LCOV - code coverage report
Current view: top level - xmlsecurity/source/xmlsec/nss - x509certificate_nssimpl.cxx (source / functions) Hit Total Coverage
Test: commit 10e77ab3ff6f4314137acd6e2702a6e5c1ce1fae Lines: 0 196 0.0 %
Date: 2014-11-03 Functions: 0 27 0.0 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
       2             : /*
       3             :  * This file is part of the LibreOffice project.
       4             :  *
       5             :  * This Source Code Form is subject to the terms of the Mozilla Public
       6             :  * License, v. 2.0. If a copy of the MPL was not distributed with this
       7             :  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
       8             :  *
       9             :  * This file incorporates work covered by the following license notice:
      10             :  *
      11             :  *   Licensed to the Apache Software Foundation (ASF) under one or more
      12             :  *   contributor license agreements. See the NOTICE file distributed
      13             :  *   with this work for additional information regarding copyright
      14             :  *   ownership. The ASF licenses this file to you under the Apache
      15             :  *   License, Version 2.0 (the "License"); you may not use this file
      16             :  *   except in compliance with the License. You may obtain a copy of
      17             :  *   the License at http://www.apache.org/licenses/LICENSE-2.0 .
      18             :  */
      19             : 
      20             : #include "nssrenam.h"
      21             : #include "nspr.h"
      22             : #include "nss.h"
      23             : #include "secder.h"
      24             : 
      25             : #include "hasht.h"
      26             : #include "secoid.h"
      27             : #include "pk11func.h"
      28             : 
      29             : #include <sal/config.h>
      30             : #include <comphelper/servicehelper.hxx>
      31             : #include "x509certificate_nssimpl.hxx"
      32             : 
      33             : #include "certificateextension_xmlsecimpl.hxx"
      34             : 
      35             : #include "sanextension_nssimpl.hxx"
      36             : #include <tools/time.hxx>
      37             : 
      38             : using namespace ::com::sun::star::uno ;
      39             : using namespace ::com::sun::star::security ;
      40             : 
      41             : using ::com::sun::star::security::XCertificate ;
      42             : using ::com::sun::star::util::DateTime ;
      43             : 
      44           0 : X509Certificate_NssImpl :: X509Certificate_NssImpl() :
      45           0 :     m_pCert( NULL )
      46             : {
      47           0 : }
      48             : 
      49           0 : X509Certificate_NssImpl :: ~X509Certificate_NssImpl() {
      50           0 :     if( m_pCert != NULL ) {
      51           0 :         CERT_DestroyCertificate( m_pCert ) ;
      52             :     }
      53           0 : }
      54             : 
      55             : //Methods from XCertificate
      56           0 : sal_Int16 SAL_CALL X509Certificate_NssImpl :: getVersion() throw ( ::com::sun::star::uno::RuntimeException, std::exception) {
      57           0 :     if( m_pCert != NULL ) {
      58           0 :         if( m_pCert->version.len > 0 ) {
      59           0 :             return ( char )*( m_pCert->version.data ) ;
      60             :         } else
      61           0 :             return 0 ;
      62             :     } else {
      63           0 :         return -1 ;
      64             :     }
      65             : }
      66             : 
      67           0 : ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl :: getSerialNumber() throw ( ::com::sun::star::uno::RuntimeException, std::exception) {
      68           0 :     if( m_pCert != NULL && m_pCert->serialNumber.len > 0 ) {
      69           0 :         Sequence< sal_Int8 > serial( m_pCert->serialNumber.len ) ;
      70           0 :         for( unsigned int i = 0 ; i < m_pCert->serialNumber.len ; i ++ )
      71           0 :             serial[i] = *( m_pCert->serialNumber.data + i ) ;
      72             : 
      73           0 :         return serial ;
      74             :     } else {
      75           0 :         return ::com::sun::star::uno::Sequence< sal_Int8 >();
      76             :     }
      77             : }
      78             : 
      79           0 : OUString SAL_CALL X509Certificate_NssImpl :: getIssuerName() throw ( ::com::sun::star::uno::RuntimeException, std::exception) {
      80           0 :     if( m_pCert != NULL ) {
      81           0 :         return OUString(m_pCert->issuerName , PL_strlen(m_pCert->issuerName) , RTL_TEXTENCODING_UTF8) ;
      82             :     } else {
      83           0 :         return OUString() ;
      84             :     }
      85             : }
      86             : 
      87           0 : OUString SAL_CALL X509Certificate_NssImpl :: getSubjectName() throw ( ::com::sun::star::uno::RuntimeException, std::exception) {
      88           0 :     if( m_pCert != NULL ) {
      89           0 :         return OUString(m_pCert->subjectName , PL_strlen(m_pCert->subjectName) , RTL_TEXTENCODING_UTF8);
      90             :     } else {
      91           0 :         return OUString() ;
      92             :     }
      93             : }
      94             : 
      95           0 : ::com::sun::star::util::DateTime SAL_CALL X509Certificate_NssImpl :: getNotValidBefore() throw ( ::com::sun::star::uno::RuntimeException, std::exception) {
      96           0 :     if( m_pCert != NULL ) {
      97             :         SECStatus rv ;
      98             :         PRTime notBefore ;
      99             :         PRExplodedTime explTime ;
     100           0 :         DateTime dateTime ;
     101             : 
     102           0 :         rv = DER_DecodeTimeChoice( &notBefore, &m_pCert->validity.notBefore ) ;
     103           0 :         if( rv ) {
     104           0 :             return DateTime() ;
     105             :         }
     106             : 
     107             :         //Convert the time to readable local time
     108           0 :         PR_ExplodeTime( notBefore, PR_LocalTimeParameters, &explTime ) ;
     109             : 
     110           0 :         dateTime.NanoSeconds = static_cast< sal_Int32 >( explTime.tm_usec * ::tools::Time::nanoPerMicro  );
     111           0 :         dateTime.Seconds = static_cast< sal_Int16 >( explTime.tm_sec  );
     112           0 :         dateTime.Minutes = static_cast< sal_Int16 >( explTime.tm_min  );
     113           0 :         dateTime.Hours = static_cast< sal_Int16 >( explTime.tm_hour  );
     114           0 :         dateTime.Day = static_cast< sal_Int16 >( explTime.tm_mday  );
     115           0 :         dateTime.Month = static_cast< sal_Int16 >( explTime.tm_month+1  );
     116           0 :         dateTime.Year = static_cast< sal_Int16 >( explTime.tm_year  );
     117             : 
     118           0 :         return dateTime ;
     119             :     } else {
     120           0 :         return DateTime() ;
     121             :     }
     122             : }
     123             : 
     124           0 : ::com::sun::star::util::DateTime SAL_CALL X509Certificate_NssImpl :: getNotValidAfter() throw ( ::com::sun::star::uno::RuntimeException, std::exception) {
     125           0 :     if( m_pCert != NULL ) {
     126             :         SECStatus rv ;
     127             :         PRTime notAfter ;
     128             :         PRExplodedTime explTime ;
     129           0 :         DateTime dateTime ;
     130             : 
     131           0 :         rv = DER_DecodeTimeChoice( &notAfter, &m_pCert->validity.notAfter ) ;
     132           0 :         if( rv ) {
     133           0 :             return DateTime() ;
     134             :         }
     135             : 
     136             :         //Convert the time to readable local time
     137           0 :         PR_ExplodeTime( notAfter, PR_LocalTimeParameters, &explTime ) ;
     138             : 
     139           0 :         dateTime.NanoSeconds = static_cast< sal_Int16 >( explTime.tm_usec * ::tools::Time::nanoPerMicro );
     140           0 :         dateTime.Seconds = static_cast< sal_Int16 >( explTime.tm_sec  );
     141           0 :         dateTime.Minutes = static_cast< sal_Int16 >( explTime.tm_min  );
     142           0 :         dateTime.Hours = static_cast< sal_Int16 >( explTime.tm_hour  );
     143           0 :         dateTime.Day = static_cast< sal_Int16 >( explTime.tm_mday  );
     144           0 :         dateTime.Month = static_cast< sal_Int16 >( explTime.tm_month+1  );
     145           0 :         dateTime.Year = static_cast< sal_Int16 >( explTime.tm_year  );
     146             : 
     147           0 :         return dateTime ;
     148             :     } else {
     149           0 :         return DateTime() ;
     150             :     }
     151             : }
     152             : 
     153           0 : ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl :: getIssuerUniqueID() throw ( ::com::sun::star::uno::RuntimeException, std::exception) {
     154           0 :     if( m_pCert != NULL && m_pCert->issuerID.len > 0 ) {
     155           0 :         Sequence< sal_Int8 > issuerUid( m_pCert->issuerID.len ) ;
     156           0 :         for( unsigned int i = 0 ; i < m_pCert->issuerID.len ; i ++ )
     157           0 :             issuerUid[i] = *( m_pCert->issuerID.data + i ) ;
     158             : 
     159           0 :         return issuerUid ;
     160             :     } else {
     161           0 :         return ::com::sun::star::uno::Sequence< sal_Int8 >();
     162             :     }
     163             : }
     164             : 
     165           0 : ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl :: getSubjectUniqueID() throw ( ::com::sun::star::uno::RuntimeException, std::exception) {
     166           0 :     if( m_pCert != NULL && m_pCert->subjectID.len > 0 ) {
     167           0 :         Sequence< sal_Int8 > subjectUid( m_pCert->subjectID.len ) ;
     168           0 :         for( unsigned int i = 0 ; i < m_pCert->subjectID.len ; i ++ )
     169           0 :             subjectUid[i] = *( m_pCert->subjectID.data + i ) ;
     170             : 
     171           0 :         return subjectUid ;
     172             :     } else {
     173           0 :         return ::com::sun::star::uno::Sequence< sal_Int8 >();
     174             :     }
     175             : }
     176             : 
     177           0 : ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificateExtension > > SAL_CALL X509Certificate_NssImpl :: getExtensions() throw ( ::com::sun::star::uno::RuntimeException, std::exception) {
     178           0 :     if( m_pCert != NULL && m_pCert->extensions != NULL ) {
     179             :         CERTCertExtension** extns ;
     180             :         CertificateExtension_XmlSecImpl* pExtn ;
     181             :         bool crit ;
     182             :         int len ;
     183             : 
     184           0 :         for( len = 0, extns = m_pCert->extensions; *extns != NULL; len ++, extns ++ ) ;
     185           0 :         Sequence< Reference< XCertificateExtension > > xExtns( len ) ;
     186             : 
     187           0 :         for( extns = m_pCert->extensions, len = 0; *extns != NULL; extns ++, len ++ ) {
     188           0 :             const SECItem id = (*extns)->id;
     189           0 :             OString oidString(CERT_GetOidString(&id));
     190             : 
     191             :             // remove "OID." prefix if existing
     192           0 :             OString objID;
     193           0 :             OString oid("OID.");
     194           0 :             if (oidString.match(oid))
     195           0 :                 objID = oidString.copy(oid.getLength());
     196             :             else
     197           0 :                 objID = oidString;
     198             : 
     199           0 :             if ( objID.equals("2.5.29.17") )
     200           0 :                 pExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ;
     201             :             else
     202           0 :                 pExtn = new CertificateExtension_XmlSecImpl() ;
     203             : 
     204           0 :             if( (*extns)->critical.data == NULL )
     205           0 :                 crit = false ;
     206             :             else
     207           0 :                 crit = ( (*extns)->critical.data[0] == 0xFF ) ? sal_True : sal_False ;
     208           0 :             pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (unsigned char*)objID.getStr(), objID.getLength(), crit ) ;
     209             : 
     210           0 :             xExtns[len] = pExtn ;
     211           0 :         }
     212             : 
     213           0 :         return xExtns ;
     214             :     } else {
     215           0 :         return ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificateExtension > > ();
     216             :     }
     217             : }
     218             : 
     219           0 : ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificateExtension > SAL_CALL X509Certificate_NssImpl :: findCertificateExtension( const ::com::sun::star::uno::Sequence< sal_Int8 >& oid ) throw (::com::sun::star::uno::RuntimeException, std::exception) {
     220           0 :     if( m_pCert != NULL && m_pCert->extensions != NULL ) {
     221             :         CertificateExtension_XmlSecImpl* pExtn ;
     222             :         CERTCertExtension** extns ;
     223             :         SECItem idItem ;
     224             :         bool crit ;
     225             : 
     226           0 :         idItem.data = ( unsigned char* )&oid[0] ;
     227           0 :         idItem.len = oid.getLength() ;
     228             : 
     229           0 :         pExtn = NULL ;
     230           0 :         for( extns = m_pCert->extensions; *extns != NULL; extns ++ ) {
     231           0 :             if( SECITEM_CompareItem( &idItem, &(*extns)->id ) == SECEqual ) {
     232           0 :                 const SECItem id = (*extns)->id;
     233           0 :                 OString objId(CERT_GetOidString(&id));
     234           0 :                 if ( objId.equals("OID.2.5.29.17") )
     235           0 :                     pExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ;
     236             :                 else
     237           0 :                     pExtn = new CertificateExtension_XmlSecImpl() ;
     238           0 :                 if( (*extns)->critical.data == NULL )
     239           0 :                     crit = false ;
     240             :                 else
     241           0 :                     crit = ( (*extns)->critical.data[0] == 0xFF ) ? sal_True : sal_False ;
     242           0 :                 pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (*extns)->id.data, (*extns)->id.len, crit ) ;
     243           0 :                 break;
     244             :             }
     245             :         }
     246             : 
     247           0 :         return pExtn ;
     248             :     } else {
     249           0 :         return NULL ;
     250             :     }
     251             : }
     252             : 
     253             : 
     254           0 : ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl :: getEncoded() throw ( ::com::sun::star::uno::RuntimeException, std::exception) {
     255           0 :     if( m_pCert != NULL && m_pCert->derCert.len > 0 ) {
     256           0 :         Sequence< sal_Int8 > rawCert( m_pCert->derCert.len ) ;
     257             : 
     258           0 :         for( unsigned int i = 0 ; i < m_pCert->derCert.len ; i ++ )
     259           0 :             rawCert[i] = *( m_pCert->derCert.data + i ) ;
     260             : 
     261           0 :         return rawCert ;
     262             :     } else {
     263           0 :         return ::com::sun::star::uno::Sequence< sal_Int8 >();
     264             :     }
     265             : }
     266             : 
     267             : //Helper methods
     268           0 : void X509Certificate_NssImpl :: setCert( CERTCertificate* cert ) {
     269           0 :     if( m_pCert != NULL ) {
     270           0 :         CERT_DestroyCertificate( m_pCert ) ;
     271           0 :         m_pCert = NULL ;
     272             :     }
     273             : 
     274           0 :     if( cert != NULL ) {
     275           0 :         m_pCert = CERT_DupCertificate( cert ) ;
     276             :     }
     277           0 : }
     278             : 
     279           0 : const CERTCertificate* X509Certificate_NssImpl :: getNssCert() const {
     280           0 :     if( m_pCert != NULL ) {
     281           0 :         return m_pCert ;
     282             :     } else {
     283           0 :         return NULL ;
     284             :     }
     285             : }
     286             : 
     287           0 : void X509Certificate_NssImpl :: setRawCert( const Sequence< sal_Int8 >& rawCert ) throw ( ::com::sun::star::uno::RuntimeException) {
     288             :     CERTCertificate* cert ;
     289             :     SECItem certItem ;
     290             : 
     291           0 :     certItem.data = ( unsigned char* )&rawCert[0] ;
     292           0 :     certItem.len = rawCert.getLength() ;
     293             : 
     294           0 :     cert = CERT_DecodeDERCertificate( &certItem, PR_TRUE, NULL ) ;
     295           0 :     if( cert == NULL )
     296           0 :         throw RuntimeException() ;
     297             : 
     298           0 :     if( m_pCert != NULL ) {
     299           0 :         CERT_DestroyCertificate( m_pCert ) ;
     300           0 :         m_pCert = NULL ;
     301             :     }
     302             : 
     303           0 :     m_pCert = cert ;
     304           0 : }
     305             : 
     306             : /* XUnoTunnel */
     307           0 : sal_Int64 SAL_CALL X509Certificate_NssImpl :: getSomething( const Sequence< sal_Int8 >& aIdentifier ) throw( RuntimeException, std::exception ) {
     308           0 :     if( aIdentifier.getLength() == 16 && 0 == memcmp( getUnoTunnelId().getConstArray(), aIdentifier.getConstArray(), 16 ) ) {
     309           0 :         return sal::static_int_cast<sal_Int64>(reinterpret_cast<sal_uIntPtr>(this));
     310             :     }
     311           0 :     return 0 ;
     312             : }
     313             : 
     314             : /* XUnoTunnel extension */
     315             : 
     316             : namespace
     317             : {
     318             :     class theX509Certificate_NssImplUnoTunnelId : public rtl::Static< UnoTunnelIdInit, theX509Certificate_NssImplUnoTunnelId > {};
     319             : }
     320             : 
     321           0 : const Sequence< sal_Int8>& X509Certificate_NssImpl :: getUnoTunnelId() {
     322           0 :     return theX509Certificate_NssImplUnoTunnelId::get().getSeq();
     323             : }
     324             : 
     325           0 : OUString getAlgorithmDescription(SECAlgorithmID *aid)
     326             : {
     327             :     SECOidTag tag;
     328           0 :     tag = SECOID_GetAlgorithmTag(aid);
     329             : 
     330           0 :     const char *pDesc = SECOID_FindOIDTagDescription(tag);
     331             : 
     332           0 :     return OUString::createFromAscii( pDesc ) ;
     333             : }
     334             : 
     335           0 : ::com::sun::star::uno::Sequence< sal_Int8 > getThumbprint(CERTCertificate *pCert, SECOidTag id)
     336             : {
     337           0 :     if( pCert != NULL )
     338             :     {
     339             :         SECStatus rv;
     340             :         unsigned char fingerprint[20];
     341           0 :         int length = ((id == SEC_OID_MD5)?MD5_LENGTH:SHA1_LENGTH);
     342             : 
     343           0 :         memset(fingerprint, 0, sizeof fingerprint);
     344           0 :         rv = PK11_HashBuf(id, fingerprint, pCert->derCert.data, pCert->derCert.len);
     345           0 :         if(rv == SECSuccess)
     346             :         {
     347           0 :             Sequence< sal_Int8 > thumbprint( length ) ;
     348           0 :             for( int i = 0 ; i < length ; i ++ )
     349           0 :                 thumbprint[i] = fingerprint[i];
     350             : 
     351           0 :             return thumbprint;
     352             :         }
     353             :     }
     354           0 :     return ::com::sun::star::uno::Sequence< sal_Int8 >();
     355             : }
     356             : 
     357           0 : OUString SAL_CALL X509Certificate_NssImpl::getSubjectPublicKeyAlgorithm()
     358             :     throw ( ::com::sun::star::uno::RuntimeException, std::exception)
     359             : {
     360           0 :     if( m_pCert != NULL )
     361             :     {
     362           0 :         return getAlgorithmDescription(&(m_pCert->subjectPublicKeyInfo.algorithm));
     363             :     }
     364             :     else
     365             :     {
     366           0 :         return OUString() ;
     367             :     }
     368             : }
     369             : 
     370           0 : ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getSubjectPublicKeyValue()
     371             :     throw ( ::com::sun::star::uno::RuntimeException, std::exception)
     372             : {
     373           0 :     if( m_pCert != NULL )
     374             :     {
     375           0 :         SECItem spk = m_pCert->subjectPublicKeyInfo.subjectPublicKey;
     376           0 :         DER_ConvertBitString(&spk);
     377             : 
     378           0 :         if ( spk.len>0)
     379             :         {
     380           0 :             Sequence< sal_Int8 > key( spk.len ) ;
     381           0 :             for( unsigned int i = 0 ; i < spk.len ; i ++ )
     382             :             {
     383           0 :                 key[i] = *( spk.data + i ) ;
     384             :             }
     385             : 
     386           0 :             return key ;
     387             :         }
     388             :     }
     389             : 
     390           0 :     return ::com::sun::star::uno::Sequence< sal_Int8 >();
     391             : }
     392             : 
     393           0 : OUString SAL_CALL X509Certificate_NssImpl::getSignatureAlgorithm()
     394             :     throw ( ::com::sun::star::uno::RuntimeException, std::exception)
     395             : {
     396           0 :     if( m_pCert != NULL )
     397             :     {
     398           0 :         return getAlgorithmDescription(&(m_pCert->signature));
     399             :     }
     400             :     else
     401             :     {
     402           0 :         return OUString() ;
     403             :     }
     404             : }
     405             : 
     406           0 : ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getSHA1Thumbprint()
     407             :     throw ( ::com::sun::star::uno::RuntimeException, std::exception)
     408             : {
     409           0 :     return getThumbprint(m_pCert, SEC_OID_SHA1);
     410             : }
     411             : 
     412           0 : ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getMD5Thumbprint()
     413             :     throw ( ::com::sun::star::uno::RuntimeException, std::exception)
     414             : {
     415           0 :     return getThumbprint(m_pCert, SEC_OID_MD5);
     416             : }
     417             : 
     418           0 : sal_Int32 SAL_CALL X509Certificate_NssImpl::getCertificateUsage(  )
     419             :     throw ( ::com::sun::star::uno::RuntimeException, std::exception)
     420             : {
     421             :     SECStatus rv;
     422             :     SECItem tmpitem;
     423             :     sal_Int32 usage;
     424             : 
     425           0 :     rv = CERT_FindKeyUsageExtension(m_pCert, &tmpitem);
     426           0 :     if ( rv == SECSuccess )
     427             :     {
     428           0 :         usage = tmpitem.data[0];
     429           0 :         PORT_Free(tmpitem.data);
     430           0 :         tmpitem.data = NULL;
     431             :     }
     432             :     else
     433             :     {
     434           0 :         usage = KU_ALL;
     435             :     }
     436             : 
     437             :     /*
     438             :      * to make the nss implementation compatible with MSCrypto,
     439             :      * the following usage is ignored
     440             :      *
     441             :      *
     442             :     if ( CERT_GovtApprovedBitSet(m_pCert) )
     443             :     {
     444             :         usage |= KU_NS_GOVT_APPROVED;
     445             :     }
     446             :     */
     447             : 
     448           0 :     return usage;
     449             : }
     450             : 
     451             : /* vim:set shiftwidth=4 softtabstop=4 expandtab: */

Generated by: LCOV version 1.10