :                     aMessage_1, aArguments_1 );
     238           0 :                 xDialog->setDescription1Text( aMessage_1 );
     239             :             }
     240             : 
     241           0 :             rtl::OUString aTitle;
     242             :             ErrorResource(aResId).getString(
     243           0 :                 ERRCODE_AREA_UUI_UNKNOWNAUTH + failure + TITLE, aTitle);
     244           0 :             xDialog->SetText( aTitle );
     245             :         }
     246             : 
     247           0 :         return static_cast<sal_Bool> (xDialog->Execute());
     248             :     }
     249           0 :     catch (std::bad_alloc const &)
     250             :     {
     251             :         throw uno::RuntimeException(
     252             :                   rtl::OUString("out of memory"),
     253           0 :                   uno::Reference< uno::XInterface >());
     254             :     }
     255             : }
     256             : 
     257             : void
     258           0 : handleCertificateValidationRequest_(
     259             :     Window * pParent,
     260             :     uno::Reference< lang::XMultiServiceFactory > const & xServiceFactory,
     261             :     ucb::CertificateValidationRequest const & rRequest,
     262             :     uno::Sequence< uno::Reference< task::XInteractionContinuation > > const &
     263             :         rContinuations)
     264             :     SAL_THROW((uno::RuntimeException))
     265             : {
     266           0 :     uno::Reference< task::XInteractionApprove > xApprove;
     267           0 :     uno::Reference< task::XInteractionAbort > xAbort;
     268           0 :     getContinuations(rContinuations, &xApprove, &xAbort);
     269             : 
     270           0 :     sal_Int32 failures = rRequest.CertificateValidity;
     271           0 :     sal_Bool trustCert = sal_True;
     272             : 
     273           0 :     if ( ((failures & security::CertificateValidity::UNTRUSTED)
     274             :              == security::CertificateValidity::UNTRUSTED ) ||
     275             :          ((failures & security::CertificateValidity::ISSUER_UNTRUSTED)
     276             :              == security::CertificateValidity::ISSUER_UNTRUSTED) ||
     277             :          ((failures & security::CertificateValidity::ROOT_UNTRUSTED)
     278             :              == security::CertificateValidity::ROOT_UNTRUSTED) )
     279             :     {
     280             :         trustCert = executeUnknownAuthDialog( pParent,
     281             :                                               xServiceFactory,
     282           0 :                                               rRequest.Certificate );
     283             :     }
     284             : 
     285           0 :     uno::Sequence< uno::Reference< security::XCertificateExtension > > extensions = rRequest.Certificate->getExtensions();
     286           0 :     uno::Sequence< security::CertAltNameEntry > altNames;
     287           0 :     for (sal_Int32 i = 0 ; i < extensions.getLength(); i++){
     288           0 :         uno::Reference< security::XCertificateExtension >element = extensions[i];
     289             : 
     290           0 :         rtl::OString aId ( (const sal_Char *)element->getExtensionId().getArray(), element->getExtensionId().getLength());
     291           0 :         if (aId.equals(OID_SUBJECT_ALTERNATIVE_NAME))
     292             :         {
     293           0 :            uno::Reference< security::XSanExtension > sanExtension ( element, uno::UNO_QUERY );
     294           0 :            altNames =  sanExtension->getAlternativeNames();
     295           0 :            break;
     296             :         }
     297           0 :     }
     298             : 
     299           0 :     ::rtl::OUString certHostName = getContentPart( rRequest.Certificate->getSubjectName() );
     300           0 :     uno::Sequence< ::rtl::OUString > certHostNames(altNames.getLength() + 1);
     301             : 
     302           0 :     certHostNames[0] = certHostName;
     303             : 
     304           0 :     for(int n = 1; n < altNames.getLength(); n++){
     305           0 :         if (altNames[n].Type ==  security::ExtAltNameType_DNS_NAME){
     306           0 :            altNames[n].Value >>= certHostNames[n];
     307             :         }
     308             :     }
     309             : 
     310           0 :     if ( (!isDomainMatch(
     311             :               rRequest.HostName,
     312           0 :               certHostNames )) &&
     313             :           trustCert )
     314             :     {
     315             :         trustCert = executeSSLWarnDialog( pParent,
     316             :                                           xServiceFactory,
     317             :                                           rRequest.Certificate,
     318             :                                           SSLWARN_TYPE_DOMAINMISMATCH,
     319           0 :                                           rRequest.HostName );
     320             :     }
     321             : 
     322           0 :     else if ( (((failures & security::CertificateValidity::TIME_INVALID)
     323             :                 == security::CertificateValidity::TIME_INVALID) ||
     324             :                ((failures & security::CertificateValidity::NOT_TIME_NESTED)
     325             :                 == security::CertificateValidity::NOT_TIME_NESTED)) &&
     326             :               trustCert )
     327             :     {
     328             :         trustCert = executeSSLWarnDialog( pParent,
     329             :                                           xServiceFactory,
     330             :                                           rRequest.Certificate,
     331             :                                           SSLWARN_TYPE_EXPIRED,
     332           0 :                                           rRequest.HostName );
     333             :     }
     334             : 
     335           0 :     else if ( (((failures & security::CertificateValidity::REVOKED)
     336             :                 == security::CertificateValidity::REVOKED) ||
     337             :                ((failures & security::CertificateValidity::SIGNATURE_INVALID)
     338             :                 == security::CertificateValidity::SIGNATURE_INVALID) ||
     339             :                ((failures & security::CertificateValidity::EXTENSION_INVALID)
     340             :                 == security::CertificateValidity::EXTENSION_INVALID) ||
     341             :                ((failures & security::CertificateValidity::INVALID)
     342             :                 == security::CertificateValidity::INVALID)) &&
     343             :               trustCert )
     344             :     {
     345             :         trustCert = executeSSLWarnDialog( pParent,
     346             :                                           xServiceFactory,
     347             :                                           rRequest.Certificate,
     348             :                                           SSLWARN_TYPE_INVALID,
     349           0 :                                           rRequest.HostName );
     350             :     }
     351             : 
     352           0 :     if ( trustCert )
     353             :     {
     354           0 :         if (xApprove.is())
     355           0 :             xApprove->select();
     356             :     }
     357             :     else
     358             :     {
     359           0 :         if (xAbort.is())
     360           0 :             xAbort->select();
     361           0 :     }
     362           0 : }
     363             : 
     364             : } // namespace
     365             : 
     366             : bool
     367           0 : UUIInteractionHelper::handleCertificateValidationRequest(
     368             :     uno::Reference< task::XInteractionRequest > const & rRequest)
     369             :     SAL_THROW((uno::RuntimeException))
     370             : {
     371           0 :     uno::Any aAnyRequest(rRequest->getRequest());
     372             : 
     373           0 :     ucb::CertificateValidationRequest aCertificateValidationRequest;
     374           0 :     if (aAnyRequest >>= aCertificateValidationRequest)
     375             :     {
     376             :         handleCertificateValidationRequest_(getParentProperty(),
     377             :                                             m_xServiceFactory,
     378             :                                             aCertificateValidationRequest,
     379           0 :                                             rRequest->getContinuations());
     380           0 :         return true;
     381             :     }
     382             : 
     383           0 :     return false;
     384             : }
     385             : 
     386             : /* vim:set shiftwidth=4 softtabstop=4 expandtab: */

Generated by: LCOV version 1.10