1*06b3ce53SAndrew Rist /************************************************************** 2cdf0e10cSrcweir * 3*06b3ce53SAndrew Rist * Licensed to the Apache Software Foundation (ASF) under one 4*06b3ce53SAndrew Rist * or more contributor license agreements. See the NOTICE file 5*06b3ce53SAndrew Rist * distributed with this work for additional information 6*06b3ce53SAndrew Rist * regarding copyright ownership. The ASF licenses this file 7*06b3ce53SAndrew Rist * to you under the Apache License, Version 2.0 (the 8*06b3ce53SAndrew Rist * "License"); you may not use this file except in compliance 9*06b3ce53SAndrew Rist * with the License. You may obtain a copy of the License at 10cdf0e10cSrcweir * 11*06b3ce53SAndrew Rist * http://www.apache.org/licenses/LICENSE-2.0 12cdf0e10cSrcweir * 13*06b3ce53SAndrew Rist * Unless required by applicable law or agreed to in writing, 14*06b3ce53SAndrew Rist * software distributed under the License is distributed on an 15*06b3ce53SAndrew Rist * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16*06b3ce53SAndrew Rist * KIND, either express or implied. See the License for the 17*06b3ce53SAndrew Rist * specific language governing permissions and limitations 18*06b3ce53SAndrew Rist * under the License. 19cdf0e10cSrcweir * 20*06b3ce53SAndrew Rist *************************************************************/ 21*06b3ce53SAndrew Rist 22*06b3ce53SAndrew Rist 23cdf0e10cSrcweir 24cdf0e10cSrcweir // MARKER(update_precomp.py): autogen include statement, do not remove 25cdf0e10cSrcweir #include "precompiled_xmlsecurity.hxx" 26cdf0e10cSrcweir #include <sal/config.h> 27cdf0e10cSrcweir #include <rtl/uuid.h> 28cdf0e10cSrcweir #include "x509certificate_mscryptimpl.hxx" 29cdf0e10cSrcweir #include "certificateextension_xmlsecimpl.hxx" 30cdf0e10cSrcweir #include "sanextension_mscryptimpl.hxx" 31cdf0e10cSrcweir 32cdf0e10cSrcweir //MM : added by MM 33cdf0e10cSrcweir #include "oid.hxx" 34cdf0e10cSrcweir //MM : end 35cdf0e10cSrcweir 36cdf0e10cSrcweir //CP : added by CP 37cdf0e10cSrcweir #include <rtl/locale.h> 38cdf0e10cSrcweir #include <osl/nlsupport.h> 39cdf0e10cSrcweir #include <osl/process.h> 40cdf0e10cSrcweir #include <utility> 41cdf0e10cSrcweir 42cdf0e10cSrcweir //CP : end 43cdf0e10cSrcweir 44cdf0e10cSrcweir using namespace ::com::sun::star::uno ; 45cdf0e10cSrcweir using namespace ::com::sun::star::security ; 46cdf0e10cSrcweir using ::rtl::OUString ; 47cdf0e10cSrcweir 48cdf0e10cSrcweir using ::com::sun::star::security::XCertificate ; 49cdf0e10cSrcweir using ::com::sun::star::util::DateTime ; 50cdf0e10cSrcweir 51cdf0e10cSrcweir #define OUSTR(x) ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM(x) ) 52cdf0e10cSrcweir 53cdf0e10cSrcweir /*Resturns the index withing rRawString where sTypeName starts and where it ends. 54cdf0e10cSrcweir The starting index is pair.first. The ending index in pair.second points 55cdf0e10cSrcweir one char after the last character of the type. 56cdf0e10cSrcweir sTypeName can be 57cdf0e10cSrcweir "S" or "CN" (without ""). Do not use spaces at the beginning of the type name. 58cdf0e10cSrcweir If the type name is not found then pair.first and pair.second are -1. 59cdf0e10cSrcweir */ 60cdf0e10cSrcweir std::pair< sal_Int32, sal_Int32 > 61cdf0e10cSrcweir findTypeInDN(const OUString& rRawString, const OUString& sTypeName) 62cdf0e10cSrcweir { 63cdf0e10cSrcweir std::pair< sal_Int32, sal_Int32 > retVal; 64cdf0e10cSrcweir bool bInEscape = false; 65cdf0e10cSrcweir bool bInValue = false; 66cdf0e10cSrcweir bool bFound = false; 67cdf0e10cSrcweir sal_Int32 nTypeNameStart = 0; 68cdf0e10cSrcweir sal_Int32 length = rRawString.getLength(); 69cdf0e10cSrcweir 70cdf0e10cSrcweir for (sal_Int32 i = 0; i < length; i++) 71cdf0e10cSrcweir { 72cdf0e10cSrcweir sal_Unicode c = rRawString[i]; 73cdf0e10cSrcweir 74cdf0e10cSrcweir if (c == '=') 75cdf0e10cSrcweir { 76cdf0e10cSrcweir if (! bInValue) 77cdf0e10cSrcweir { 78cdf0e10cSrcweir OUString sType = rRawString.copy(nTypeNameStart, i - nTypeNameStart); 79cdf0e10cSrcweir sType = sType.trim(); 80cdf0e10cSrcweir if (sType.equalsIgnoreAsciiCase(sTypeName)) 81cdf0e10cSrcweir { 82cdf0e10cSrcweir bFound = true; 83cdf0e10cSrcweir break; 84cdf0e10cSrcweir } 85cdf0e10cSrcweir } 86cdf0e10cSrcweir } 87cdf0e10cSrcweir else if (c == '"') 88cdf0e10cSrcweir { 89cdf0e10cSrcweir if (!bInEscape) 90cdf0e10cSrcweir { 91cdf0e10cSrcweir //If this is the quote is the first of the couple which enclose the 92cdf0e10cSrcweir //whole value, because the value contains special characters 93cdf0e10cSrcweir //then we just drop it. That is, this character must be followed by 94cdf0e10cSrcweir //a character which is not '"'. 95cdf0e10cSrcweir if ( i + 1 < length && rRawString[i+1] == '"') 96cdf0e10cSrcweir bInEscape = true; 97cdf0e10cSrcweir else 98cdf0e10cSrcweir bInValue = !bInValue; //value is enclosed in " " 99cdf0e10cSrcweir } 100cdf0e10cSrcweir else 101cdf0e10cSrcweir { 102cdf0e10cSrcweir //This quote is escaped by a preceding quote and therefore is 103cdf0e10cSrcweir //part of the value 104cdf0e10cSrcweir bInEscape = false; 105cdf0e10cSrcweir } 106cdf0e10cSrcweir } 107cdf0e10cSrcweir else if (c == ',' || c == '+') 108cdf0e10cSrcweir { 109cdf0e10cSrcweir //The comma separate the attribute value pairs. 110cdf0e10cSrcweir //If the comma is not part of a value (the value would then be enclosed in '"'), 111cdf0e10cSrcweir //then we have reached the end of the value 112cdf0e10cSrcweir if (!bInValue) 113cdf0e10cSrcweir { 114cdf0e10cSrcweir //The next char is the start of the new type 115cdf0e10cSrcweir nTypeNameStart = i + 1; 116cdf0e10cSrcweir } 117cdf0e10cSrcweir } 118cdf0e10cSrcweir } 119cdf0e10cSrcweir 120cdf0e10cSrcweir //Found the Type Name, but there can still be spaces after the last comma 121cdf0e10cSrcweir //and the beginning of the type. 122cdf0e10cSrcweir if (bFound) 123cdf0e10cSrcweir { 124cdf0e10cSrcweir while (true) 125cdf0e10cSrcweir { 126cdf0e10cSrcweir sal_Unicode c = rRawString[nTypeNameStart]; 127cdf0e10cSrcweir if (c != ' ' && c != '\t') 128cdf0e10cSrcweir //found 129cdf0e10cSrcweir break; 130cdf0e10cSrcweir nTypeNameStart ++; 131cdf0e10cSrcweir } 132cdf0e10cSrcweir // search end (one after last letter) 133cdf0e10cSrcweir sal_Int32 nTypeNameEnd = nTypeNameStart; 134cdf0e10cSrcweir nTypeNameEnd++; 135cdf0e10cSrcweir while (true) 136cdf0e10cSrcweir { 137cdf0e10cSrcweir sal_Unicode c = rRawString[nTypeNameEnd]; 138cdf0e10cSrcweir if (c == ' ' || c == '\t' || c == '=') 139cdf0e10cSrcweir break; 140cdf0e10cSrcweir nTypeNameEnd++; 141cdf0e10cSrcweir } 142cdf0e10cSrcweir retVal = std::make_pair(nTypeNameStart, nTypeNameEnd); 143cdf0e10cSrcweir } 144cdf0e10cSrcweir else 145cdf0e10cSrcweir { 146cdf0e10cSrcweir retVal = std::make_pair(-1, -1); 147cdf0e10cSrcweir } 148cdf0e10cSrcweir return retVal; 149cdf0e10cSrcweir } 150cdf0e10cSrcweir 151cdf0e10cSrcweir 152cdf0e10cSrcweir /* 153cdf0e10cSrcweir MS Crypto uses the 'S' tag (equal to the 'ST' tag in NSS), but the NSS can't recognise 154cdf0e10cSrcweir it, so the 'S' tag should be changed to 'ST' tag. However I am not sure if this is necessary 155cdf0e10cSrcweir anymore, because we provide always the signers certificate when signing. So libmlsec can find 156cdf0e10cSrcweir the private key based on the provided certificate (X509Certificate element) and does not need 157cdf0e10cSrcweir the issuer name (X509IssuerName element). The issuer name in the xml signature has also no 158cdf0e10cSrcweir effect for the signature nor the certificate validation. 159cdf0e10cSrcweir In many RFCs, for example 4519, on speaks of 'ST'. However, the certificate does not contain 160cdf0e10cSrcweir strings for type names. Instead it uses OIDs. 161cdf0e10cSrcweir */ 162cdf0e10cSrcweir 163cdf0e10cSrcweir OUString replaceTagSWithTagST(OUString oldDN) 164cdf0e10cSrcweir { 165cdf0e10cSrcweir std::pair<sal_Int32, sal_Int32 > pairIndex = findTypeInDN(oldDN, OUSTR("S")); 166cdf0e10cSrcweir 167cdf0e10cSrcweir if (pairIndex.first != -1) 168cdf0e10cSrcweir { 169cdf0e10cSrcweir OUString newDN = oldDN.copy(0, pairIndex.first); 170cdf0e10cSrcweir newDN += OUSTR("ST"); 171cdf0e10cSrcweir newDN += oldDN.copy(pairIndex.second); 172cdf0e10cSrcweir return newDN; 173cdf0e10cSrcweir } 174cdf0e10cSrcweir return oldDN; 175cdf0e10cSrcweir } 176cdf0e10cSrcweir /* end */ 177cdf0e10cSrcweir 178cdf0e10cSrcweir X509Certificate_MSCryptImpl :: X509Certificate_MSCryptImpl() : 179cdf0e10cSrcweir m_pCertContext( NULL ) 180cdf0e10cSrcweir { 181cdf0e10cSrcweir } 182cdf0e10cSrcweir 183cdf0e10cSrcweir X509Certificate_MSCryptImpl :: ~X509Certificate_MSCryptImpl() { 184cdf0e10cSrcweir if( m_pCertContext != NULL ) { 185cdf0e10cSrcweir CertFreeCertificateContext( m_pCertContext ) ; 186cdf0e10cSrcweir } 187cdf0e10cSrcweir } 188cdf0e10cSrcweir 189cdf0e10cSrcweir //Methods from XCertificate 190cdf0e10cSrcweir sal_Int16 SAL_CALL X509Certificate_MSCryptImpl :: getVersion() throw ( ::com::sun::star::uno::RuntimeException) { 191cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) { 192cdf0e10cSrcweir return ( char )m_pCertContext->pCertInfo->dwVersion ; 193cdf0e10cSrcweir } else { 194cdf0e10cSrcweir return -1 ; 195cdf0e10cSrcweir } 196cdf0e10cSrcweir } 197cdf0e10cSrcweir 198cdf0e10cSrcweir ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl :: getSerialNumber() throw ( ::com::sun::star::uno::RuntimeException) { 199cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) { 200cdf0e10cSrcweir Sequence< sal_Int8 > serial( m_pCertContext->pCertInfo->SerialNumber.cbData ) ; 201cdf0e10cSrcweir for( unsigned int i = 0 ; i < m_pCertContext->pCertInfo->SerialNumber.cbData ; i ++ ) 202cdf0e10cSrcweir serial[i] = *( m_pCertContext->pCertInfo->SerialNumber.pbData + m_pCertContext->pCertInfo->SerialNumber.cbData - i - 1 ) ; 203cdf0e10cSrcweir 204cdf0e10cSrcweir return serial ; 205cdf0e10cSrcweir } else { 206cdf0e10cSrcweir return Sequence< sal_Int8 >(); 207cdf0e10cSrcweir } 208cdf0e10cSrcweir } 209cdf0e10cSrcweir 210cdf0e10cSrcweir ::rtl::OUString SAL_CALL X509Certificate_MSCryptImpl :: getIssuerName() throw ( ::com::sun::star::uno::RuntimeException) { 211cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) { 212cdf0e10cSrcweir char* issuer ; 213cdf0e10cSrcweir DWORD cbIssuer ; 214cdf0e10cSrcweir 215cdf0e10cSrcweir cbIssuer = CertNameToStr( 216cdf0e10cSrcweir X509_ASN_ENCODING | PKCS_7_ASN_ENCODING , 217cdf0e10cSrcweir &( m_pCertContext->pCertInfo->Issuer ), 218cdf0e10cSrcweir CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG , 219cdf0e10cSrcweir NULL, 0 220cdf0e10cSrcweir ) ; 221cdf0e10cSrcweir 222cdf0e10cSrcweir // Here the cbIssuer count the last 0x00 , take care. 223cdf0e10cSrcweir if( cbIssuer != 0 ) { 224cdf0e10cSrcweir issuer = new char[ cbIssuer ] ; 225cdf0e10cSrcweir if( issuer == NULL ) 226cdf0e10cSrcweir throw RuntimeException() ; 227cdf0e10cSrcweir 228cdf0e10cSrcweir cbIssuer = CertNameToStr( 229cdf0e10cSrcweir X509_ASN_ENCODING | PKCS_7_ASN_ENCODING , 230cdf0e10cSrcweir &( m_pCertContext->pCertInfo->Issuer ), 231cdf0e10cSrcweir CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG , 232cdf0e10cSrcweir issuer, cbIssuer 233cdf0e10cSrcweir ) ; 234cdf0e10cSrcweir 235cdf0e10cSrcweir if( cbIssuer <= 0 ) { 236cdf0e10cSrcweir delete [] issuer ; 237cdf0e10cSrcweir throw RuntimeException() ; 238cdf0e10cSrcweir } 239cdf0e10cSrcweir 240cdf0e10cSrcweir // By CP , for correct encoding 241cdf0e10cSrcweir sal_uInt16 encoding ; 242cdf0e10cSrcweir rtl_Locale *pLocale = NULL ; 243cdf0e10cSrcweir osl_getProcessLocale( &pLocale ) ; 244cdf0e10cSrcweir encoding = osl_getTextEncodingFromLocale( pLocale ) ; 245cdf0e10cSrcweir // CP end 246cdf0e10cSrcweir 247cdf0e10cSrcweir if(issuer[cbIssuer-1] == 0) cbIssuer--; //delimit the last 0x00; 248cdf0e10cSrcweir OUString xIssuer(issuer , cbIssuer ,encoding ) ; //By CP 249cdf0e10cSrcweir delete [] issuer ; 250cdf0e10cSrcweir 251cdf0e10cSrcweir return replaceTagSWithTagST(xIssuer); 252cdf0e10cSrcweir } else { 253cdf0e10cSrcweir return OUString() ; 254cdf0e10cSrcweir } 255cdf0e10cSrcweir } else { 256cdf0e10cSrcweir return OUString() ; 257cdf0e10cSrcweir } 258cdf0e10cSrcweir } 259cdf0e10cSrcweir 260cdf0e10cSrcweir ::rtl::OUString SAL_CALL X509Certificate_MSCryptImpl :: getSubjectName() throw ( ::com::sun::star::uno::RuntimeException) 261cdf0e10cSrcweir { 262cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) 263cdf0e10cSrcweir { 264cdf0e10cSrcweir wchar_t* subject ; 265cdf0e10cSrcweir DWORD cbSubject ; 266cdf0e10cSrcweir 267cdf0e10cSrcweir cbSubject = CertNameToStrW( 268cdf0e10cSrcweir X509_ASN_ENCODING | PKCS_7_ASN_ENCODING , 269cdf0e10cSrcweir &( m_pCertContext->pCertInfo->Subject ), 270cdf0e10cSrcweir CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG , 271cdf0e10cSrcweir NULL, 0 272cdf0e10cSrcweir ) ; 273cdf0e10cSrcweir 274cdf0e10cSrcweir if( cbSubject != 0 ) 275cdf0e10cSrcweir { 276cdf0e10cSrcweir subject = new wchar_t[ cbSubject ] ; 277cdf0e10cSrcweir if( subject == NULL ) 278cdf0e10cSrcweir throw RuntimeException() ; 279cdf0e10cSrcweir 280cdf0e10cSrcweir cbSubject = CertNameToStrW( 281cdf0e10cSrcweir X509_ASN_ENCODING | PKCS_7_ASN_ENCODING , 282cdf0e10cSrcweir &( m_pCertContext->pCertInfo->Subject ), 283cdf0e10cSrcweir CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG , 284cdf0e10cSrcweir subject, cbSubject 285cdf0e10cSrcweir ) ; 286cdf0e10cSrcweir 287cdf0e10cSrcweir if( cbSubject <= 0 ) { 288cdf0e10cSrcweir delete [] subject ; 289cdf0e10cSrcweir throw RuntimeException() ; 290cdf0e10cSrcweir } 291cdf0e10cSrcweir 292cdf0e10cSrcweir OUString xSubject(reinterpret_cast<const sal_Unicode*>(subject)); 293cdf0e10cSrcweir delete [] subject ; 294cdf0e10cSrcweir 295cdf0e10cSrcweir return replaceTagSWithTagST(xSubject); 296cdf0e10cSrcweir } else 297cdf0e10cSrcweir { 298cdf0e10cSrcweir return OUString() ; 299cdf0e10cSrcweir } 300cdf0e10cSrcweir } 301cdf0e10cSrcweir else 302cdf0e10cSrcweir { 303cdf0e10cSrcweir return OUString() ; 304cdf0e10cSrcweir } 305cdf0e10cSrcweir } 306cdf0e10cSrcweir 307cdf0e10cSrcweir ::com::sun::star::util::DateTime SAL_CALL X509Certificate_MSCryptImpl :: getNotValidBefore() throw ( ::com::sun::star::uno::RuntimeException ) { 308cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) { 309cdf0e10cSrcweir SYSTEMTIME explTime ; 310cdf0e10cSrcweir DateTime dateTime ; 311cdf0e10cSrcweir FILETIME localFileTime; 312cdf0e10cSrcweir 313cdf0e10cSrcweir if (FileTimeToLocalFileTime(&( m_pCertContext->pCertInfo->NotBefore ), &localFileTime)) 314cdf0e10cSrcweir { 315cdf0e10cSrcweir if( FileTimeToSystemTime( &localFileTime, &explTime ) ) { 316cdf0e10cSrcweir //Convert the time to readable local time 317cdf0e10cSrcweir dateTime.HundredthSeconds = explTime.wMilliseconds / 100 ; 318cdf0e10cSrcweir dateTime.Seconds = explTime.wSecond ; 319cdf0e10cSrcweir dateTime.Minutes = explTime.wMinute ; 320cdf0e10cSrcweir dateTime.Hours = explTime.wHour ; 321cdf0e10cSrcweir dateTime.Day = explTime.wDay ; 322cdf0e10cSrcweir dateTime.Month = explTime.wMonth ; 323cdf0e10cSrcweir dateTime.Year = explTime.wYear ; 324cdf0e10cSrcweir } 325cdf0e10cSrcweir } 326cdf0e10cSrcweir 327cdf0e10cSrcweir return dateTime ; 328cdf0e10cSrcweir } else { 329cdf0e10cSrcweir return DateTime() ; 330cdf0e10cSrcweir } 331cdf0e10cSrcweir } 332cdf0e10cSrcweir 333cdf0e10cSrcweir ::com::sun::star::util::DateTime SAL_CALL X509Certificate_MSCryptImpl :: getNotValidAfter() throw ( ::com::sun::star::uno::RuntimeException) { 334cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) { 335cdf0e10cSrcweir SYSTEMTIME explTime ; 336cdf0e10cSrcweir DateTime dateTime ; 337cdf0e10cSrcweir FILETIME localFileTime; 338cdf0e10cSrcweir 339cdf0e10cSrcweir if (FileTimeToLocalFileTime(&( m_pCertContext->pCertInfo->NotAfter ), &localFileTime)) 340cdf0e10cSrcweir { 341cdf0e10cSrcweir if( FileTimeToSystemTime( &localFileTime, &explTime ) ) { 342cdf0e10cSrcweir //Convert the time to readable local time 343cdf0e10cSrcweir dateTime.HundredthSeconds = explTime.wMilliseconds / 100 ; 344cdf0e10cSrcweir dateTime.Seconds = explTime.wSecond ; 345cdf0e10cSrcweir dateTime.Minutes = explTime.wMinute ; 346cdf0e10cSrcweir dateTime.Hours = explTime.wHour ; 347cdf0e10cSrcweir dateTime.Day = explTime.wDay ; 348cdf0e10cSrcweir dateTime.Month = explTime.wMonth ; 349cdf0e10cSrcweir dateTime.Year = explTime.wYear ; 350cdf0e10cSrcweir } 351cdf0e10cSrcweir } 352cdf0e10cSrcweir 353cdf0e10cSrcweir return dateTime ; 354cdf0e10cSrcweir } else { 355cdf0e10cSrcweir return DateTime() ; 356cdf0e10cSrcweir } 357cdf0e10cSrcweir } 358cdf0e10cSrcweir 359cdf0e10cSrcweir ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl :: getIssuerUniqueID() throw ( ::com::sun::star::uno::RuntimeException) { 360cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) { 361cdf0e10cSrcweir Sequence< sal_Int8 > issuerUid( m_pCertContext->pCertInfo->IssuerUniqueId.cbData ) ; 362cdf0e10cSrcweir for( unsigned int i = 0 ; i < m_pCertContext->pCertInfo->IssuerUniqueId.cbData; i ++ ) 363cdf0e10cSrcweir issuerUid[i] = *( m_pCertContext->pCertInfo->IssuerUniqueId.pbData + i ) ; 364cdf0e10cSrcweir 365cdf0e10cSrcweir return issuerUid ; 366cdf0e10cSrcweir } else { 367cdf0e10cSrcweir return Sequence< sal_Int8 >(); 368cdf0e10cSrcweir } 369cdf0e10cSrcweir } 370cdf0e10cSrcweir 371cdf0e10cSrcweir ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl :: getSubjectUniqueID() throw ( ::com::sun::star::uno::RuntimeException ) { 372cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) { 373cdf0e10cSrcweir Sequence< sal_Int8 > subjectUid( m_pCertContext->pCertInfo->SubjectUniqueId.cbData ) ; 374cdf0e10cSrcweir for( unsigned int i = 0 ; i < m_pCertContext->pCertInfo->SubjectUniqueId.cbData; i ++ ) 375cdf0e10cSrcweir subjectUid[i] = *( m_pCertContext->pCertInfo->SubjectUniqueId.pbData + i ) ; 376cdf0e10cSrcweir 377cdf0e10cSrcweir return subjectUid ; 378cdf0e10cSrcweir } else { 379cdf0e10cSrcweir return Sequence< sal_Int8 >(); 380cdf0e10cSrcweir } 381cdf0e10cSrcweir } 382cdf0e10cSrcweir 383cdf0e10cSrcweir ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificateExtension > > SAL_CALL X509Certificate_MSCryptImpl :: getExtensions() throw ( ::com::sun::star::uno::RuntimeException ) { 384cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL && m_pCertContext->pCertInfo->cExtension != 0 ) { 385cdf0e10cSrcweir CertificateExtension_XmlSecImpl* xExtn ; 386cdf0e10cSrcweir CERT_EXTENSION* pExtn ; 387cdf0e10cSrcweir Sequence< Reference< XCertificateExtension > > xExtns( m_pCertContext->pCertInfo->cExtension ) ; 388cdf0e10cSrcweir 389cdf0e10cSrcweir for( unsigned int i = 0; i < m_pCertContext->pCertInfo->cExtension; i++ ) { 390cdf0e10cSrcweir pExtn = &(m_pCertContext->pCertInfo->rgExtension[i]) ; 391cdf0e10cSrcweir 392cdf0e10cSrcweir 393cdf0e10cSrcweir ::rtl::OUString objId = ::rtl::OUString::createFromAscii( pExtn->pszObjId ); 394cdf0e10cSrcweir 395cdf0e10cSrcweir if ( objId.equalsAscii("2.5.29.17") ) 396cdf0e10cSrcweir xExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ; 397cdf0e10cSrcweir else 398cdf0e10cSrcweir xExtn = new CertificateExtension_XmlSecImpl() ; 399cdf0e10cSrcweir if( xExtn == NULL ) 400cdf0e10cSrcweir throw RuntimeException() ; 401cdf0e10cSrcweir 402cdf0e10cSrcweir xExtn->setCertExtn( pExtn->Value.pbData, pExtn->Value.cbData, ( unsigned char* )pExtn->pszObjId, strlen( pExtn->pszObjId ), sal::static_int_cast<sal_Bool>(pExtn->fCritical) ) ; 403cdf0e10cSrcweir 404cdf0e10cSrcweir xExtns[i] = xExtn ; 405cdf0e10cSrcweir } 406cdf0e10cSrcweir 407cdf0e10cSrcweir return xExtns ; 408cdf0e10cSrcweir } else { 409cdf0e10cSrcweir return Sequence< Reference< XCertificateExtension > >(); 410cdf0e10cSrcweir } 411cdf0e10cSrcweir } 412cdf0e10cSrcweir 413cdf0e10cSrcweir ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificateExtension > SAL_CALL X509Certificate_MSCryptImpl :: findCertificateExtension( const ::com::sun::star::uno::Sequence< sal_Int8 >& /*oid*/ ) throw (::com::sun::star::uno::RuntimeException) { 414cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL && m_pCertContext->pCertInfo->cExtension != 0 ) { 415cdf0e10cSrcweir CertificateExtension_XmlSecImpl* xExtn ; 416cdf0e10cSrcweir CERT_EXTENSION* pExtn ; 417cdf0e10cSrcweir Sequence< Reference< XCertificateExtension > > xExtns( m_pCertContext->pCertInfo->cExtension ) ; 418cdf0e10cSrcweir 419cdf0e10cSrcweir xExtn = NULL ; 420cdf0e10cSrcweir for( unsigned int i = 0; i < m_pCertContext->pCertInfo->cExtension; i++ ) { 421cdf0e10cSrcweir pExtn = &( m_pCertContext->pCertInfo->rgExtension[i] ) ; 422cdf0e10cSrcweir 423cdf0e10cSrcweir //TODO: Compare the oid 424cdf0e10cSrcweir if( 0 ) { 425cdf0e10cSrcweir xExtn = new CertificateExtension_XmlSecImpl() ; 426cdf0e10cSrcweir if( xExtn == NULL ) 427cdf0e10cSrcweir throw RuntimeException() ; 428cdf0e10cSrcweir 429cdf0e10cSrcweir xExtn->setCertExtn( pExtn->Value.pbData, pExtn->Value.cbData, ( unsigned char* )pExtn->pszObjId, strlen( pExtn->pszObjId ), sal::static_int_cast<sal_Bool>(pExtn->fCritical) ) ; 430cdf0e10cSrcweir } 431cdf0e10cSrcweir } 432cdf0e10cSrcweir 433cdf0e10cSrcweir return xExtn ; 434cdf0e10cSrcweir } else { 435cdf0e10cSrcweir return NULL ; 436cdf0e10cSrcweir } 437cdf0e10cSrcweir } 438cdf0e10cSrcweir 439cdf0e10cSrcweir 440cdf0e10cSrcweir ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl :: getEncoded() throw ( ::com::sun::star::uno::RuntimeException) { 441cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->cbCertEncoded > 0 ) { 442cdf0e10cSrcweir Sequence< sal_Int8 > rawCert( m_pCertContext->cbCertEncoded ) ; 443cdf0e10cSrcweir 444cdf0e10cSrcweir for( unsigned int i = 0 ; i < m_pCertContext->cbCertEncoded ; i ++ ) 445cdf0e10cSrcweir rawCert[i] = *( m_pCertContext->pbCertEncoded + i ) ; 446cdf0e10cSrcweir 447cdf0e10cSrcweir return rawCert ; 448cdf0e10cSrcweir } else { 449cdf0e10cSrcweir return Sequence< sal_Int8 >(); 450cdf0e10cSrcweir } 451cdf0e10cSrcweir } 452cdf0e10cSrcweir 453cdf0e10cSrcweir //Helper methods 454cdf0e10cSrcweir void X509Certificate_MSCryptImpl :: setMswcryCert( const CERT_CONTEXT* cert ) { 455cdf0e10cSrcweir if( m_pCertContext != NULL ) { 456cdf0e10cSrcweir CertFreeCertificateContext( m_pCertContext ) ; 457cdf0e10cSrcweir m_pCertContext = NULL ; 458cdf0e10cSrcweir } 459cdf0e10cSrcweir 460cdf0e10cSrcweir if( cert != NULL ) { 461cdf0e10cSrcweir m_pCertContext = CertDuplicateCertificateContext( cert ) ; 462cdf0e10cSrcweir } 463cdf0e10cSrcweir } 464cdf0e10cSrcweir 465cdf0e10cSrcweir const CERT_CONTEXT* X509Certificate_MSCryptImpl :: getMswcryCert() const { 466cdf0e10cSrcweir if( m_pCertContext != NULL ) { 467cdf0e10cSrcweir return m_pCertContext ; 468cdf0e10cSrcweir } else { 469cdf0e10cSrcweir return NULL ; 470cdf0e10cSrcweir } 471cdf0e10cSrcweir } 472cdf0e10cSrcweir 473cdf0e10cSrcweir void X509Certificate_MSCryptImpl :: setRawCert( Sequence< sal_Int8 > rawCert ) throw ( ::com::sun::star::uno::RuntimeException) { 474cdf0e10cSrcweir if( m_pCertContext != NULL ) { 475cdf0e10cSrcweir CertFreeCertificateContext( m_pCertContext ) ; 476cdf0e10cSrcweir m_pCertContext = NULL ; 477cdf0e10cSrcweir } 478cdf0e10cSrcweir 479cdf0e10cSrcweir if( rawCert.getLength() != 0 ) { 480cdf0e10cSrcweir m_pCertContext = CertCreateCertificateContext( X509_ASN_ENCODING, ( const sal_uInt8* )&rawCert[0], rawCert.getLength() ) ; 481cdf0e10cSrcweir } 482cdf0e10cSrcweir } 483cdf0e10cSrcweir 484cdf0e10cSrcweir /* XUnoTunnel */ 485cdf0e10cSrcweir sal_Int64 SAL_CALL X509Certificate_MSCryptImpl :: getSomething( const Sequence< sal_Int8 >& aIdentifier ) throw( RuntimeException ) { 486cdf0e10cSrcweir if( aIdentifier.getLength() == 16 && 0 == rtl_compareMemory( getUnoTunnelId().getConstArray(), aIdentifier.getConstArray(), 16 ) ) { 487cdf0e10cSrcweir return ( sal_Int64 )this ; 488cdf0e10cSrcweir } 489cdf0e10cSrcweir return 0 ; 490cdf0e10cSrcweir } 491cdf0e10cSrcweir 492cdf0e10cSrcweir /* XUnoTunnel extension */ 493cdf0e10cSrcweir const Sequence< sal_Int8>& X509Certificate_MSCryptImpl :: getUnoTunnelId() { 494cdf0e10cSrcweir static Sequence< sal_Int8 >* pSeq = 0 ; 495cdf0e10cSrcweir if( !pSeq ) { 496cdf0e10cSrcweir ::osl::Guard< ::osl::Mutex > aGuard( ::osl::Mutex::getGlobalMutex() ) ; 497cdf0e10cSrcweir if( !pSeq ) { 498cdf0e10cSrcweir static Sequence< sal_Int8> aSeq( 16 ) ; 499cdf0e10cSrcweir rtl_createUuid( ( sal_uInt8* )aSeq.getArray() , 0 , sal_True ) ; 500cdf0e10cSrcweir pSeq = &aSeq ; 501cdf0e10cSrcweir } 502cdf0e10cSrcweir } 503cdf0e10cSrcweir return *pSeq ; 504cdf0e10cSrcweir } 505cdf0e10cSrcweir 506cdf0e10cSrcweir /* XUnoTunnel extension */ 507cdf0e10cSrcweir X509Certificate_MSCryptImpl* X509Certificate_MSCryptImpl :: getImplementation( const Reference< XInterface > xObj ) { 508cdf0e10cSrcweir Reference< XUnoTunnel > xUT( xObj , UNO_QUERY ) ; 509cdf0e10cSrcweir if( xUT.is() ) { 510cdf0e10cSrcweir return ( X509Certificate_MSCryptImpl* )xUT->getSomething( getUnoTunnelId() ) ; 511cdf0e10cSrcweir } else 512cdf0e10cSrcweir return NULL ; 513cdf0e10cSrcweir } 514cdf0e10cSrcweir 515cdf0e10cSrcweir // MM : added by MM 516cdf0e10cSrcweir ::rtl::OUString findOIDDescription(char *oid) 517cdf0e10cSrcweir { 518cdf0e10cSrcweir OUString ouOID = OUString::createFromAscii( oid ); 519cdf0e10cSrcweir for (int i=0; i<nOID; i++) 520cdf0e10cSrcweir { 521cdf0e10cSrcweir OUString item = OUString::createFromAscii( OIDs[i].oid ); 522cdf0e10cSrcweir if (ouOID == item) 523cdf0e10cSrcweir { 524cdf0e10cSrcweir return OUString::createFromAscii( OIDs[i].desc ); 525cdf0e10cSrcweir } 526cdf0e10cSrcweir } 527cdf0e10cSrcweir 528cdf0e10cSrcweir return OUString() ; 529cdf0e10cSrcweir } 530cdf0e10cSrcweir 531cdf0e10cSrcweir ::com::sun::star::uno::Sequence< sal_Int8 > getThumbprint(const CERT_CONTEXT* pCertContext, DWORD dwPropId) 532cdf0e10cSrcweir { 533cdf0e10cSrcweir if( pCertContext != NULL ) 534cdf0e10cSrcweir { 535cdf0e10cSrcweir DWORD cbData = 20; 536cdf0e10cSrcweir unsigned char fingerprint[20]; 537cdf0e10cSrcweir if (CertGetCertificateContextProperty(pCertContext, dwPropId, (void*)fingerprint, &cbData)) 538cdf0e10cSrcweir { 539cdf0e10cSrcweir Sequence< sal_Int8 > thumbprint( cbData ) ; 540cdf0e10cSrcweir for( unsigned int i = 0 ; i < cbData ; i ++ ) 541cdf0e10cSrcweir { 542cdf0e10cSrcweir thumbprint[i] = fingerprint[i]; 543cdf0e10cSrcweir } 544cdf0e10cSrcweir 545cdf0e10cSrcweir return thumbprint; 546cdf0e10cSrcweir } 547cdf0e10cSrcweir else 548cdf0e10cSrcweir { 549cdf0e10cSrcweir DWORD e = GetLastError(); 550cdf0e10cSrcweir cbData = e; 551cdf0e10cSrcweir } 552cdf0e10cSrcweir } 553cdf0e10cSrcweir 554cdf0e10cSrcweir return Sequence< sal_Int8 >(); 555cdf0e10cSrcweir } 556cdf0e10cSrcweir 557cdf0e10cSrcweir ::rtl::OUString SAL_CALL X509Certificate_MSCryptImpl::getSubjectPublicKeyAlgorithm() 558cdf0e10cSrcweir throw ( ::com::sun::star::uno::RuntimeException) 559cdf0e10cSrcweir { 560cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) 561cdf0e10cSrcweir { 562cdf0e10cSrcweir CRYPT_ALGORITHM_IDENTIFIER algorithm = m_pCertContext->pCertInfo->SubjectPublicKeyInfo.Algorithm; 563cdf0e10cSrcweir return findOIDDescription( algorithm.pszObjId ) ; 564cdf0e10cSrcweir } 565cdf0e10cSrcweir else 566cdf0e10cSrcweir { 567cdf0e10cSrcweir return OUString() ; 568cdf0e10cSrcweir } 569cdf0e10cSrcweir } 570cdf0e10cSrcweir 571cdf0e10cSrcweir ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl::getSubjectPublicKeyValue() 572cdf0e10cSrcweir throw ( ::com::sun::star::uno::RuntimeException) 573cdf0e10cSrcweir { 574cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) 575cdf0e10cSrcweir { 576cdf0e10cSrcweir CRYPT_BIT_BLOB publicKey = m_pCertContext->pCertInfo->SubjectPublicKeyInfo.PublicKey; 577cdf0e10cSrcweir 578cdf0e10cSrcweir Sequence< sal_Int8 > key( publicKey.cbData ) ; 579cdf0e10cSrcweir for( unsigned int i = 0 ; i < publicKey.cbData ; i++ ) 580cdf0e10cSrcweir { 581cdf0e10cSrcweir key[i] = *(publicKey.pbData + i) ; 582cdf0e10cSrcweir } 583cdf0e10cSrcweir 584cdf0e10cSrcweir return key; 585cdf0e10cSrcweir } 586cdf0e10cSrcweir else 587cdf0e10cSrcweir { 588cdf0e10cSrcweir return Sequence< sal_Int8 >(); 589cdf0e10cSrcweir } 590cdf0e10cSrcweir } 591cdf0e10cSrcweir 592cdf0e10cSrcweir ::rtl::OUString SAL_CALL X509Certificate_MSCryptImpl::getSignatureAlgorithm() 593cdf0e10cSrcweir throw ( ::com::sun::star::uno::RuntimeException) 594cdf0e10cSrcweir { 595cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) 596cdf0e10cSrcweir { 597cdf0e10cSrcweir CRYPT_ALGORITHM_IDENTIFIER algorithm = m_pCertContext->pCertInfo->SignatureAlgorithm; 598cdf0e10cSrcweir return findOIDDescription( algorithm.pszObjId ) ; 599cdf0e10cSrcweir } 600cdf0e10cSrcweir else 601cdf0e10cSrcweir { 602cdf0e10cSrcweir return OUString() ; 603cdf0e10cSrcweir } 604cdf0e10cSrcweir } 605cdf0e10cSrcweir 606cdf0e10cSrcweir ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl::getSHA1Thumbprint() 607cdf0e10cSrcweir throw ( ::com::sun::star::uno::RuntimeException) 608cdf0e10cSrcweir { 609cdf0e10cSrcweir return getThumbprint(m_pCertContext, CERT_SHA1_HASH_PROP_ID); 610cdf0e10cSrcweir } 611cdf0e10cSrcweir 612cdf0e10cSrcweir ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl::getMD5Thumbprint() 613cdf0e10cSrcweir throw ( ::com::sun::star::uno::RuntimeException) 614cdf0e10cSrcweir { 615cdf0e10cSrcweir return getThumbprint(m_pCertContext, CERT_MD5_HASH_PROP_ID); 616cdf0e10cSrcweir } 617cdf0e10cSrcweir 618cdf0e10cSrcweir sal_Int32 SAL_CALL X509Certificate_MSCryptImpl::getCertificateUsage( ) 619cdf0e10cSrcweir throw ( ::com::sun::star::uno::RuntimeException) 620cdf0e10cSrcweir { 621cdf0e10cSrcweir sal_Int32 usage = 622cdf0e10cSrcweir CERT_DATA_ENCIPHERMENT_KEY_USAGE | 623cdf0e10cSrcweir CERT_DIGITAL_SIGNATURE_KEY_USAGE | 624cdf0e10cSrcweir CERT_KEY_AGREEMENT_KEY_USAGE | 625cdf0e10cSrcweir CERT_KEY_CERT_SIGN_KEY_USAGE | 626cdf0e10cSrcweir CERT_KEY_ENCIPHERMENT_KEY_USAGE | 627cdf0e10cSrcweir CERT_NON_REPUDIATION_KEY_USAGE | 628cdf0e10cSrcweir CERT_OFFLINE_CRL_SIGN_KEY_USAGE; 629cdf0e10cSrcweir 630cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL && m_pCertContext->pCertInfo->cExtension != 0 ) 631cdf0e10cSrcweir { 632cdf0e10cSrcweir CERT_EXTENSION* pExtn = CertFindExtension( 633cdf0e10cSrcweir szOID_KEY_USAGE, 634cdf0e10cSrcweir m_pCertContext->pCertInfo->cExtension, 635cdf0e10cSrcweir m_pCertContext->pCertInfo->rgExtension); 636cdf0e10cSrcweir 637cdf0e10cSrcweir if (pExtn != NULL) 638cdf0e10cSrcweir { 639cdf0e10cSrcweir CERT_KEY_USAGE_RESTRICTION_INFO keyUsage; 640cdf0e10cSrcweir DWORD length = sizeof(CERT_KEY_USAGE_RESTRICTION_INFO); 641cdf0e10cSrcweir 642cdf0e10cSrcweir bool rc = CryptDecodeObject( 643cdf0e10cSrcweir X509_ASN_ENCODING, 644cdf0e10cSrcweir X509_KEY_USAGE, 645cdf0e10cSrcweir pExtn->Value.pbData, 646cdf0e10cSrcweir pExtn->Value.cbData, 647cdf0e10cSrcweir CRYPT_DECODE_NOCOPY_FLAG, 648cdf0e10cSrcweir (void *)&keyUsage, 649cdf0e10cSrcweir &length); 650cdf0e10cSrcweir 651cdf0e10cSrcweir if (rc && keyUsage.RestrictedKeyUsage.cbData!=0) 652cdf0e10cSrcweir { 653cdf0e10cSrcweir usage = (sal_Int32)keyUsage.RestrictedKeyUsage.pbData; 654cdf0e10cSrcweir } 655cdf0e10cSrcweir } 656cdf0e10cSrcweir } 657cdf0e10cSrcweir 658cdf0e10cSrcweir return usage; 659cdf0e10cSrcweir } 660cdf0e10cSrcweir 661cdf0e10cSrcweir // MM : end 662cdf0e10cSrcweir 663