Line data Source code
1 : /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 : /*
3 : * This file is part of the LibreOffice project.
4 : *
5 : * This Source Code Form is subject to the terms of the Mozilla Public
6 : * License, v. 2.0. If a copy of the MPL was not distributed with this
7 : * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 : *
9 : * This file incorporates work covered by the following license notice:
10 : *
11 : * Licensed to the Apache Software Foundation (ASF) under one or more
12 : * contributor license agreements. See the NOTICE file distributed
13 : * with this work for additional information regarding copyright
14 : * ownership. The ASF licenses this file to you under the Apache
15 : * License, Version 2.0 (the "License"); you may not use this file
16 : * except in compliance with the License. You may obtain a copy of
17 : * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18 : */
19 :
20 :
21 : #include <com/sun/star/security/CertificateValidity.hpp>
22 : #include <com/sun/star/security/XCertificateExtension.hpp>
23 : #include <com/sun/star/security/XSanExtension.hpp>
24 : #include <com/sun/star/security/ExtAltNameType.hpp>
25 : #include <com/sun/star/task/XInteractionAbort.hpp>
26 : #include <com/sun/star/task/XInteractionApprove.hpp>
27 : #include <com/sun/star/task/XInteractionRequest.hpp>
28 : #include <com/sun/star/ucb/CertificateValidationRequest.hpp>
29 : #include <com/sun/star/uno/Reference.hxx>
30 :
31 : #include <osl/mutex.hxx>
32 : #include <com/sun/star/uno/Sequence.hxx>
33 : #include <svl/zforlist.hxx>
34 : #include <vcl/svapp.hxx>
35 : #include <vcl/settings.hxx>
36 :
37 : #include "ids.hrc"
38 : #include "getcontinuations.hxx"
39 : #include "sslwarndlg.hxx"
40 : #include "unknownauthdlg.hxx"
41 :
42 : #include "iahndl.hxx"
43 :
44 : #include <boost/scoped_ptr.hpp>
45 :
46 : #define DESCRIPTION_1 1
47 : #define TITLE 3
48 :
49 : #define OID_SUBJECT_ALTERNATIVE_NAME "2.5.29.17"
50 :
51 :
52 : using namespace com::sun::star;
53 :
54 : namespace {
55 :
56 : OUString
57 0 : getContentPart( const OUString& _rRawString )
58 : {
59 : // search over some parts to find a string
60 : static char const * aIDs[] = { "CN=", "OU=", "O=", "E=", NULL };
61 0 : OUString sPart;
62 0 : int i = 0;
63 0 : while ( aIDs[i] )
64 : {
65 0 : OUString sPartId = OUString::createFromAscii( aIDs[i++] );
66 0 : sal_Int32 nContStart = _rRawString.indexOf( sPartId );
67 0 : if ( nContStart != -1 )
68 : {
69 0 : nContStart += sPartId.getLength();
70 0 : sal_Int32 nContEnd = _rRawString.indexOf( ',', nContStart );
71 0 : if ( nContEnd != -1 )
72 0 : sPart = _rRawString.copy( nContStart, nContEnd - nContStart );
73 : else
74 0 : sPart = _rRawString.copy( nContStart );
75 0 : break;
76 : }
77 0 : }
78 0 : return sPart;
79 : }
80 :
81 : bool
82 0 : isDomainMatch(
83 : const OUString& hostName, const uno::Sequence< OUString >& certHostNames)
84 : {
85 0 : for ( int i = 0; i < certHostNames.getLength(); i++){
86 0 : OUString element = certHostNames[i];
87 :
88 0 : if (element.isEmpty())
89 0 : continue;
90 :
91 0 : if (hostName.equalsIgnoreAsciiCase( element ))
92 0 : return true;
93 :
94 0 : if (element.startsWith("*") &&
95 0 : hostName.getLength() >= element.getLength() )
96 : {
97 0 : OUString cmpStr = element.copy( 1 );
98 0 : if ( hostName.matchIgnoreAsciiCase(
99 0 : cmpStr, hostName.getLength() - cmpStr.getLength()) )
100 0 : return true;
101 : }
102 0 : }
103 :
104 0 : return false;
105 : }
106 :
107 : OUString
108 0 : getLocalizedDatTimeStr(
109 : uno::Reference< uno::XComponentContext> const & xContext,
110 : util::DateTime const & rDateTime )
111 : {
112 0 : OUString aDateTimeStr;
113 0 : Date aDate( Date::EMPTY );
114 0 : tools::Time aTime( tools::Time::EMPTY );
115 :
116 0 : aDate = Date( rDateTime.Day, rDateTime.Month, rDateTime.Year );
117 0 : aTime = tools::Time( rDateTime.Hours, rDateTime.Minutes, rDateTime.Seconds );
118 :
119 0 : LanguageType eUILang = Application::GetSettings().GetUILanguageTag().getLanguageType();
120 0 : SvNumberFormatter *pNumberFormatter = new SvNumberFormatter( xContext, eUILang );
121 0 : OUString aTmpStr;
122 0 : Color* pColor = NULL;
123 0 : Date* pNullDate = pNumberFormatter->GetNullDate();
124 : sal_uInt32 nFormat
125 0 : = pNumberFormatter->GetStandardFormat( NUMBERFORMAT_DATE, eUILang );
126 :
127 0 : pNumberFormatter->GetOutputString( aDate - *pNullDate, nFormat, aTmpStr, &pColor );
128 0 : aDateTimeStr = aTmpStr + " ";
129 :
130 0 : nFormat = pNumberFormatter->GetStandardFormat( NUMBERFORMAT_TIME, eUILang );
131 : pNumberFormatter->GetOutputString(
132 0 : aTime.GetTimeInDays(), nFormat, aTmpStr, &pColor );
133 0 : aDateTimeStr += aTmpStr;
134 :
135 0 : return aDateTimeStr;
136 : }
137 :
138 : bool
139 0 : executeUnknownAuthDialog(
140 : vcl::Window * pParent,
141 : uno::Reference< uno::XComponentContext > const & xContext,
142 : const uno::Reference< security::XCertificate >& rXCert)
143 : {
144 : try
145 : {
146 0 : SolarMutexGuard aGuard;
147 :
148 : boost::scoped_ptr< UnknownAuthDialog > xDialog(
149 0 : new UnknownAuthDialog(pParent, rXCert, xContext));
150 :
151 : // Get correct resource string
152 0 : OUString aMessage;
153 :
154 0 : std::vector< OUString > aArguments;
155 0 : aArguments.push_back( getContentPart( rXCert->getSubjectName()) );
156 :
157 0 : boost::scoped_ptr< ResMgr > xManager(ResMgr::CreateResMgr("uui"));
158 0 : if (xManager.get())
159 : {
160 0 : ResId aResId(RID_UUI_ERRHDL, *xManager.get());
161 0 : if (ErrorResource(aResId).getString(
162 0 : ERRCODE_UUI_UNKNOWNAUTH_UNTRUSTED, aMessage))
163 : {
164 0 : aMessage = UUIInteractionHelper::replaceMessageWithArguments(
165 0 : aMessage, aArguments );
166 0 : xDialog->setDescriptionText( aMessage );
167 : }
168 : }
169 :
170 0 : return static_cast<bool>(xDialog->Execute());
171 : }
172 0 : catch (std::bad_alloc const &)
173 : {
174 0 : throw uno::RuntimeException("out of memory");
175 : }
176 : }
177 :
178 : bool
179 0 : executeSSLWarnDialog(
180 : vcl::Window * pParent,
181 : uno::Reference< uno::XComponentContext > const & xContext,
182 : const uno::Reference< security::XCertificate >& rXCert,
183 : sal_Int32 const & failure,
184 : const OUString & hostName )
185 : {
186 : try
187 : {
188 0 : SolarMutexGuard aGuard;
189 :
190 : boost::scoped_ptr< SSLWarnDialog > xDialog(
191 0 : new SSLWarnDialog(pParent, rXCert, xContext));
192 :
193 : // Get correct resource string
194 0 : OUString aMessage_1;
195 0 : std::vector< OUString > aArguments_1;
196 :
197 0 : switch( failure )
198 : {
199 : case SSLWARN_TYPE_DOMAINMISMATCH:
200 0 : aArguments_1.push_back( hostName );
201 : aArguments_1.push_back(
202 0 : getContentPart( rXCert->getSubjectName()) );
203 0 : aArguments_1.push_back( hostName );
204 0 : break;
205 : case SSLWARN_TYPE_EXPIRED:
206 : aArguments_1.push_back(
207 0 : getContentPart( rXCert->getSubjectName()) );
208 : aArguments_1.push_back(
209 : getLocalizedDatTimeStr( xContext,
210 0 : rXCert->getNotValidAfter() ) );
211 : aArguments_1.push_back(
212 : getLocalizedDatTimeStr( xContext,
213 0 : rXCert->getNotValidAfter() ) );
214 0 : break;
215 : case SSLWARN_TYPE_INVALID:
216 0 : break;
217 : }
218 :
219 0 : boost::scoped_ptr< ResMgr > xManager(ResMgr::CreateResMgr("uui"));
220 :
221 0 : if (xManager.get())
222 : {
223 0 : ResId aResId(RID_UUI_ERRHDL, *xManager.get());
224 0 : if (ErrorResource(aResId).getString(
225 0 : ERRCODE_AREA_UUI_UNKNOWNAUTH + failure + DESCRIPTION_1,
226 0 : aMessage_1))
227 : {
228 0 : aMessage_1 = UUIInteractionHelper::replaceMessageWithArguments(
229 0 : aMessage_1, aArguments_1 );
230 0 : xDialog->setDescription1Text( aMessage_1 );
231 : }
232 :
233 0 : OUString aTitle;
234 0 : if (ErrorResource(aResId).getString(
235 0 : ERRCODE_AREA_UUI_UNKNOWNAUTH + failure + TITLE, aTitle))
236 : {
237 0 : xDialog->SetText(aTitle);
238 0 : }
239 : }
240 :
241 0 : return static_cast<bool>(xDialog->Execute());
242 : }
243 0 : catch (std::bad_alloc const &)
244 : {
245 0 : throw uno::RuntimeException("out of memory");
246 : }
247 : }
248 :
249 : void
250 0 : handleCertificateValidationRequest_(
251 : vcl::Window * pParent,
252 : uno::Reference< uno::XComponentContext > const & xContext,
253 : ucb::CertificateValidationRequest const & rRequest,
254 : uno::Sequence< uno::Reference< task::XInteractionContinuation > > const &
255 : rContinuations)
256 : {
257 0 : uno::Reference< task::XInteractionApprove > xApprove;
258 0 : uno::Reference< task::XInteractionAbort > xAbort;
259 0 : getContinuations(rContinuations, &xApprove, &xAbort);
260 :
261 0 : sal_Int32 failures = rRequest.CertificateValidity;
262 0 : bool trustCert = true;
263 :
264 0 : if ( ((failures & security::CertificateValidity::UNTRUSTED)
265 0 : == security::CertificateValidity::UNTRUSTED ) ||
266 0 : ((failures & security::CertificateValidity::ISSUER_UNTRUSTED)
267 0 : == security::CertificateValidity::ISSUER_UNTRUSTED) ||
268 0 : ((failures & security::CertificateValidity::ROOT_UNTRUSTED)
269 : == security::CertificateValidity::ROOT_UNTRUSTED) )
270 : {
271 : trustCert = executeUnknownAuthDialog( pParent,
272 : xContext,
273 0 : rRequest.Certificate );
274 : }
275 :
276 0 : uno::Sequence< uno::Reference< security::XCertificateExtension > > extensions = rRequest.Certificate->getExtensions();
277 0 : uno::Sequence< security::CertAltNameEntry > altNames;
278 0 : for (sal_Int32 i = 0 ; i < extensions.getLength(); i++){
279 0 : uno::Reference< security::XCertificateExtension >element = extensions[i];
280 :
281 0 : OString aId ( (const sal_Char *)element->getExtensionId().getArray(), element->getExtensionId().getLength());
282 0 : if (aId.equals(OID_SUBJECT_ALTERNATIVE_NAME))
283 : {
284 0 : uno::Reference< security::XSanExtension > sanExtension ( element, uno::UNO_QUERY );
285 0 : altNames = sanExtension->getAlternativeNames();
286 0 : break;
287 : }
288 0 : }
289 :
290 0 : OUString certHostName = getContentPart( rRequest.Certificate->getSubjectName() );
291 0 : uno::Sequence< OUString > certHostNames(altNames.getLength() + 1);
292 :
293 0 : certHostNames[0] = certHostName;
294 :
295 0 : for(int n = 0; n < altNames.getLength(); ++n)
296 : {
297 0 : if (altNames[n].Type == security::ExtAltNameType_DNS_NAME){
298 0 : altNames[n].Value >>= certHostNames[n+1];
299 : }
300 : }
301 :
302 0 : if ( (!isDomainMatch(
303 : rRequest.HostName,
304 0 : certHostNames )) &&
305 : trustCert )
306 : {
307 : trustCert = executeSSLWarnDialog( pParent,
308 : xContext,
309 : rRequest.Certificate,
310 : SSLWARN_TYPE_DOMAINMISMATCH,
311 0 : rRequest.HostName );
312 : }
313 :
314 0 : else if ( (((failures & security::CertificateValidity::TIME_INVALID)
315 0 : == security::CertificateValidity::TIME_INVALID) ||
316 0 : ((failures & security::CertificateValidity::NOT_TIME_NESTED)
317 0 : == security::CertificateValidity::NOT_TIME_NESTED)) &&
318 : trustCert )
319 : {
320 : trustCert = executeSSLWarnDialog( pParent,
321 : xContext,
322 : rRequest.Certificate,
323 : SSLWARN_TYPE_EXPIRED,
324 0 : rRequest.HostName );
325 : }
326 :
327 0 : else if ( (((failures & security::CertificateValidity::REVOKED)
328 0 : == security::CertificateValidity::REVOKED) ||
329 0 : ((failures & security::CertificateValidity::SIGNATURE_INVALID)
330 0 : == security::CertificateValidity::SIGNATURE_INVALID) ||
331 0 : ((failures & security::CertificateValidity::EXTENSION_INVALID)
332 0 : == security::CertificateValidity::EXTENSION_INVALID) ||
333 0 : ((failures & security::CertificateValidity::INVALID)
334 0 : == security::CertificateValidity::INVALID)) &&
335 : trustCert )
336 : {
337 : trustCert = executeSSLWarnDialog( pParent,
338 : xContext,
339 : rRequest.Certificate,
340 : SSLWARN_TYPE_INVALID,
341 0 : rRequest.HostName );
342 : }
343 :
344 0 : if ( trustCert )
345 : {
346 0 : if (xApprove.is())
347 0 : xApprove->select();
348 : }
349 : else
350 : {
351 0 : if (xAbort.is())
352 0 : xAbort->select();
353 0 : }
354 0 : }
355 :
356 : } // namespace
357 :
358 : bool
359 0 : UUIInteractionHelper::handleCertificateValidationRequest(
360 : uno::Reference< task::XInteractionRequest > const & rRequest)
361 : {
362 0 : uno::Any aAnyRequest(rRequest->getRequest());
363 :
364 0 : ucb::CertificateValidationRequest aCertificateValidationRequest;
365 0 : if (aAnyRequest >>= aCertificateValidationRequest)
366 : {
367 : handleCertificateValidationRequest_(getParentProperty(),
368 : m_xContext,
369 : aCertificateValidationRequest,
370 0 : rRequest->getContinuations());
371 0 : return true;
372 : }
373 :
374 0 : return false;
375 180 : }
376 :
377 : /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|
