Line data Source code
1 : /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 : /*
3 : * This file is part of the LibreOffice project.
4 : *
5 : * This Source Code Form is subject to the terms of the Mozilla Public
6 : * License, v. 2.0. If a copy of the MPL was not distributed with this
7 : * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 : *
9 : * This file incorporates work covered by the following license notice:
10 : *
11 : * Licensed to the Apache Software Foundation (ASF) under one or more
12 : * contributor license agreements. See the NOTICE file distributed
13 : * with this work for additional information regarding copyright
14 : * ownership. The ASF licenses this file to you under the Apache
15 : * License, Version 2.0 (the "License"); you may not use this file
16 : * except in compliance with the License. You may obtain a copy of
17 : * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18 : */
19 :
20 :
21 : #include "com/sun/star/security/CertificateValidity.hpp"
22 : #include "com/sun/star/security/XCertificateExtension.hpp"
23 : #include "com/sun/star/security/XSanExtension.hpp"
24 : #include <com/sun/star/security/ExtAltNameType.hpp>
25 : #include "com/sun/star/task/XInteractionAbort.hpp"
26 : #include "com/sun/star/task/XInteractionApprove.hpp"
27 : #include "com/sun/star/task/XInteractionRequest.hpp"
28 : #include "com/sun/star/ucb/CertificateValidationRequest.hpp"
29 : #include <com/sun/star/uno/Reference.hxx>
30 :
31 : #include "osl/mutex.hxx"
32 : #include <com/sun/star/uno/Sequence.hxx>
33 : #include "svl/zforlist.hxx"
34 : #include "vcl/svapp.hxx"
35 :
36 : #include "ids.hrc"
37 : #include "getcontinuations.hxx"
38 : #include "sslwarndlg.hxx"
39 : #include "unknownauthdlg.hxx"
40 :
41 : #include "iahndl.hxx"
42 :
43 : #include <boost/scoped_ptr.hpp>
44 :
45 : #define DESCRIPTION_1 1
46 : #define TITLE 3
47 :
48 : #define OID_SUBJECT_ALTERNATIVE_NAME "2.5.29.17"
49 :
50 :
51 : using namespace com::sun::star;
52 :
53 : namespace {
54 :
55 : String
56 0 : getContentPart( const String& _rRawString )
57 : {
58 : // search over some parts to find a string
59 : static char const * aIDs[] = { "CN=", "OU=", "O=", "E=", NULL };
60 0 : String sPart;
61 0 : int i = 0;
62 0 : while ( aIDs[i] )
63 : {
64 0 : String sPartId = OUString::createFromAscii( aIDs[i++] );
65 0 : xub_StrLen nContStart = _rRawString.Search( sPartId );
66 0 : if ( nContStart != STRING_NOTFOUND )
67 : {
68 0 : nContStart = nContStart + sPartId.Len();
69 : xub_StrLen nContEnd
70 0 : = _rRawString.Search( sal_Unicode( ',' ), nContStart );
71 0 : sPart = String( _rRawString, nContStart, nContEnd - nContStart );
72 0 : break;
73 : }
74 0 : }
75 0 : return sPart;
76 : }
77 :
78 : bool
79 0 : isDomainMatch(
80 : OUString hostName, uno::Sequence< OUString > certHostNames)
81 : {
82 0 : for ( int i = 0; i < certHostNames.getLength(); i++){
83 0 : OUString element = certHostNames[i];
84 :
85 0 : if (element.isEmpty())
86 0 : continue;
87 :
88 0 : if (hostName.equalsIgnoreAsciiCase( element ))
89 0 : return true;
90 :
91 0 : if ( 0 == element.indexOf( '*' ) &&
92 0 : hostName.getLength() >= element.getLength() )
93 : {
94 0 : OUString cmpStr = element.copy( 1 );
95 0 : if ( hostName.matchIgnoreAsciiCase(
96 0 : cmpStr, hostName.getLength() - cmpStr.getLength()) )
97 0 : return true;
98 : }
99 0 : }
100 :
101 0 : return false;
102 : }
103 :
104 : OUString
105 0 : getLocalizedDatTimeStr(
106 : uno::Reference< uno::XComponentContext> const & xContext,
107 : util::DateTime const & rDateTime )
108 : {
109 0 : OUString aDateTimeStr;
110 0 : Date aDate( Date::EMPTY );
111 0 : Time aTime( Time::EMPTY );
112 :
113 0 : aDate = Date( rDateTime.Day, rDateTime.Month, rDateTime.Year );
114 0 : aTime = Time( rDateTime.Hours, rDateTime.Minutes, rDateTime.Seconds );
115 :
116 0 : LanguageType eUILang = Application::GetSettings().GetUILanguageTag().getLanguageType();
117 0 : SvNumberFormatter *pNumberFormatter = new SvNumberFormatter( xContext, eUILang );
118 0 : OUString aTmpStr;
119 0 : Color* pColor = NULL;
120 0 : Date* pNullDate = pNumberFormatter->GetNullDate();
121 : sal_uInt32 nFormat
122 0 : = pNumberFormatter->GetStandardFormat( NUMBERFORMAT_DATE, eUILang );
123 :
124 0 : pNumberFormatter->GetOutputString( aDate - *pNullDate, nFormat, aTmpStr, &pColor );
125 0 : aDateTimeStr = aTmpStr + OUString(" ");
126 :
127 0 : nFormat = pNumberFormatter->GetStandardFormat( NUMBERFORMAT_TIME, eUILang );
128 : pNumberFormatter->GetOutputString(
129 0 : aTime.GetTimeInDays(), nFormat, aTmpStr, &pColor );
130 0 : aDateTimeStr += aTmpStr;
131 :
132 0 : return aDateTimeStr;
133 : }
134 :
135 : sal_Bool
136 0 : executeUnknownAuthDialog(
137 : Window * pParent,
138 : uno::Reference< uno::XComponentContext > const & xContext,
139 : const uno::Reference< security::XCertificate >& rXCert)
140 : SAL_THROW((uno::RuntimeException))
141 : {
142 : try
143 : {
144 0 : SolarMutexGuard aGuard;
145 :
146 0 : boost::scoped_ptr< ResMgr > xManager(ResMgr::CreateResMgr("uui"));
147 : boost::scoped_ptr< UnknownAuthDialog > xDialog(
148 : new UnknownAuthDialog( pParent,
149 : rXCert,
150 : xContext,
151 0 : xManager.get()));
152 :
153 : // Get correct resource string
154 0 : OUString aMessage;
155 :
156 0 : std::vector< OUString > aArguments;
157 0 : aArguments.push_back( getContentPart( rXCert->getSubjectName()) );
158 :
159 0 : if (xManager.get())
160 : {
161 0 : ResId aResId(RID_UUI_ERRHDL, *xManager.get());
162 0 : if (ErrorResource(aResId).getString(
163 0 : ERRCODE_UUI_UNKNOWNAUTH_UNTRUSTED, aMessage))
164 : {
165 0 : aMessage = UUIInteractionHelper::replaceMessageWithArguments(
166 0 : aMessage, aArguments );
167 0 : xDialog->setDescriptionText( aMessage );
168 : }
169 : }
170 :
171 0 : return static_cast<sal_Bool> (xDialog->Execute());
172 : }
173 0 : catch (std::bad_alloc const &)
174 : {
175 : throw uno::RuntimeException(
176 : OUString("out of memory"),
177 0 : uno::Reference< uno::XInterface >());
178 : }
179 : }
180 :
181 : sal_Bool
182 0 : executeSSLWarnDialog(
183 : Window * pParent,
184 : uno::Reference< uno::XComponentContext > const & xContext,
185 : const uno::Reference< security::XCertificate >& rXCert,
186 : sal_Int32 const & failure,
187 : const OUString & hostName )
188 : SAL_THROW((uno::RuntimeException))
189 : {
190 : try
191 : {
192 0 : SolarMutexGuard aGuard;
193 :
194 0 : boost::scoped_ptr< ResMgr > xManager(ResMgr::CreateResMgr("uui"));
195 : boost::scoped_ptr< SSLWarnDialog > xDialog(
196 : new SSLWarnDialog( pParent,
197 : rXCert,
198 : xContext,
199 0 : xManager.get()));
200 :
201 : // Get correct resource string
202 0 : OUString aMessage_1;
203 0 : std::vector< OUString > aArguments_1;
204 :
205 0 : switch( failure )
206 : {
207 : case SSLWARN_TYPE_DOMAINMISMATCH:
208 0 : aArguments_1.push_back( hostName );
209 : aArguments_1.push_back(
210 0 : getContentPart( rXCert->getSubjectName()) );
211 0 : aArguments_1.push_back( hostName );
212 0 : break;
213 : case SSLWARN_TYPE_EXPIRED:
214 : aArguments_1.push_back(
215 0 : getContentPart( rXCert->getSubjectName()) );
216 : aArguments_1.push_back(
217 : getLocalizedDatTimeStr( xContext,
218 0 : rXCert->getNotValidAfter() ) );
219 : aArguments_1.push_back(
220 : getLocalizedDatTimeStr( xContext,
221 0 : rXCert->getNotValidAfter() ) );
222 0 : break;
223 : case SSLWARN_TYPE_INVALID:
224 0 : break;
225 : }
226 :
227 0 : if (xManager.get())
228 : {
229 0 : ResId aResId(RID_UUI_ERRHDL, *xManager.get());
230 0 : if (ErrorResource(aResId).getString(
231 0 : ERRCODE_AREA_UUI_UNKNOWNAUTH + failure + DESCRIPTION_1,
232 0 : aMessage_1))
233 : {
234 0 : aMessage_1 = UUIInteractionHelper::replaceMessageWithArguments(
235 0 : aMessage_1, aArguments_1 );
236 0 : xDialog->setDescription1Text( aMessage_1 );
237 : }
238 :
239 0 : OUString aTitle;
240 : ErrorResource(aResId).getString(
241 0 : ERRCODE_AREA_UUI_UNKNOWNAUTH + failure + TITLE, aTitle);
242 0 : xDialog->SetText( aTitle );
243 : }
244 :
245 0 : return static_cast<sal_Bool> (xDialog->Execute());
246 : }
247 0 : catch (std::bad_alloc const &)
248 : {
249 : throw uno::RuntimeException(
250 : OUString("out of memory"),
251 0 : uno::Reference< uno::XInterface >());
252 : }
253 : }
254 :
255 : void
256 0 : handleCertificateValidationRequest_(
257 : Window * pParent,
258 : uno::Reference< uno::XComponentContext > const & xContext,
259 : ucb::CertificateValidationRequest const & rRequest,
260 : uno::Sequence< uno::Reference< task::XInteractionContinuation > > const &
261 : rContinuations)
262 : SAL_THROW((uno::RuntimeException))
263 : {
264 0 : uno::Reference< task::XInteractionApprove > xApprove;
265 0 : uno::Reference< task::XInteractionAbort > xAbort;
266 0 : getContinuations(rContinuations, &xApprove, &xAbort);
267 :
268 0 : sal_Int32 failures = rRequest.CertificateValidity;
269 0 : sal_Bool trustCert = sal_True;
270 :
271 0 : if ( ((failures & security::CertificateValidity::UNTRUSTED)
272 0 : == security::CertificateValidity::UNTRUSTED ) ||
273 0 : ((failures & security::CertificateValidity::ISSUER_UNTRUSTED)
274 0 : == security::CertificateValidity::ISSUER_UNTRUSTED) ||
275 0 : ((failures & security::CertificateValidity::ROOT_UNTRUSTED)
276 : == security::CertificateValidity::ROOT_UNTRUSTED) )
277 : {
278 : trustCert = executeUnknownAuthDialog( pParent,
279 : xContext,
280 0 : rRequest.Certificate );
281 : }
282 :
283 0 : uno::Sequence< uno::Reference< security::XCertificateExtension > > extensions = rRequest.Certificate->getExtensions();
284 0 : uno::Sequence< security::CertAltNameEntry > altNames;
285 0 : for (sal_Int32 i = 0 ; i < extensions.getLength(); i++){
286 0 : uno::Reference< security::XCertificateExtension >element = extensions[i];
287 :
288 0 : OString aId ( (const sal_Char *)element->getExtensionId().getArray(), element->getExtensionId().getLength());
289 0 : if (aId.equals(OID_SUBJECT_ALTERNATIVE_NAME))
290 : {
291 0 : uno::Reference< security::XSanExtension > sanExtension ( element, uno::UNO_QUERY );
292 0 : altNames = sanExtension->getAlternativeNames();
293 0 : break;
294 : }
295 0 : }
296 :
297 0 : OUString certHostName = getContentPart( rRequest.Certificate->getSubjectName() );
298 0 : uno::Sequence< OUString > certHostNames(altNames.getLength() + 1);
299 :
300 0 : certHostNames[0] = certHostName;
301 :
302 0 : for(int n = 1; n < altNames.getLength(); n++){
303 0 : if (altNames[n].Type == security::ExtAltNameType_DNS_NAME){
304 0 : altNames[n].Value >>= certHostNames[n];
305 : }
306 : }
307 :
308 0 : if ( (!isDomainMatch(
309 : rRequest.HostName,
310 0 : certHostNames )) &&
311 : trustCert )
312 : {
313 : trustCert = executeSSLWarnDialog( pParent,
314 : xContext,
315 : rRequest.Certificate,
316 : SSLWARN_TYPE_DOMAINMISMATCH,
317 0 : rRequest.HostName );
318 : }
319 :
320 0 : else if ( (((failures & security::CertificateValidity::TIME_INVALID)
321 0 : == security::CertificateValidity::TIME_INVALID) ||
322 0 : ((failures & security::CertificateValidity::NOT_TIME_NESTED)
323 0 : == security::CertificateValidity::NOT_TIME_NESTED)) &&
324 : trustCert )
325 : {
326 : trustCert = executeSSLWarnDialog( pParent,
327 : xContext,
328 : rRequest.Certificate,
329 : SSLWARN_TYPE_EXPIRED,
330 0 : rRequest.HostName );
331 : }
332 :
333 0 : else if ( (((failures & security::CertificateValidity::REVOKED)
334 0 : == security::CertificateValidity::REVOKED) ||
335 0 : ((failures & security::CertificateValidity::SIGNATURE_INVALID)
336 0 : == security::CertificateValidity::SIGNATURE_INVALID) ||
337 0 : ((failures & security::CertificateValidity::EXTENSION_INVALID)
338 0 : == security::CertificateValidity::EXTENSION_INVALID) ||
339 0 : ((failures & security::CertificateValidity::INVALID)
340 0 : == security::CertificateValidity::INVALID)) &&
341 : trustCert )
342 : {
343 : trustCert = executeSSLWarnDialog( pParent,
344 : xContext,
345 : rRequest.Certificate,
346 : SSLWARN_TYPE_INVALID,
347 0 : rRequest.HostName );
348 : }
349 :
350 0 : if ( trustCert )
351 : {
352 0 : if (xApprove.is())
353 0 : xApprove->select();
354 : }
355 : else
356 : {
357 0 : if (xAbort.is())
358 0 : xAbort->select();
359 0 : }
360 0 : }
361 :
362 : } // namespace
363 :
364 : bool
365 0 : UUIInteractionHelper::handleCertificateValidationRequest(
366 : uno::Reference< task::XInteractionRequest > const & rRequest)
367 : SAL_THROW((uno::RuntimeException))
368 : {
369 0 : uno::Any aAnyRequest(rRequest->getRequest());
370 :
371 0 : ucb::CertificateValidationRequest aCertificateValidationRequest;
372 0 : if (aAnyRequest >>= aCertificateValidationRequest)
373 : {
374 : handleCertificateValidationRequest_(getParentProperty(),
375 : m_xContext,
376 : aCertificateValidationRequest,
377 0 : rRequest->getContinuations());
378 0 : return true;
379 : }
380 :
381 0 : return false;
382 36 : }
383 :
384 : /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|
