[Libreoffice-commits] core.git: xmlsecurity/inc xmlsecurity/source

Wed Mar 3 11:47:10 UTC 2021

xmlsecurity/inc/biginteger.hxx                                    |    3 
 xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx |   47 ++++++++++
 xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx         |   25 +++++
 3 files changed, 75 insertions(+)

New commits:
commit 1d3da3486d827dd5e7a3bf1c7a533f5aa9860e42
Author:     Michael Stahl <michael.stahl at allotropia.de>
AuthorDate: Thu Feb 25 14:17:48 2021 +0100
Commit:     Michael Stahl <michael.stahl at allotropia.de>
CommitDate: Wed Mar 3 12:46:23 2021 +0100

    xmlsecurity: add EqualDistinguishedNames()
    
    Change-Id: I1222658522e25b916010817f847685c20b1cf5c4
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111545
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>

diff --git a/xmlsecurity/inc/biginteger.hxx b/xmlsecurity/inc/biginteger.hxx
index ac411c2e53b7..c15b54de6229 100644
--- a/xmlsecurity/inc/biginteger.hxx
+++ b/xmlsecurity/inc/biginteger.hxx
@@ -34,6 +34,9 @@ namespace xmlsecurity
 XSECXMLSEC_DLLPUBLIC OUString bigIntegerToNumericString(const css::uno::Sequence<sal_Int8>& serial);
 XSECXMLSEC_DLLPUBLIC css::uno::Sequence<sal_Int8>
 numericStringToBigInteger(std::u16string_view serialNumber);
+
+XSECXMLSEC_DLLPUBLIC bool EqualDistinguishedNames(std::u16string_view rName1,
+                                                  std::u16string_view rName2);
 }
 
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx
index 1672a21c7868..d9d45f5e7062 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx
@@ -26,6 +26,7 @@
 #include <cppuhelper/supportsservice.hxx>
 #include "x509certificate_mscryptimpl.hxx"
 #include <certificateextension_xmlsecimpl.hxx>
+#include <biginteger.hxx>
 #include "sanextension_mscryptimpl.hxx"
 
 #include "oid.hxx"
@@ -651,4 +652,50 @@ Sequence<OUString> SAL_CALL X509Certificate_MSCryptImpl::getSupportedServiceName
     return { OUString() };
 }
 
+namespace xmlsecurity {
+
+static bool EncodeDistinguishedName(std::u16string_view const rName, CERT_NAME_BLOB & rBlob)
+{
+    LPCWSTR pszError;
+    if (!CertStrToNameW(X509_ASN_ENCODING,
+            reinterpret_cast<LPCWSTR>(rName.data()), CERT_X500_NAME_STR,
+            nullptr, nullptr, &rBlob.cbData, &pszError))
+    {
+        SAL_INFO("xmlsecurity.xmlsec", "CertStrToNameW failed: " << WindowsErrorString(GetLastError()) << "; " << reinterpret_cast<char16_t const*>(pszError));
+        return false;
+    }
+    rBlob.pbData = new BYTE[rBlob.cbData];
+    if (!CertStrToNameW(X509_ASN_ENCODING,
+            reinterpret_cast<LPCWSTR>(rName.data()), CERT_X500_NAME_STR,
+            nullptr, rBlob.pbData, &rBlob.cbData, &pszError))
+    {
+        SAL_INFO("xmlsecurity.xmlsec", "CertStrToNameW failed: " << WindowsErrorString(GetLastError()) << "; " << reinterpret_cast<char16_t const*>(pszError));
+        return false;
+    }
+    return true;
+}
+
+bool EqualDistinguishedNames(
+        std::u16string_view const rName1, std::u16string_view const rName2)
+{
+    CERT_NAME_BLOB blob1;
+    if (!EncodeDistinguishedName(rName1, blob1))
+    {
+        return false;
+    }
+    CERT_NAME_BLOB blob2;
+    if (!EncodeDistinguishedName(rName2, blob2))
+    {
+        delete[] blob1.pbData;
+        return false;
+    }
+    bool const ret(CertCompareCertificateName(X509_ASN_ENCODING,
+            &blob1, &blob2) == TRUE);
+    delete[] blob2.pbData;
+    delete[] blob1.pbData;
+    return ret;
+}
+
+} // namespace xmlsecurity
+
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
index 15ec8a346895..940656193e94 100644
--- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
@@ -31,6 +31,7 @@
 #include <rtl/ref.hxx>
 #include "x509certificate_nssimpl.hxx"
 
+#include <biginteger.hxx>
 #include <certificateextension_xmlsecimpl.hxx>
 
 #include "sanextension_nssimpl.hxx"
@@ -533,4 +534,28 @@ sal_Bool SAL_CALL X509Certificate_NssImpl::supportsService(const OUString& servi
 /* XServiceInfo */
 Sequence<OUString> SAL_CALL X509Certificate_NssImpl::getSupportedServiceNames() { return { OUString() }; }
 
+namespace xmlsecurity {
+
+bool EqualDistinguishedNames(
+        std::u16string_view const rName1, std::u16string_view const rName2)
+{
+    CERTName *const pName1(CERT_AsciiToName(OUStringToOString(rName1, RTL_TEXTENCODING_UTF8).getStr()));
+    if (pName1 == nullptr)
+    {
+        return false;
+    }
+    CERTName *const pName2(CERT_AsciiToName(OUStringToOString(rName2, RTL_TEXTENCODING_UTF8).getStr()));
+    if (pName2 == nullptr)
+    {
+        CERT_DestroyName(pName1);
+        return false;
+    }
+    bool const ret(CERT_CompareName(pName1, pName2) == SECEqual);
+    CERT_DestroyName(pName2);
+    CERT_DestroyName(pName1);
+    return ret;
+}
+
+} // namespace xmlsecurity
+
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
