[Libreoffice-commits] core.git: xmlsecurity/source
Libreoffice Gerrit user
logerrit at kemper.freedesktop.org
Mon Oct 29 14:27:33 UTC 2018
xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx | 67 ++++++++--
xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx | 12 +
2 files changed, 66 insertions(+), 13 deletions(-)
New commits:
commit ef2623b712d7417d8135279d654a16de2caf56fc
Author: Tomaž Vajngerl <tomaz.vajngerl at collabora.co.uk>
AuthorDate: Thu Oct 18 10:34:14 2018 +0200
Commit: Tomaž Vajngerl <quikee at gmail.com>
CommitDate: Mon Oct 29 15:27:10 2018 +0100
xmlsecurity: implement XCertificateCreator for NSS backend
Change-Id: I28aa17e6c97494769185ed289836524064030f39
Reviewed-on: https://gerrit.libreoffice.org/61914
Tested-by: Jenkins
Reviewed-by: Tomaž Vajngerl <quikee at gmail.com>
diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
index cae2675db64a..4e31c40bf733 100644
--- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
@@ -26,7 +26,6 @@
#include <sal/macros.h>
#include <osl/diagnose.h>
#include "securityenvironment_nssimpl.hxx"
-#include "x509certificate_nssimpl.hxx"
#include <comphelper/servicehelper.hxx>
#include <xmlsec-wrapper.h>
@@ -433,20 +432,23 @@ Sequence< Reference < XCertificate > > SecurityEnvironment_NssImpl::buildCertifi
return Sequence< Reference < XCertificate > >();
}
-Reference< XCertificate > SecurityEnvironment_NssImpl::createCertificateFromRaw( const Sequence< sal_Int8 >& rawCertificate ) {
- X509Certificate_NssImpl* xcert ;
-
- if( rawCertificate.getLength() > 0 ) {
- xcert = new X509Certificate_NssImpl() ;
- if( xcert == nullptr )
- throw RuntimeException() ;
+X509Certificate_NssImpl* SecurityEnvironment_NssImpl::createX509CertificateFromDER(const css::uno::Sequence<sal_Int8>& aDerCertificate)
+{
+ X509Certificate_NssImpl* pX509Certificate = nullptr;
- xcert->setRawCert( rawCertificate ) ;
- } else {
- xcert = nullptr ;
+ if (aDerCertificate.getLength() > 0)
+ {
+ pX509Certificate = new X509Certificate_NssImpl();
+ if (pX509Certificate == nullptr)
+ throw RuntimeException();
+ pX509Certificate->setRawCert(aDerCertificate);
}
+ return pX509Certificate;
+}
- return xcert ;
+Reference<XCertificate> SecurityEnvironment_NssImpl::createCertificateFromRaw(const Sequence< sal_Int8 >& rawCertificate)
+{
+ return createX509CertificateFromDER(rawCertificate);
}
Reference< XCertificate > SecurityEnvironment_NssImpl::createCertificateFromAscii( const OUString& asciiCertificate )
@@ -839,6 +841,47 @@ void SecurityEnvironment_NssImpl::destroyKeysManager(xmlSecKeysMngrPtr pKeysMngr
}
}
+uno::Reference<security::XCertificate> SecurityEnvironment_NssImpl::createDERCertificateWithPrivateKey(
+ Sequence<sal_Int8> const & raDERCertificate, Sequence<sal_Int8> const & raPrivateKey)
+{
+ SECStatus nStatus = SECSuccess;
+
+ PK11SlotInfo* pSlot = PK11_GetInternalKeySlot();
+ if (!pSlot)
+ return uno::Reference<security::XCertificate>();
+
+ SECItem pDerPrivateKeyInfo;
+ pDerPrivateKeyInfo.data = reinterpret_cast<unsigned char *>(const_cast<sal_Int8 *>(raPrivateKey.getConstArray()));
+ pDerPrivateKeyInfo.len = raPrivateKey.getLength();
+
+ const unsigned int keyUsage = KU_KEY_ENCIPHERMENT | KU_DATA_ENCIPHERMENT | KU_DIGITAL_SIGNATURE;
+ SECKEYPrivateKey* pPrivateKey = nullptr;
+
+ bool bPermanent = false;
+ bool bSensitive = false;
+
+ nStatus = PK11_ImportDERPrivateKeyInfoAndReturnKey(
+ pSlot, &pDerPrivateKeyInfo, nullptr, nullptr, bPermanent, bSensitive,
+ keyUsage, &pPrivateKey, nullptr);
+
+ if (nStatus != SECSuccess)
+ return uno::Reference<security::XCertificate>();
+
+ if (!pPrivateKey)
+ return uno::Reference<security::XCertificate>();
+
+ X509Certificate_NssImpl* pX509Certificate = createX509CertificateFromDER(raDERCertificate);
+ if (!pX509Certificate)
+ return uno::Reference<security::XCertificate>();
+
+ addCryptoSlot(pSlot);
+
+ CERTCertificate* pCERTCertificate = const_cast<CERTCertificate*>(pX509Certificate->getNssCert());
+ pCERTCertificate->slot = pSlot;
+
+ return pX509Certificate;
+}
+
extern "C" SAL_DLLPUBLIC_EXPORT uno::XInterface*
com_sun_star_xml_crypto_SecurityEnvironment_get_implementation(
uno::XComponentContext* /*pCtx*/, uno::Sequence<uno::Any> const& /*rSeq*/)
diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx
index aec7f5bbcead..6c6160fc2009 100644
--- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx
+++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx
@@ -31,11 +31,14 @@
#include <com/sun/star/lang/XServiceInfo.hpp>
#include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp>
+#include <com/sun/star/xml/crypto/XCertificateCreator.hpp>
#include <com/sun/star/security/XCertificate.hpp>
#include <com/sun/star/security/CertificateCharacters.hpp>
#include <com/sun/star/security/CertificateValidity.hpp>
#include <com/sun/star/lang/XUnoTunnel.hpp>
+#include "x509certificate_nssimpl.hxx"
+
#include <osl/mutex.hxx>
#include <pk11func.h>
@@ -46,7 +49,8 @@
#include <xmlsec-wrapper.h>
class SecurityEnvironment_NssImpl : public ::cppu::WeakImplHelper<
- css::xml::crypto::XSecurityEnvironment ,
+ css::xml::crypto::XSecurityEnvironment,
+ css::xml::crypto::XCertificateCreator,
css::lang::XServiceInfo,
css::lang::XUnoTunnel >
{
@@ -111,6 +115,10 @@ private:
virtual css::uno::Reference< css::security::XCertificate > SAL_CALL createCertificateFromRaw( const css::uno::Sequence< sal_Int8 >& rawCertificate ) override ;
virtual css::uno::Reference< css::security::XCertificate > SAL_CALL createCertificateFromAscii( const OUString& asciiCertificate ) override ;
+ // Methods of XCertificateCreator
+ css::uno::Reference<css::security::XCertificate> SAL_CALL createDERCertificateWithPrivateKey(
+ css::uno::Sequence<sal_Int8> const & raDERCertificate,
+ css::uno::Sequence<sal_Int8> const & raPrivateKey) override;
//Native methods
/// @throws css::uno::RuntimeException
@@ -122,6 +130,8 @@ private:
private:
void updateSlots();
+ X509Certificate_NssImpl* createX509CertificateFromDER(const css::uno::Sequence<sal_Int8>& aDerCertificate);
+
/// @throws css::uno::Exception
/// @throws css::uno::RuntimeException
void addCryptoSlot( PK11SlotInfo* aSlot ) ;
More information about the Libreoffice-commits
mailing list