106b3ce53SAndrew Rist /************************************************************** 2cdf0e10cSrcweir * 306b3ce53SAndrew Rist * Licensed to the Apache Software Foundation (ASF) under one 406b3ce53SAndrew Rist * or more contributor license agreements. See the NOTICE file 506b3ce53SAndrew Rist * distributed with this work for additional information 606b3ce53SAndrew Rist * regarding copyright ownership. The ASF licenses this file 706b3ce53SAndrew Rist * to you under the Apache License, Version 2.0 (the 806b3ce53SAndrew Rist * "License"); you may not use this file except in compliance 906b3ce53SAndrew Rist * with the License. You may obtain a copy of the License at 10cdf0e10cSrcweir * 1106b3ce53SAndrew Rist * http://www.apache.org/licenses/LICENSE-2.0 12cdf0e10cSrcweir * 1306b3ce53SAndrew Rist * Unless required by applicable law or agreed to in writing, 1406b3ce53SAndrew Rist * software distributed under the License is distributed on an 1506b3ce53SAndrew Rist * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 1606b3ce53SAndrew Rist * KIND, either express or implied. See the License for the 1706b3ce53SAndrew Rist * specific language governing permissions and limitations 1806b3ce53SAndrew Rist * under the License. 19cdf0e10cSrcweir * 2006b3ce53SAndrew Rist *************************************************************/ 2106b3ce53SAndrew Rist 2206b3ce53SAndrew Rist 23cdf0e10cSrcweir 24cdf0e10cSrcweir // MARKER(update_precomp.py): autogen include statement, do not remove 25cdf0e10cSrcweir #include "precompiled_xmlsecurity.hxx" 26cdf0e10cSrcweir 27cdf0e10cSrcweir #include <stdio.h> 28cdf0e10cSrcweir #include "helper.hxx" 29cdf0e10cSrcweir 30cdf0e10cSrcweir #include "libxml/tree.h" 31cdf0e10cSrcweir #include "libxml/parser.h" 32cdf0e10cSrcweir #ifndef XMLSEC_NO_XSLT 33cdf0e10cSrcweir #include "libxslt/xslt.h" 34cdf0e10cSrcweir #endif 35cdf0e10cSrcweir 36cdf0e10cSrcweir #include "securityenvironment_nssimpl.hxx" 37cdf0e10cSrcweir 38cdf0e10cSrcweir #include <xmlsecurity/biginteger.hxx> 39cdf0e10cSrcweir 40cdf0e10cSrcweir 41cdf0e10cSrcweir #include "nspr.h" 42cdf0e10cSrcweir #include "prtypes.h" 43cdf0e10cSrcweir 44cdf0e10cSrcweir #include "pk11func.h" 45cdf0e10cSrcweir #include "cert.h" 46cdf0e10cSrcweir #include "cryptohi.h" 47cdf0e10cSrcweir #include "certdb.h" 48cdf0e10cSrcweir #include "nss.h" 49cdf0e10cSrcweir 50cdf0e10cSrcweir #include "xmlsec/strings.h" 51cdf0e10cSrcweir #include "xmlsec/xmltree.h" 52cdf0e10cSrcweir 53cdf0e10cSrcweir #include <rtl/ustring.hxx> 54cdf0e10cSrcweir 55cdf0e10cSrcweir using namespace ::rtl ; 56cdf0e10cSrcweir using namespace ::cppu ; 57cdf0e10cSrcweir using namespace ::com::sun::star::uno ; 58cdf0e10cSrcweir using namespace ::com::sun::star::io ; 59cdf0e10cSrcweir using namespace ::com::sun::star::ucb ; 60cdf0e10cSrcweir using namespace ::com::sun::star::beans ; 61cdf0e10cSrcweir using namespace ::com::sun::star::document ; 62cdf0e10cSrcweir using namespace ::com::sun::star::lang ; 63cdf0e10cSrcweir using namespace ::com::sun::star::security ; 64cdf0e10cSrcweir using namespace ::com::sun::star::xml::wrapper ; 65cdf0e10cSrcweir using namespace ::com::sun::star::xml::crypto ; 66cdf0e10cSrcweir 67cdf0e10cSrcweir int SAL_CALL main( int argc, char **argv ) 68cdf0e10cSrcweir { 69cdf0e10cSrcweir CERTCertDBHandle* certHandle ; 70cdf0e10cSrcweir PK11SlotInfo* slot ; 71cdf0e10cSrcweir 72cdf0e10cSrcweir if( argc != 3 ) { 73cdf0e10cSrcweir fprintf( stderr, "Usage: %s < CertDir > <rdb file>\n\n" , argv[0] ) ; 74cdf0e10cSrcweir return 1 ; 75cdf0e10cSrcweir } 76cdf0e10cSrcweir 77cdf0e10cSrcweir for( ; getchar() != 'q' ; ) { 78cdf0e10cSrcweir slot = NULL ; 79cdf0e10cSrcweir 80cdf0e10cSrcweir //Initialize NSPR and NSS 81cdf0e10cSrcweir PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1 ) ; 82cdf0e10cSrcweir PK11_SetPasswordFunc( PriPK11PasswordFunc ) ; 83cdf0e10cSrcweir if( NSS_Init( argv[1] ) != SECSuccess ) { 84*509df7cbSJohn Bampton fprintf( stderr , "### cannot initialize NSS!\n" ) ; 85cdf0e10cSrcweir goto done ; 86cdf0e10cSrcweir } 87cdf0e10cSrcweir 88cdf0e10cSrcweir certHandle = CERT_GetDefaultCertDB() ; 89cdf0e10cSrcweir slot = PK11_GetInternalKeySlot() ; 90cdf0e10cSrcweir 91cdf0e10cSrcweir if( PK11_NeedLogin( slot ) ) { 92cdf0e10cSrcweir SECStatus nRet = PK11_Authenticate( slot, PR_TRUE, NULL ); 93cdf0e10cSrcweir if( nRet != SECSuccess ) { 94cdf0e10cSrcweir fprintf( stderr , "### cannot authehticate the crypto token!\n" ) ; 95cdf0e10cSrcweir goto done ; 96cdf0e10cSrcweir } 97cdf0e10cSrcweir } 98cdf0e10cSrcweir 99cdf0e10cSrcweir 100cdf0e10cSrcweir try { 101cdf0e10cSrcweir Reference< XMultiComponentFactory > xManager = NULL ; 102cdf0e10cSrcweir Reference< XComponentContext > xContext = NULL ; 103cdf0e10cSrcweir 104cdf0e10cSrcweir xManager = serviceManager( xContext , OUString::createFromAscii( "local" ), OUString::createFromAscii( argv[2] ) ) ; 105cdf0e10cSrcweir OSL_ENSURE( xManager.is() , 106cdf0e10cSrcweir "ServicesManager - " 107cdf0e10cSrcweir "Cannot get service manager" ) ; 108cdf0e10cSrcweir 109cdf0e10cSrcweir //Create security environment 110cdf0e10cSrcweir //Build Security Environment 111cdf0e10cSrcweir Reference< XInterface > xsecenv = 112cdf0e10cSrcweir xManager->createInstanceWithContext( OUString::createFromAscii("com.sun.star.xml.security.bridge.xmlsec.SecurityEnvironment_NssImpl"), xContext ) ; 113cdf0e10cSrcweir OSL_ENSURE( xsecenv.is() , 114cdf0e10cSrcweir "Signer - " 115cdf0e10cSrcweir "Cannot get service instance of \"xsec.SecurityEnvironment\"" ) ; 116cdf0e10cSrcweir 117cdf0e10cSrcweir Reference< XSecurityEnvironment > xSecEnv( xsecenv , UNO_QUERY ) ; 118cdf0e10cSrcweir OSL_ENSURE( xSecEnv.is() , 119cdf0e10cSrcweir "Signer - " 120cdf0e10cSrcweir "Cannot get interface of \"XSecurityEnvironment\" from service \"xsec.SecurityEnvironment\"" ) ; 121cdf0e10cSrcweir 122cdf0e10cSrcweir //Setup key slot and certDb 123cdf0e10cSrcweir Reference< XUnoTunnel > xEnvTunnel( xsecenv , UNO_QUERY ) ; 124cdf0e10cSrcweir OSL_ENSURE( xEnvTunnel.is() , 125cdf0e10cSrcweir "Signer - " 126cdf0e10cSrcweir "Cannot get interface of \"XUnoTunnel\" from service \"xsec.SecurityEnvironment\"" ) ; 127cdf0e10cSrcweir 128cdf0e10cSrcweir SecurityEnvironment_NssImpl* pSecEnv = ( SecurityEnvironment_NssImpl* )xEnvTunnel->getSomething( SecurityEnvironment_NssImpl::getUnoTunnelId() ) ; 129cdf0e10cSrcweir OSL_ENSURE( pSecEnv != NULL , 130cdf0e10cSrcweir "Signer - " 131cdf0e10cSrcweir "Cannot get implementation of \"xsec.SecurityEnvironment\"" ) ; 132cdf0e10cSrcweir 133cdf0e10cSrcweir pSecEnv->setCryptoSlot( slot ) ; 134cdf0e10cSrcweir pSecEnv->setCertDb( certHandle ) ; 135cdf0e10cSrcweir 136cdf0e10cSrcweir //Get personal certificate 137cdf0e10cSrcweir Sequence < Reference< XCertificate > > xPersonalCerts = pSecEnv->getPersonalCertificates() ; 138cdf0e10cSrcweir Sequence < Reference< XCertificate > > xCertPath ; 139cdf0e10cSrcweir for( int i = 0; i < xPersonalCerts.getLength(); i ++ ) { 140cdf0e10cSrcweir //Print the certificate infomation. 141cdf0e10cSrcweir fprintf( stdout, "\nPersonal Certificate Info\n" ) ; 142cdf0e10cSrcweir fprintf( stdout, "\tCertificate Issuer[%s]\n", OUStringToOString( xPersonalCerts[i]->getIssuerName(), RTL_TEXTENCODING_ASCII_US ).getStr() ) ; 143cdf0e10cSrcweir fprintf( stdout, "\tCertificate Serial Number[%s]\n", OUStringToOString( bigIntegerToNumericString( xPersonalCerts[i]->getSerialNumber() ), RTL_TEXTENCODING_ASCII_US ).getStr() ) ; 144cdf0e10cSrcweir fprintf( stdout, "\tCertificate Subject[%s]\n", OUStringToOString( xPersonalCerts[i]->getSubjectName(), RTL_TEXTENCODING_ASCII_US ).getStr() ) ; 145cdf0e10cSrcweir 146cdf0e10cSrcweir //build the certificate path 147cdf0e10cSrcweir xCertPath = pSecEnv->buildCertificatePath( xPersonalCerts[i] ) ; 148cdf0e10cSrcweir //Print the certificate path. 149cdf0e10cSrcweir fprintf( stdout, "\tCertificate Path\n" ) ; 150cdf0e10cSrcweir for( int j = 0; j < xCertPath.getLength(); j ++ ) { 151cdf0e10cSrcweir fprintf( stdout, "\t\tCertificate Authority Subject[%s]\n", OUStringToOString( xCertPath[j]->getSubjectName(), RTL_TEXTENCODING_ASCII_US ).getStr() ) ; 152cdf0e10cSrcweir } 153cdf0e10cSrcweir 154cdf0e10cSrcweir //Get the certificate 155cdf0e10cSrcweir Sequence < sal_Int8 > serial = xPersonalCerts[i]->getSerialNumber() ; 156cdf0e10cSrcweir Reference< XCertificate > xcert = pSecEnv->getCertificate( xPersonalCerts[i]->getIssuerName(), xPersonalCerts[i]->getSerialNumber() ) ; 157cdf0e10cSrcweir if( !xcert.is() ) { 158cdf0e10cSrcweir fprintf( stdout, "The personal certificate is not in the certificate database\n" ) ; 159cdf0e10cSrcweir } 160cdf0e10cSrcweir 161cdf0e10cSrcweir //Get the certificate characters 162cdf0e10cSrcweir sal_Int32 chars = pSecEnv->getCertificateCharacters( xPersonalCerts[i] ) ; 163cdf0e10cSrcweir fprintf( stdout, "The certificate characters are %d\n", chars ) ; 164cdf0e10cSrcweir 165cdf0e10cSrcweir //Get the certificate status 166cdf0e10cSrcweir sal_Int32 validity = pSecEnv->verifyCertificate( xPersonalCerts[i] ) ; 167cdf0e10cSrcweir fprintf( stdout, "The certificate validities are %d\n", validity ) ; 168cdf0e10cSrcweir } 169cdf0e10cSrcweir } catch( Exception& e ) { 170cdf0e10cSrcweir fprintf( stderr , "Error Message: %s\n" , OUStringToOString( e.Message , RTL_TEXTENCODING_ASCII_US ).getStr() ) ; 171cdf0e10cSrcweir goto done ; 172cdf0e10cSrcweir } 173cdf0e10cSrcweir 174cdf0e10cSrcweir done: 175cdf0e10cSrcweir if( slot != NULL ) 176cdf0e10cSrcweir PK11_FreeSlot( slot ) ; 177cdf0e10cSrcweir 178cdf0e10cSrcweir PK11_LogoutAll() ; 179cdf0e10cSrcweir NSS_Shutdown() ; 180cdf0e10cSrcweir 181cdf0e10cSrcweir } 182cdf0e10cSrcweir 183cdf0e10cSrcweir return 0; 184cdf0e10cSrcweir } 185cdf0e10cSrcweir 186