[Libreoffice-commits] core.git: 3 commits - xmlsecurity/inc xmlsecurity/source
Miklos Vajna
vmiklos at collabora.co.uk
Thu Feb 11 16:30:29 UTC 2016
xmlsecurity/inc/certificate.hxx | 34 ++++++++++++++
xmlsecurity/source/helper/ooxmlsecparser.cxx | 26 ++++++++++
xmlsecurity/source/helper/ooxmlsecparser.hxx | 5 ++
xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx | 24 +++++++++
xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx | 6 ++
5 files changed, 92 insertions(+), 3 deletions(-)
New commits:
commit f09f61c9b4f474a95fafa144b4eb18dbdf2a166c
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Thu Feb 11 17:11:55 2016 +0100
xmlsecurity: expose the certificate's SHA-256 checksum in the NSS backend
OOXML export will need an SHA-256 hash of the certificate, introducing
a css::security::XCertificate2 just for this would be probably an
overkill. The same will have to be done in the mscrypto backend in the
near future.
Change-Id: Id2df06416a713927edd60e1253ff8e1c09dd706a
diff --git a/xmlsecurity/inc/certificate.hxx b/xmlsecurity/inc/certificate.hxx
new file mode 100644
index 0000000..2c0e049
--- /dev/null
+++ b/xmlsecurity/inc/certificate.hxx
@@ -0,0 +1,34 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#ifndef INCLUDED_XMLSECURITY_INC_CERTIFICATE_H
+#define INCLUDED_XMLSECURITY_INC_CERTIFICATE_H
+
+#include <sal/types.h>
+
+namespace xmlsecurity
+{
+
+/// Extension of css::security::XCertificate for module-internal purposes.
+class SAL_NO_VTABLE SAL_DLLPUBLIC_RTTI Certificate
+{
+public:
+
+ /// Returns the SHA-256 thumbprint.
+ virtual css::uno::Sequence<sal_Int8> getSHA256Thumbprint() throw (css::uno::RuntimeException, std::exception) = 0;
+
+protected:
+ ~Certificate() throw () {}
+};
+
+}
+
+#endif // INCLUDED_XMLSECURITY_INC_CERTIFICATE_H
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
index 0939a1f..9d7cd55 100644
--- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
@@ -35,6 +35,7 @@
#include "sanextension_nssimpl.hxx"
#include <tools/time.hxx>
+using namespace ::com::sun::star;
using namespace ::com::sun::star::uno ;
using namespace ::com::sun::star::security ;
@@ -337,8 +338,22 @@ OUString getAlgorithmDescription(SECAlgorithmID *aid)
if( pCert != nullptr )
{
SECStatus rv;
- unsigned char fingerprint[20];
- int length = ((id == SEC_OID_MD5)?MD5_LENGTH:SHA1_LENGTH);
+ unsigned char fingerprint[32];
+ int length = 0;
+ switch (id)
+ {
+ case SEC_OID_MD5:
+ length = MD5_LENGTH;
+ break;
+ case SEC_OID_SHA1:
+ length = SHA1_LENGTH;
+ break;
+ case SEC_OID_SHA256:
+ length = SHA256_LENGTH;
+ break;
+ default:
+ break;
+ }
memset(fingerprint, 0, sizeof fingerprint);
rv = PK11_HashBuf(id, fingerprint, pCert->derCert.data, pCert->derCert.len);
@@ -409,6 +424,11 @@ OUString SAL_CALL X509Certificate_NssImpl::getSignatureAlgorithm()
return getThumbprint(m_pCert, SEC_OID_SHA1);
}
+uno::Sequence<sal_Int8> X509Certificate_NssImpl::getSHA256Thumbprint() throw (uno::RuntimeException, std::exception)
+{
+ return getThumbprint(m_pCert, SEC_OID_SHA256);
+}
+
::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getMD5Thumbprint()
throw ( ::com::sun::star::uno::RuntimeException, std::exception)
{
diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx
index 70714a4..7bad209 100644
--- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx
+++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx
@@ -29,11 +29,12 @@
#include <com/sun/star/uno/SecurityException.hpp>
#include <com/sun/star/security/XCertificate.hpp>
+#include <certificate.hxx>
#include "cert.h"
class X509Certificate_NssImpl : public ::cppu::WeakImplHelper<
::com::sun::star::security::XCertificate ,
- ::com::sun::star::lang::XUnoTunnel >
+ ::com::sun::star::lang::XUnoTunnel > , public xmlsecurity::Certificate
{
private:
CERTCertificate* m_pCert ;
@@ -82,6 +83,9 @@ class X509Certificate_NssImpl : public ::cppu::WeakImplHelper<
//Methods from XUnoTunnel
virtual sal_Int64 SAL_CALL getSomething( const ::com::sun::star::uno::Sequence< sal_Int8 >& aIdentifier ) throw (com::sun::star::uno::RuntimeException, std::exception) override;
+ /// @see xmlsecurity::Certificate::getSHA256Thumbprint().
+ virtual css::uno::Sequence<sal_Int8> getSHA256Thumbprint() throw (css::uno::RuntimeException, std::exception) override;
+
static const ::com::sun::star::uno::Sequence< sal_Int8 >& getUnoTunnelId() ;
//Helper methods
commit df4ebee2eff7f3766b604f4928ddf0f0f6e810bd
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Thu Feb 11 15:14:50 2016 +0100
xmlsecurity: import OOXML <X509SerialNumber>
Again, just to help the exporter not loose information.
Change-Id: Icc729d6a58321695fa59e009a328fca56d5ef514
diff --git a/xmlsecurity/source/helper/ooxmlsecparser.cxx b/xmlsecurity/source/helper/ooxmlsecparser.cxx
index da2ed2c..2086d38 100644
--- a/xmlsecurity/source/helper/ooxmlsecparser.cxx
+++ b/xmlsecurity/source/helper/ooxmlsecparser.cxx
@@ -20,6 +20,7 @@ OOXMLSecParser::OOXMLSecParser(XSecController* pXSecController)
,m_bInMdssiValue(false)
,m_bInSignatureComments(false)
,m_bInX509IssuerName(false)
+ ,m_bInX509SerialNumber(false)
,m_bReferenceUnresolved(false)
{
}
@@ -106,6 +107,11 @@ throw (xml::sax::SAXException, uno::RuntimeException, std::exception)
m_aX509IssuerName.clear();
m_bInX509IssuerName = true;
}
+ else if (rName == "X509SerialNumber")
+ {
+ m_aX509SerialNumber.clear();
+ m_bInX509SerialNumber = true;
+ }
if (m_xNextHandler.is())
m_xNextHandler->startElement(rName, xAttribs);
@@ -152,6 +158,11 @@ void SAL_CALL OOXMLSecParser::endElement(const OUString& rName) throw (xml::sax:
m_pXSecController->setX509IssuerName(m_aX509IssuerName);
m_bInX509IssuerName = false;
}
+ else if (rName == "X509SerialNumber")
+ {
+ m_pXSecController->setX509SerialNumber(m_aX509SerialNumber);
+ m_bInX509SerialNumber = false;
+ }
if (m_xNextHandler.is())
m_xNextHandler->endElement(rName);
@@ -171,6 +182,8 @@ void SAL_CALL OOXMLSecParser::characters(const OUString& rChars) throw (xml::sax
m_aSignatureComments += rChars;
else if (m_bInX509IssuerName)
m_aX509IssuerName += rChars;
+ else if (m_bInX509SerialNumber)
+ m_aX509SerialNumber += rChars;
if (m_xNextHandler.is())
m_xNextHandler->characters(rChars);
diff --git a/xmlsecurity/source/helper/ooxmlsecparser.hxx b/xmlsecurity/source/helper/ooxmlsecparser.hxx
index 1914d4c..819947b 100644
--- a/xmlsecurity/source/helper/ooxmlsecparser.hxx
+++ b/xmlsecurity/source/helper/ooxmlsecparser.hxx
@@ -41,6 +41,8 @@ class OOXMLSecParser: public cppu::WeakImplHelper
OUString m_aSignatureComments;
bool m_bInX509IssuerName;
OUString m_aX509IssuerName;
+ bool m_bInX509SerialNumber;
+ OUString m_aX509SerialNumber;
/// Last seen <Reference URI="...">.
OUString m_aReferenceURI;
commit d7d86dfe4a83dd49192efe167e50c19e75109cde
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Thu Feb 11 14:57:17 2016 +0100
xmlsecurity: import OOXML <X509IssuerName>
This is redundant, but it's needed to survive an export -> import ->
export flow, and at the end required in the OOXML result.
Change-Id: I0779950b6464b4e15f4da452c163cddbc3d03a3d
diff --git a/xmlsecurity/source/helper/ooxmlsecparser.cxx b/xmlsecurity/source/helper/ooxmlsecparser.cxx
index 4c930d1..da2ed2c 100644
--- a/xmlsecurity/source/helper/ooxmlsecparser.cxx
+++ b/xmlsecurity/source/helper/ooxmlsecparser.cxx
@@ -19,6 +19,7 @@ OOXMLSecParser::OOXMLSecParser(XSecController* pXSecController)
,m_bInX509Certificate(false)
,m_bInMdssiValue(false)
,m_bInSignatureComments(false)
+ ,m_bInX509IssuerName(false)
,m_bReferenceUnresolved(false)
{
}
@@ -100,6 +101,11 @@ throw (xml::sax::SAXException, uno::RuntimeException, std::exception)
m_aSignatureComments.clear();
m_bInSignatureComments = true;
}
+ else if (rName == "X509IssuerName")
+ {
+ m_aX509IssuerName.clear();
+ m_bInX509IssuerName = true;
+ }
if (m_xNextHandler.is())
m_xNextHandler->startElement(rName, xAttribs);
@@ -141,6 +147,11 @@ void SAL_CALL OOXMLSecParser::endElement(const OUString& rName) throw (xml::sax:
m_pXSecController->setDescription(m_aSignatureComments);
m_bInSignatureComments = false;
}
+ else if (rName == "X509IssuerName")
+ {
+ m_pXSecController->setX509IssuerName(m_aX509IssuerName);
+ m_bInX509IssuerName = false;
+ }
if (m_xNextHandler.is())
m_xNextHandler->endElement(rName);
@@ -158,6 +169,8 @@ void SAL_CALL OOXMLSecParser::characters(const OUString& rChars) throw (xml::sax
m_aMdssiValue += rChars;
else if (m_bInSignatureComments)
m_aSignatureComments += rChars;
+ else if (m_bInX509IssuerName)
+ m_aX509IssuerName += rChars;
if (m_xNextHandler.is())
m_xNextHandler->characters(rChars);
diff --git a/xmlsecurity/source/helper/ooxmlsecparser.hxx b/xmlsecurity/source/helper/ooxmlsecparser.hxx
index dbb0151..1914d4c 100644
--- a/xmlsecurity/source/helper/ooxmlsecparser.hxx
+++ b/xmlsecurity/source/helper/ooxmlsecparser.hxx
@@ -39,6 +39,9 @@ class OOXMLSecParser: public cppu::WeakImplHelper
OUString m_aMdssiValue;
bool m_bInSignatureComments;
OUString m_aSignatureComments;
+ bool m_bInX509IssuerName;
+ OUString m_aX509IssuerName;
+
/// Last seen <Reference URI="...">.
OUString m_aReferenceURI;
/// Already called addStreamReference() for this reference.
More information about the Libreoffice-commits
mailing list