xmlsecurity/inc/certificate.hxx | 34 ++++++++++++++ xmlsecurity/source/helper/ooxmlsecparser.cxx | 26 ++++++++++ xmlsecurity/source/helper/ooxmlsecparser.hxx | 5 ++ xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx | 24 +++++++++ xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx | 6 ++ 5 files changed, 92 insertions(+), 3 deletions(-)
New commits: commit f09f61c9b4f474a95fafa144b4eb18dbdf2a166c Author: Miklos Vajna <[email protected]> Date: Thu Feb 11 17:11:55 2016 +0100 xmlsecurity: expose the certificate's SHA-256 checksum in the NSS backend OOXML export will need an SHA-256 hash of the certificate, introducing a css::security::XCertificate2 just for this would be probably an overkill. The same will have to be done in the mscrypto backend in the near future. Change-Id: Id2df06416a713927edd60e1253ff8e1c09dd706a diff --git a/xmlsecurity/inc/certificate.hxx b/xmlsecurity/inc/certificate.hxx new file mode 100644 index 0000000..2c0e049 --- /dev/null +++ b/xmlsecurity/inc/certificate.hxx @@ -0,0 +1,34 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#ifndef INCLUDED_XMLSECURITY_INC_CERTIFICATE_H +#define INCLUDED_XMLSECURITY_INC_CERTIFICATE_H + +#include <sal/types.h> + +namespace xmlsecurity +{ + +/// Extension of css::security::XCertificate for module-internal purposes. +class SAL_NO_VTABLE SAL_DLLPUBLIC_RTTI Certificate +{ +public: + + /// Returns the SHA-256 thumbprint. + virtual css::uno::Sequence<sal_Int8> getSHA256Thumbprint() throw (css::uno::RuntimeException, std::exception) = 0; + +protected: + ~Certificate() throw () {} +}; + +} + +#endif // INCLUDED_XMLSECURITY_INC_CERTIFICATE_H + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx index 0939a1f..9d7cd55 100644 --- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx @@ -35,6 +35,7 @@ #include "sanextension_nssimpl.hxx" #include <tools/time.hxx> +using namespace ::com::sun::star; using namespace ::com::sun::star::uno ; using namespace ::com::sun::star::security ; @@ -337,8 +338,22 @@ OUString getAlgorithmDescription(SECAlgorithmID *aid) if( pCert != nullptr ) { SECStatus rv; - unsigned char fingerprint[20]; - int length = ((id == SEC_OID_MD5)?MD5_LENGTH:SHA1_LENGTH); + unsigned char fingerprint[32]; + int length = 0; + switch (id) + { + case SEC_OID_MD5: + length = MD5_LENGTH; + break; + case SEC_OID_SHA1: + length = SHA1_LENGTH; + break; + case SEC_OID_SHA256: + length = SHA256_LENGTH; + break; + default: + break; + } memset(fingerprint, 0, sizeof fingerprint); rv = PK11_HashBuf(id, fingerprint, pCert->derCert.data, pCert->derCert.len); @@ -409,6 +424,11 @@ OUString SAL_CALL X509Certificate_NssImpl::getSignatureAlgorithm() return getThumbprint(m_pCert, SEC_OID_SHA1); } +uno::Sequence<sal_Int8> X509Certificate_NssImpl::getSHA256Thumbprint() throw (uno::RuntimeException, std::exception) +{ + return getThumbprint(m_pCert, SEC_OID_SHA256); +} + ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getMD5Thumbprint() throw ( ::com::sun::star::uno::RuntimeException, std::exception) { diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx index 70714a4..7bad209 100644 --- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx +++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx @@ -29,11 +29,12 @@ #include <com/sun/star/uno/SecurityException.hpp> #include <com/sun/star/security/XCertificate.hpp> +#include <certificate.hxx> #include "cert.h" class X509Certificate_NssImpl : public ::cppu::WeakImplHelper< ::com::sun::star::security::XCertificate , - ::com::sun::star::lang::XUnoTunnel > + ::com::sun::star::lang::XUnoTunnel > , public xmlsecurity::Certificate { private: CERTCertificate* m_pCert ; @@ -82,6 +83,9 @@ class X509Certificate_NssImpl : public ::cppu::WeakImplHelper< //Methods from XUnoTunnel virtual sal_Int64 SAL_CALL getSomething( const ::com::sun::star::uno::Sequence< sal_Int8 >& aIdentifier ) throw (com::sun::star::uno::RuntimeException, std::exception) override; + /// @see xmlsecurity::Certificate::getSHA256Thumbprint(). + virtual css::uno::Sequence<sal_Int8> getSHA256Thumbprint() throw (css::uno::RuntimeException, std::exception) override; + static const ::com::sun::star::uno::Sequence< sal_Int8 >& getUnoTunnelId() ; //Helper methods commit df4ebee2eff7f3766b604f4928ddf0f0f6e810bd Author: Miklos Vajna <[email protected]> Date: Thu Feb 11 15:14:50 2016 +0100 xmlsecurity: import OOXML <X509SerialNumber> Again, just to help the exporter not loose information. Change-Id: Icc729d6a58321695fa59e009a328fca56d5ef514 diff --git a/xmlsecurity/source/helper/ooxmlsecparser.cxx b/xmlsecurity/source/helper/ooxmlsecparser.cxx index da2ed2c..2086d38 100644 --- a/xmlsecurity/source/helper/ooxmlsecparser.cxx +++ b/xmlsecurity/source/helper/ooxmlsecparser.cxx @@ -20,6 +20,7 @@ OOXMLSecParser::OOXMLSecParser(XSecController* pXSecController) ,m_bInMdssiValue(false) ,m_bInSignatureComments(false) ,m_bInX509IssuerName(false) + ,m_bInX509SerialNumber(false) ,m_bReferenceUnresolved(false) { } @@ -106,6 +107,11 @@ throw (xml::sax::SAXException, uno::RuntimeException, std::exception) m_aX509IssuerName.clear(); m_bInX509IssuerName = true; } + else if (rName == "X509SerialNumber") + { + m_aX509SerialNumber.clear(); + m_bInX509SerialNumber = true; + } if (m_xNextHandler.is()) m_xNextHandler->startElement(rName, xAttribs); @@ -152,6 +158,11 @@ void SAL_CALL OOXMLSecParser::endElement(const OUString& rName) throw (xml::sax: m_pXSecController->setX509IssuerName(m_aX509IssuerName); m_bInX509IssuerName = false; } + else if (rName == "X509SerialNumber") + { + m_pXSecController->setX509SerialNumber(m_aX509SerialNumber); + m_bInX509SerialNumber = false; + } if (m_xNextHandler.is()) m_xNextHandler->endElement(rName); @@ -171,6 +182,8 @@ void SAL_CALL OOXMLSecParser::characters(const OUString& rChars) throw (xml::sax m_aSignatureComments += rChars; else if (m_bInX509IssuerName) m_aX509IssuerName += rChars; + else if (m_bInX509SerialNumber) + m_aX509SerialNumber += rChars; if (m_xNextHandler.is()) m_xNextHandler->characters(rChars); diff --git a/xmlsecurity/source/helper/ooxmlsecparser.hxx b/xmlsecurity/source/helper/ooxmlsecparser.hxx index 1914d4c..819947b 100644 --- a/xmlsecurity/source/helper/ooxmlsecparser.hxx +++ b/xmlsecurity/source/helper/ooxmlsecparser.hxx @@ -41,6 +41,8 @@ class OOXMLSecParser: public cppu::WeakImplHelper OUString m_aSignatureComments; bool m_bInX509IssuerName; OUString m_aX509IssuerName; + bool m_bInX509SerialNumber; + OUString m_aX509SerialNumber; /// Last seen <Reference URI="...">. OUString m_aReferenceURI; commit d7d86dfe4a83dd49192efe167e50c19e75109cde Author: Miklos Vajna <[email protected]> Date: Thu Feb 11 14:57:17 2016 +0100 xmlsecurity: import OOXML <X509IssuerName> This is redundant, but it's needed to survive an export -> import -> export flow, and at the end required in the OOXML result. Change-Id: I0779950b6464b4e15f4da452c163cddbc3d03a3d diff --git a/xmlsecurity/source/helper/ooxmlsecparser.cxx b/xmlsecurity/source/helper/ooxmlsecparser.cxx index 4c930d1..da2ed2c 100644 --- a/xmlsecurity/source/helper/ooxmlsecparser.cxx +++ b/xmlsecurity/source/helper/ooxmlsecparser.cxx @@ -19,6 +19,7 @@ OOXMLSecParser::OOXMLSecParser(XSecController* pXSecController) ,m_bInX509Certificate(false) ,m_bInMdssiValue(false) ,m_bInSignatureComments(false) + ,m_bInX509IssuerName(false) ,m_bReferenceUnresolved(false) { } @@ -100,6 +101,11 @@ throw (xml::sax::SAXException, uno::RuntimeException, std::exception) m_aSignatureComments.clear(); m_bInSignatureComments = true; } + else if (rName == "X509IssuerName") + { + m_aX509IssuerName.clear(); + m_bInX509IssuerName = true; + } if (m_xNextHandler.is()) m_xNextHandler->startElement(rName, xAttribs); @@ -141,6 +147,11 @@ void SAL_CALL OOXMLSecParser::endElement(const OUString& rName) throw (xml::sax: m_pXSecController->setDescription(m_aSignatureComments); m_bInSignatureComments = false; } + else if (rName == "X509IssuerName") + { + m_pXSecController->setX509IssuerName(m_aX509IssuerName); + m_bInX509IssuerName = false; + } if (m_xNextHandler.is()) m_xNextHandler->endElement(rName); @@ -158,6 +169,8 @@ void SAL_CALL OOXMLSecParser::characters(const OUString& rChars) throw (xml::sax m_aMdssiValue += rChars; else if (m_bInSignatureComments) m_aSignatureComments += rChars; + else if (m_bInX509IssuerName) + m_aX509IssuerName += rChars; if (m_xNextHandler.is()) m_xNextHandler->characters(rChars); diff --git a/xmlsecurity/source/helper/ooxmlsecparser.hxx b/xmlsecurity/source/helper/ooxmlsecparser.hxx index dbb0151..1914d4c 100644 --- a/xmlsecurity/source/helper/ooxmlsecparser.hxx +++ b/xmlsecurity/source/helper/ooxmlsecparser.hxx @@ -39,6 +39,9 @@ class OOXMLSecParser: public cppu::WeakImplHelper OUString m_aMdssiValue; bool m_bInSignatureComments; OUString m_aSignatureComments; + bool m_bInX509IssuerName; + OUString m_aX509IssuerName; + /// Last seen <Reference URI="...">. OUString m_aReferenceURI; /// Already called addStreamReference() for this reference. _______________________________________________ Libreoffice-commits mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
