1d0626817SAndrew Rist /************************************************************** 2cdf0e10cSrcweir * 3d0626817SAndrew Rist * Licensed to the Apache Software Foundation (ASF) under one 4d0626817SAndrew Rist * or more contributor license agreements. See the NOTICE file 5d0626817SAndrew Rist * distributed with this work for additional information 6d0626817SAndrew Rist * regarding copyright ownership. The ASF licenses this file 7d0626817SAndrew Rist * to you under the Apache License, Version 2.0 (the 8d0626817SAndrew Rist * "License"); you may not use this file except in compliance 9d0626817SAndrew Rist * with the License. You may obtain a copy of the License at 10cdf0e10cSrcweir * 11d0626817SAndrew Rist * http://www.apache.org/licenses/LICENSE-2.0 12cdf0e10cSrcweir * 13d0626817SAndrew Rist * Unless required by applicable law or agreed to in writing, 14d0626817SAndrew Rist * software distributed under the License is distributed on an 15d0626817SAndrew Rist * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16d0626817SAndrew Rist * KIND, either express or implied. See the License for the 17d0626817SAndrew Rist * specific language governing permissions and limitations 18d0626817SAndrew Rist * under the License. 19cdf0e10cSrcweir * 20d0626817SAndrew Rist *************************************************************/ 21d0626817SAndrew Rist 22d0626817SAndrew Rist 23cdf0e10cSrcweir 24cdf0e10cSrcweir // MARKER(update_precomp.py): autogen include statement, do not remove 25cdf0e10cSrcweir #include "precompiled_xmlsecurity.hxx" 26cdf0e10cSrcweir 27cdf0e10cSrcweir /* 28cdf0e10cSrcweir * Turn off DEBUG Assertions 29cdf0e10cSrcweir */ 30cdf0e10cSrcweir #ifdef _DEBUG 31cdf0e10cSrcweir #define _DEBUG_WAS_DEFINED _DEBUG 32cdf0e10cSrcweir #undef _DEBUG 33cdf0e10cSrcweir #else 34cdf0e10cSrcweir #undef _DEBUG_WAS_DEFINED 35cdf0e10cSrcweir #endif 36cdf0e10cSrcweir 37cdf0e10cSrcweir /* 38cdf0e10cSrcweir * and turn off the additional virtual methods which are part of some interfaces when compiled 39cdf0e10cSrcweir * with debug 40cdf0e10cSrcweir */ 41cdf0e10cSrcweir #ifdef DEBUG 42cdf0e10cSrcweir #define DEBUG_WAS_DEFINED DEBUG 43cdf0e10cSrcweir #undef DEBUG 44cdf0e10cSrcweir #else 45cdf0e10cSrcweir #undef DEBUG_WAS_DEFINED 46cdf0e10cSrcweir #endif 47cdf0e10cSrcweir 48cdf0e10cSrcweir 49cdf0e10cSrcweir #include <com/sun/star/mozilla/XMozillaBootstrap.hpp> 50cdf0e10cSrcweir #include <com/sun/star/xml/crypto/DigestID.hpp> 51cdf0e10cSrcweir #include <com/sun/star/xml/crypto/CipherID.hpp> 52cdf0e10cSrcweir 53cdf0e10cSrcweir #include <sal/types.h> 54cdf0e10cSrcweir #include <rtl/instance.hxx> 55cdf0e10cSrcweir #include <rtl/bootstrap.hxx> 56cdf0e10cSrcweir #include <rtl/string.hxx> 57cdf0e10cSrcweir #include <rtl/strbuf.hxx> 58cdf0e10cSrcweir #include <osl/file.hxx> 59cdf0e10cSrcweir #include <osl/thread.h> 60cdf0e10cSrcweir #include <tools/debug.hxx> 61cdf0e10cSrcweir #include <rtl/logfile.hxx> 62cdf0e10cSrcweir 63cdf0e10cSrcweir #include "seinitializer_nssimpl.hxx" 64cdf0e10cSrcweir #include "../diagnose.hxx" 65cdf0e10cSrcweir 66cdf0e10cSrcweir #include "securityenvironment_nssimpl.hxx" 67cdf0e10cSrcweir #include "digestcontext.hxx" 68cdf0e10cSrcweir #include "ciphercontext.hxx" 69cdf0e10cSrcweir 70cdf0e10cSrcweir #include <nspr.h> 71cdf0e10cSrcweir #include <cert.h> 72cdf0e10cSrcweir #include <nss.h> 73cdf0e10cSrcweir #include <pk11pub.h> 74cdf0e10cSrcweir #include <secmod.h> 75cdf0e10cSrcweir #include <nssckbi.h> 76cdf0e10cSrcweir 77cdf0e10cSrcweir 78cdf0e10cSrcweir namespace css = ::com::sun::star; 79cdf0e10cSrcweir namespace cssu = css::uno; 80cdf0e10cSrcweir namespace cssl = css::lang; 81cdf0e10cSrcweir namespace cssxc = css::xml::crypto; 82cdf0e10cSrcweir 83cdf0e10cSrcweir using namespace xmlsecurity; 84cdf0e10cSrcweir using namespace com::sun::star; 85cdf0e10cSrcweir using ::rtl::OUString; 86cdf0e10cSrcweir using ::rtl::OString; 87cdf0e10cSrcweir 88cdf0e10cSrcweir #define IMPLEMENTATION_NAME "com.sun.star.xml.security.bridge.xmlsec.NSSInitializer_NssImpl" 89cdf0e10cSrcweir 90ff3f4ebcSOliver-Rainer Wittmann #define ROOT_CERTS "Root Certs for Apache OpenOffice" 91cdf0e10cSrcweir 92cdf0e10cSrcweir extern "C" void nsscrypto_finalize(); 93cdf0e10cSrcweir 94cdf0e10cSrcweir 95cdf0e10cSrcweir namespace 96cdf0e10cSrcweir { 97cdf0e10cSrcweir 98cdf0e10cSrcweir bool nsscrypto_initialize( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF, bool & out_nss_init ); 99cdf0e10cSrcweir 100cdf0e10cSrcweir struct InitNSSInitialize 101cdf0e10cSrcweir { 102cdf0e10cSrcweir css::uno::Reference< css::lang::XMultiServiceFactory > mxMSF; 103cdf0e10cSrcweir 104cdf0e10cSrcweir InitNSSInitialize( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF ) 105cdf0e10cSrcweir : mxMSF( xMSF ) 106cdf0e10cSrcweir { 107cdf0e10cSrcweir } 108cdf0e10cSrcweir 109cdf0e10cSrcweir bool * operator()() 110cdf0e10cSrcweir { 111cdf0e10cSrcweir static bool bInitialized = false; 112cdf0e10cSrcweir bool bNSSInit = false; 113cdf0e10cSrcweir bInitialized = nsscrypto_initialize( mxMSF, bNSSInit ); 114cdf0e10cSrcweir if (bNSSInit) 115cdf0e10cSrcweir atexit(nsscrypto_finalize ); 116cdf0e10cSrcweir return & bInitialized; 117cdf0e10cSrcweir } 118cdf0e10cSrcweir }; 119cdf0e10cSrcweir 120cdf0e10cSrcweir struct GetNSSInitStaticMutex 121cdf0e10cSrcweir { 122cdf0e10cSrcweir ::osl::Mutex* operator()() 123cdf0e10cSrcweir { 124cdf0e10cSrcweir static ::osl::Mutex aNSSInitMutex; 125cdf0e10cSrcweir return &aNSSInitMutex; 126cdf0e10cSrcweir } 127cdf0e10cSrcweir }; 128cdf0e10cSrcweir 129cdf0e10cSrcweir void deleteRootsModule() 130cdf0e10cSrcweir { 131cdf0e10cSrcweir SECMODModule *RootsModule = 0; 132cdf0e10cSrcweir SECMODModuleList *list = SECMOD_GetDefaultModuleList(); 133cdf0e10cSrcweir SECMODListLock *lock = SECMOD_GetDefaultModuleListLock(); 134cdf0e10cSrcweir SECMOD_GetReadLock(lock); 135cdf0e10cSrcweir 136cdf0e10cSrcweir while (!RootsModule && list) 137cdf0e10cSrcweir { 138cdf0e10cSrcweir SECMODModule *module = list->module; 139cdf0e10cSrcweir 140cdf0e10cSrcweir for (int i=0; i < module->slotCount; i++) 141cdf0e10cSrcweir { 142cdf0e10cSrcweir PK11SlotInfo *slot = module->slots[i]; 143cdf0e10cSrcweir if (PK11_IsPresent(slot)) 144cdf0e10cSrcweir { 145cdf0e10cSrcweir if (PK11_HasRootCerts(slot)) 146cdf0e10cSrcweir { 147cdf0e10cSrcweir xmlsec_trace("The root certifificates module \"%s" 148cdf0e10cSrcweir "\" is already loaded: \n%s", 149cdf0e10cSrcweir module->commonName, module->dllName); 150cdf0e10cSrcweir 151cdf0e10cSrcweir RootsModule = SECMOD_ReferenceModule(module); 152cdf0e10cSrcweir break; 153cdf0e10cSrcweir } 154cdf0e10cSrcweir } 155cdf0e10cSrcweir } 156cdf0e10cSrcweir list = list->next; 157cdf0e10cSrcweir } 158cdf0e10cSrcweir SECMOD_ReleaseReadLock(lock); 159cdf0e10cSrcweir 160cdf0e10cSrcweir if (RootsModule) 161cdf0e10cSrcweir { 162cdf0e10cSrcweir PRInt32 modType; 163cdf0e10cSrcweir if (SECSuccess == SECMOD_DeleteModule(RootsModule->commonName, &modType)) 164cdf0e10cSrcweir { 165cdf0e10cSrcweir xmlsec_trace("Deleted module \"%s\".", RootsModule->commonName); 166cdf0e10cSrcweir } 167cdf0e10cSrcweir else 168cdf0e10cSrcweir { 169cdf0e10cSrcweir xmlsec_trace("Failed to delete \"%s\" : \n%s", 170cdf0e10cSrcweir RootsModule->commonName, RootsModule->dllName); 171cdf0e10cSrcweir } 172cdf0e10cSrcweir SECMOD_DestroyModule(RootsModule); 173cdf0e10cSrcweir RootsModule = 0; 174cdf0e10cSrcweir } 175cdf0e10cSrcweir } 176cdf0e10cSrcweir 177cdf0e10cSrcweir ::rtl::OString getMozillaCurrentProfile( const css::uno::Reference< css::lang::XMultiServiceFactory > &rxMSF ) 178cdf0e10cSrcweir { 179cdf0e10cSrcweir ::rtl::OString sResult; 180cdf0e10cSrcweir // first, try to get the profile from "MOZILLA_CERTIFICATE_FOLDER" 181cdf0e10cSrcweir char* pEnv = getenv( "MOZILLA_CERTIFICATE_FOLDER" ); 182cdf0e10cSrcweir if ( pEnv ) 183cdf0e10cSrcweir { 184cdf0e10cSrcweir sResult = ::rtl::OString( pEnv ); 185cdf0e10cSrcweir RTL_LOGFILE_PRODUCT_TRACE1( "XMLSEC: Using env MOZILLA_CERTIFICATE_FOLDER: %s", sResult.getStr() ); 186cdf0e10cSrcweir } 187cdf0e10cSrcweir else 188cdf0e10cSrcweir { 189cdf0e10cSrcweir mozilla::MozillaProductType productTypes[4] = { 190cdf0e10cSrcweir mozilla::MozillaProductType_Thunderbird, 191cdf0e10cSrcweir mozilla::MozillaProductType_Mozilla, 192cdf0e10cSrcweir mozilla::MozillaProductType_Firefox, 193cdf0e10cSrcweir mozilla::MozillaProductType_Default }; 194cdf0e10cSrcweir int nProduct = 4; 195cdf0e10cSrcweir 196cdf0e10cSrcweir uno::Reference<uno::XInterface> xInstance = rxMSF->createInstance( 197cdf0e10cSrcweir ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM("com.sun.star.mozilla.MozillaBootstrap")) ); 198cdf0e10cSrcweir OSL_ENSURE( xInstance.is(), "failed to create instance" ); 199cdf0e10cSrcweir 200cdf0e10cSrcweir uno::Reference<mozilla::XMozillaBootstrap> xMozillaBootstrap 201cdf0e10cSrcweir = uno::Reference<mozilla::XMozillaBootstrap>(xInstance,uno::UNO_QUERY); 202cdf0e10cSrcweir OSL_ENSURE( xMozillaBootstrap.is(), "failed to create instance" ); 203cdf0e10cSrcweir 204cdf0e10cSrcweir if (xMozillaBootstrap.is()) 205cdf0e10cSrcweir { 206cdf0e10cSrcweir for (int i=0; i<nProduct; i++) 207cdf0e10cSrcweir { 208cdf0e10cSrcweir ::rtl::OUString profile = xMozillaBootstrap->getDefaultProfile(productTypes[i]); 209cdf0e10cSrcweir 210cdf0e10cSrcweir if (profile != NULL && profile.getLength()>0) 211cdf0e10cSrcweir { 212cdf0e10cSrcweir ::rtl::OUString sProfilePath = xMozillaBootstrap->getProfilePath( productTypes[i], profile ); 213cdf0e10cSrcweir sResult = ::rtl::OUStringToOString( sProfilePath, osl_getThreadTextEncoding() ); 214cdf0e10cSrcweir RTL_LOGFILE_PRODUCT_TRACE1( "XMLSEC: Using Mozilla Profile: %s", sResult.getStr() ); 215cdf0e10cSrcweir } 216cdf0e10cSrcweir } 217cdf0e10cSrcweir } 218cdf0e10cSrcweir 219cdf0e10cSrcweir RTL_LOGFILE_PRODUCT_TRACE( "XMLSEC: No Mozilla Profile found!" ); 220cdf0e10cSrcweir } 221cdf0e10cSrcweir 222cdf0e10cSrcweir return sResult; 223cdf0e10cSrcweir } 224cdf0e10cSrcweir 225cdf0e10cSrcweir //Older versions of Firefox (FF), for example FF2, and Thunderbird (TB) 2 write 226cdf0e10cSrcweir //the roots certificate module (libnssckbi.so), which they use, into the 227cdf0e10cSrcweir //profile. This module will then already be loaded during NSS_Init (and the 228cdf0e10cSrcweir //other init functions). This fails in two cases. First, FF3 was used to create 229cdf0e10cSrcweir //the profile, or possibly used that profile before, and second the profile was 230cdf0e10cSrcweir //used on a different platform. 231cdf0e10cSrcweir // 232cdf0e10cSrcweir //Then one needs to add the roots module oneself. This should be done with 233cdf0e10cSrcweir //SECMOD_LoadUserModule rather then SECMOD_AddNewModule. The latter would write 234cdf0e10cSrcweir //the location of the roots module to the profile, which makes FF2 and TB2 use 235cdf0e10cSrcweir //it instead of there own module. 236cdf0e10cSrcweir // 2371b373359SDamjan Jovanovic //When using SYSTEM_NSS then the libnss3.so lib is typically found in 238cdf0e10cSrcweir ///usr/lib. This folder may, however, NOT contain the roots certificate 239cdf0e10cSrcweir //module. That is, just providing the library name in SECMOD_LoadUserModule or 240cdf0e10cSrcweir //SECMOD_AddNewModule will FAIL to load the mozilla unless the LD_LIBRARY_PATH 241cdf0e10cSrcweir //contains an FF or TB installation. 242cdf0e10cSrcweir //ATTENTION: DO NOT call this function directly instead use initNSS 243cdf0e10cSrcweir //return true - whole initialization was successful 244cdf0e10cSrcweir //param out_nss_init = true: at least the NSS initialization (NSS_InitReadWrite 245cdf0e10cSrcweir //was successful and therefor NSS_Shutdown should be called when terminating. 246cdf0e10cSrcweir bool nsscrypto_initialize( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF, bool & out_nss_init ) 247cdf0e10cSrcweir { 248cdf0e10cSrcweir bool return_value = true; 249cdf0e10cSrcweir 250cdf0e10cSrcweir // this method must be called only once, no need for additional lock 251cdf0e10cSrcweir rtl::OString sCertDir; 252cdf0e10cSrcweir 253cdf0e10cSrcweir (void) xMSF; 254cdf0e10cSrcweir #ifdef XMLSEC_CRYPTO_NSS 255cdf0e10cSrcweir if ( xMSF.is() ) 256cdf0e10cSrcweir sCertDir = getMozillaCurrentProfile( xMSF ); 257cdf0e10cSrcweir #endif 258cdf0e10cSrcweir xmlsec_trace( "Using profile: %s", sCertDir.getStr() ); 259cdf0e10cSrcweir 260cdf0e10cSrcweir PR_Init( PR_USER_THREAD, PR_PRIORITY_NORMAL, 1 ) ; 261cdf0e10cSrcweir 262cdf0e10cSrcweir // there might be no profile 263cdf0e10cSrcweir if ( sCertDir.getLength() > 0 ) 264cdf0e10cSrcweir { 265cdf0e10cSrcweir if( NSS_InitReadWrite( sCertDir.getStr() ) != SECSuccess ) 266cdf0e10cSrcweir { 267cdf0e10cSrcweir xmlsec_trace("Initializing NSS with profile failed."); 268*cf2339f9SDamjan Jovanovic PRInt32 errorLength = PR_GetErrorTextLength(); 269*cf2339f9SDamjan Jovanovic char *error = new char[errorLength + 1]; 270*cf2339f9SDamjan Jovanovic error[0] = '\0'; // as per https://bugzilla.mozilla.org/show_bug.cgi?id=538940 271cdf0e10cSrcweir PR_GetErrorText(error); 272*cf2339f9SDamjan Jovanovic if (error[0]) 273cdf0e10cSrcweir xmlsec_trace("%s",error); 274*cf2339f9SDamjan Jovanovic delete[] error; 275cdf0e10cSrcweir return false ; 276cdf0e10cSrcweir } 277cdf0e10cSrcweir } 278cdf0e10cSrcweir else 279cdf0e10cSrcweir { 280cdf0e10cSrcweir xmlsec_trace("Initializing NSS without profile."); 281cdf0e10cSrcweir if ( NSS_NoDB_Init(NULL) != SECSuccess ) 282cdf0e10cSrcweir { 283cdf0e10cSrcweir xmlsec_trace("Initializing NSS without profile failed."); 284*cf2339f9SDamjan Jovanovic PRInt32 errorLength = PR_GetErrorTextLength(); 285*cf2339f9SDamjan Jovanovic char *error = new char[errorLength + 1]; 286*cf2339f9SDamjan Jovanovic error[0] = '\0'; 287cdf0e10cSrcweir PR_GetErrorText(error); 288*cf2339f9SDamjan Jovanovic if (error[0]) 289cdf0e10cSrcweir xmlsec_trace("%s",error); 290*cf2339f9SDamjan Jovanovic delete[] error; 291cdf0e10cSrcweir return false ; 292cdf0e10cSrcweir } 293cdf0e10cSrcweir } 294cdf0e10cSrcweir out_nss_init = true; 295cdf0e10cSrcweir 296cdf0e10cSrcweir #ifdef XMLSEC_CRYPTO_NSS 2971b373359SDamjan Jovanovic #if defined SYSTEM_NSS 298cdf0e10cSrcweir if (!SECMOD_HasRootCerts()) 299cdf0e10cSrcweir { 300cdf0e10cSrcweir #endif 301cdf0e10cSrcweir deleteRootsModule(); 302cdf0e10cSrcweir 30366d4592eSYuri Dario #if defined OS2 30466d4592eSYuri Dario // YD the nss system dlls names are ending with 'k' 30566d4592eSYuri Dario OUString rootModule(RTL_CONSTASCII_USTRINGPARAM( "nssckbik" SAL_DLLEXTENSION)); 3061b373359SDamjan Jovanovic #elif defined SYSTEM_NSS 307cdf0e10cSrcweir OUString rootModule(RTL_CONSTASCII_USTRINGPARAM( "libnssckbi" SAL_DLLEXTENSION)); 308cdf0e10cSrcweir #else 309cdf0e10cSrcweir OUString rootModule(RTL_CONSTASCII_USTRINGPARAM( "${OOO_BASE_DIR}/program/libnssckbi" SAL_DLLEXTENSION)); 310cdf0e10cSrcweir #endif 311cdf0e10cSrcweir ::rtl::Bootstrap::expandMacros(rootModule); 312cdf0e10cSrcweir 313cdf0e10cSrcweir OUString rootModulePath; 314cdf0e10cSrcweir if (::osl::File::E_None == ::osl::File::getSystemPathFromFileURL(rootModule, rootModulePath)) 315cdf0e10cSrcweir { 316cdf0e10cSrcweir ::rtl::OString ospath = ::rtl::OUStringToOString(rootModulePath, osl_getThreadTextEncoding()); 317cdf0e10cSrcweir ::rtl::OStringBuffer pkcs11moduleSpec; 318cdf0e10cSrcweir pkcs11moduleSpec.append("name=\""); 319cdf0e10cSrcweir pkcs11moduleSpec.append(ROOT_CERTS); 320cdf0e10cSrcweir pkcs11moduleSpec.append("\" library=\""); 321cdf0e10cSrcweir pkcs11moduleSpec.append(ospath.getStr()); 322cdf0e10cSrcweir pkcs11moduleSpec.append("\""); 323cdf0e10cSrcweir 324cdf0e10cSrcweir SECMODModule * RootsModule = 325cdf0e10cSrcweir SECMOD_LoadUserModule( 326cdf0e10cSrcweir const_cast<char*>(pkcs11moduleSpec.makeStringAndClear().getStr()), 327cdf0e10cSrcweir 0, // no parent 328cdf0e10cSrcweir PR_FALSE); // do not recurse 329cdf0e10cSrcweir 330cdf0e10cSrcweir if (RootsModule) 331cdf0e10cSrcweir { 332cdf0e10cSrcweir 333cdf0e10cSrcweir bool found = RootsModule->loaded; 334cdf0e10cSrcweir 335cdf0e10cSrcweir SECMOD_DestroyModule(RootsModule); 336cdf0e10cSrcweir RootsModule = 0; 337cdf0e10cSrcweir if (found) 338cdf0e10cSrcweir xmlsec_trace("Added new root certificate module " 339cdf0e10cSrcweir "\"" ROOT_CERTS "\" contained in \n%s", ospath.getStr()); 340cdf0e10cSrcweir else 341cdf0e10cSrcweir { 342cdf0e10cSrcweir xmlsec_trace("FAILED to load the new root certificate module " 343cdf0e10cSrcweir "\"" ROOT_CERTS "\" contained in \n%s", ospath.getStr()); 344cdf0e10cSrcweir return_value = false; 345cdf0e10cSrcweir } 346cdf0e10cSrcweir } 347cdf0e10cSrcweir else 348cdf0e10cSrcweir { 349cdf0e10cSrcweir xmlsec_trace("FAILED to add new root certifice module: " 350cdf0e10cSrcweir "\"" ROOT_CERTS "\" contained in \n%s", ospath.getStr()); 351cdf0e10cSrcweir return_value = false; 352cdf0e10cSrcweir 353cdf0e10cSrcweir } 354cdf0e10cSrcweir } 355cdf0e10cSrcweir else 356cdf0e10cSrcweir { 357cdf0e10cSrcweir xmlsec_trace("Adding new root certificate module failed."); 358cdf0e10cSrcweir return_value = false; 359cdf0e10cSrcweir } 3601b373359SDamjan Jovanovic #if SYSTEM_NSS 361cdf0e10cSrcweir } 362cdf0e10cSrcweir #endif 363cdf0e10cSrcweir #endif 364cdf0e10cSrcweir 365cdf0e10cSrcweir return return_value; 366cdf0e10cSrcweir } 367cdf0e10cSrcweir 368cdf0e10cSrcweir 369cdf0e10cSrcweir // must be extern "C" because we pass the function pointer to atexit 370cdf0e10cSrcweir extern "C" void nsscrypto_finalize() 371cdf0e10cSrcweir { 372cdf0e10cSrcweir SECMODModule *RootsModule = SECMOD_FindModule(ROOT_CERTS); 373cdf0e10cSrcweir 374cdf0e10cSrcweir if (RootsModule) 375cdf0e10cSrcweir { 376cdf0e10cSrcweir 377cdf0e10cSrcweir if (SECSuccess == SECMOD_UnloadUserModule(RootsModule)) 378cdf0e10cSrcweir { 379cdf0e10cSrcweir xmlsec_trace( "Unloaded module \"" ROOT_CERTS "\"."); 380cdf0e10cSrcweir } 381cdf0e10cSrcweir else 382cdf0e10cSrcweir { 383cdf0e10cSrcweir xmlsec_trace( "Failed unloadeding module \"" ROOT_CERTS "\"."); 384cdf0e10cSrcweir } 385cdf0e10cSrcweir SECMOD_DestroyModule(RootsModule); 386cdf0e10cSrcweir } 387cdf0e10cSrcweir else 388cdf0e10cSrcweir { 389cdf0e10cSrcweir xmlsec_trace( "Unloading module \"" ROOT_CERTS 390cdf0e10cSrcweir "\" failed because it was not found."); 391cdf0e10cSrcweir } 392cdf0e10cSrcweir PK11_LogoutAll(); 393cdf0e10cSrcweir NSS_Shutdown(); 394cdf0e10cSrcweir } 395cdf0e10cSrcweir } // namespace 396cdf0e10cSrcweir 397cdf0e10cSrcweir ONSSInitializer::ONSSInitializer( 398cdf0e10cSrcweir const css::uno::Reference< css::lang::XMultiServiceFactory > &rxMSF) 399cdf0e10cSrcweir :mxMSF( rxMSF ) 400cdf0e10cSrcweir { 401cdf0e10cSrcweir } 402cdf0e10cSrcweir 403cdf0e10cSrcweir ONSSInitializer::~ONSSInitializer() 404cdf0e10cSrcweir { 405cdf0e10cSrcweir } 406cdf0e10cSrcweir 407cdf0e10cSrcweir bool ONSSInitializer::initNSS( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF ) 408cdf0e10cSrcweir { 409cdf0e10cSrcweir return *rtl_Instance< bool, InitNSSInitialize, ::osl::MutexGuard, GetNSSInitStaticMutex > 410cdf0e10cSrcweir ::create( InitNSSInitialize( xMSF ), GetNSSInitStaticMutex() ); 411cdf0e10cSrcweir } 412cdf0e10cSrcweir 413cdf0e10cSrcweir css::uno::Reference< css::xml::crypto::XDigestContext > SAL_CALL ONSSInitializer::getDigestContext( ::sal_Int32 nDigestID, const css::uno::Sequence< css::beans::NamedValue >& aParams ) 414cdf0e10cSrcweir throw (css::lang::IllegalArgumentException, css::uno::RuntimeException) 415cdf0e10cSrcweir { 416cdf0e10cSrcweir SECOidTag nNSSDigestID = SEC_OID_UNKNOWN; 417cdf0e10cSrcweir sal_Int32 nDigestLength = 0; 418cdf0e10cSrcweir bool b1KData = false; 419cdf0e10cSrcweir if ( nDigestID == css::xml::crypto::DigestID::SHA256 420cdf0e10cSrcweir || nDigestID == css::xml::crypto::DigestID::SHA256_1K ) 421cdf0e10cSrcweir { 422cdf0e10cSrcweir nNSSDigestID = SEC_OID_SHA256; 423cdf0e10cSrcweir nDigestLength = 32; 424cdf0e10cSrcweir b1KData = ( nDigestID == css::xml::crypto::DigestID::SHA256_1K ); 425cdf0e10cSrcweir } 426cdf0e10cSrcweir else if ( nDigestID == css::xml::crypto::DigestID::SHA1 427cdf0e10cSrcweir || nDigestID == css::xml::crypto::DigestID::SHA1_1K ) 428cdf0e10cSrcweir { 429cdf0e10cSrcweir nNSSDigestID = SEC_OID_SHA1; 430cdf0e10cSrcweir nDigestLength = 20; 431cdf0e10cSrcweir b1KData = ( nDigestID == css::xml::crypto::DigestID::SHA1_1K ); 432cdf0e10cSrcweir } 433cdf0e10cSrcweir else 434cdf0e10cSrcweir throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected digest requested." ) ), css::uno::Reference< css::uno::XInterface >(), 1 ); 435cdf0e10cSrcweir 436cdf0e10cSrcweir if ( aParams.getLength() ) 437cdf0e10cSrcweir throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected arguments provided for digest creation." ) ), css::uno::Reference< css::uno::XInterface >(), 2 ); 438cdf0e10cSrcweir 439cdf0e10cSrcweir css::uno::Reference< css::xml::crypto::XDigestContext > xResult; 440cdf0e10cSrcweir if( initNSS( mxMSF ) ) 441cdf0e10cSrcweir { 442cdf0e10cSrcweir PK11Context* pContext = PK11_CreateDigestContext( nNSSDigestID ); 443cdf0e10cSrcweir if ( pContext && PK11_DigestBegin( pContext ) == SECSuccess ) 444cdf0e10cSrcweir xResult = new ODigestContext( pContext, nDigestLength, b1KData ); 445cdf0e10cSrcweir } 446cdf0e10cSrcweir 447cdf0e10cSrcweir return xResult; 448cdf0e10cSrcweir } 449cdf0e10cSrcweir 450cdf0e10cSrcweir css::uno::Reference< css::xml::crypto::XCipherContext > SAL_CALL ONSSInitializer::getCipherContext( ::sal_Int32 nCipherID, const css::uno::Sequence< ::sal_Int8 >& aKey, const css::uno::Sequence< ::sal_Int8 >& aInitializationVector, ::sal_Bool bEncryption, const css::uno::Sequence< css::beans::NamedValue >& aParams ) 451cdf0e10cSrcweir throw (css::lang::IllegalArgumentException, css::uno::RuntimeException) 452cdf0e10cSrcweir { 453cdf0e10cSrcweir CK_MECHANISM_TYPE nNSSCipherID = 0; 454cdf0e10cSrcweir bool bW3CPadding = false; 455cdf0e10cSrcweir if ( nCipherID == css::xml::crypto::CipherID::AES_CBC_W3C_PADDING ) 456cdf0e10cSrcweir { 457cdf0e10cSrcweir nNSSCipherID = CKM_AES_CBC; 458cdf0e10cSrcweir bW3CPadding = true; 459cdf0e10cSrcweir 460cdf0e10cSrcweir if ( aKey.getLength() != 16 && aKey.getLength() != 24 && aKey.getLength() != 32 ) 461cdf0e10cSrcweir throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected key length." ) ), css::uno::Reference< css::uno::XInterface >(), 2 ); 462cdf0e10cSrcweir 463cdf0e10cSrcweir if ( aParams.getLength() ) 464cdf0e10cSrcweir throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected arguments provided for cipher creation." ) ), css::uno::Reference< css::uno::XInterface >(), 5 ); 465cdf0e10cSrcweir } 466cdf0e10cSrcweir else 467cdf0e10cSrcweir throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected cipher requested." ) ), css::uno::Reference< css::uno::XInterface >(), 1 ); 468cdf0e10cSrcweir 469cdf0e10cSrcweir css::uno::Reference< css::xml::crypto::XCipherContext > xResult; 470cdf0e10cSrcweir if( initNSS( mxMSF ) ) 471cdf0e10cSrcweir { 472cdf0e10cSrcweir if ( aInitializationVector.getLength() != PK11_GetIVLength( nNSSCipherID ) ) 473cdf0e10cSrcweir throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected length of initialization vector." ) ), css::uno::Reference< css::uno::XInterface >(), 3 ); 474cdf0e10cSrcweir 475cdf0e10cSrcweir xResult = OCipherContext::Create( nNSSCipherID, aKey, aInitializationVector, bEncryption, bW3CPadding ); 476cdf0e10cSrcweir } 477cdf0e10cSrcweir 478cdf0e10cSrcweir return xResult; 479cdf0e10cSrcweir } 480cdf0e10cSrcweir 481cdf0e10cSrcweir rtl::OUString ONSSInitializer_getImplementationName () 482cdf0e10cSrcweir throw (cssu::RuntimeException) 483cdf0e10cSrcweir { 484cdf0e10cSrcweir 485cdf0e10cSrcweir return rtl::OUString ( RTL_CONSTASCII_USTRINGPARAM ( IMPLEMENTATION_NAME ) ); 486cdf0e10cSrcweir } 487cdf0e10cSrcweir 488cdf0e10cSrcweir sal_Bool SAL_CALL ONSSInitializer_supportsService( const rtl::OUString& ServiceName ) 489cdf0e10cSrcweir throw (cssu::RuntimeException) 490cdf0e10cSrcweir { 491cdf0e10cSrcweir return ServiceName.equalsAsciiL( RTL_CONSTASCII_STRINGPARAM ( NSS_SERVICE_NAME )); 492cdf0e10cSrcweir } 493cdf0e10cSrcweir 494cdf0e10cSrcweir cssu::Sequence< rtl::OUString > SAL_CALL ONSSInitializer_getSupportedServiceNames( ) 495cdf0e10cSrcweir throw (cssu::RuntimeException) 496cdf0e10cSrcweir { 497cdf0e10cSrcweir cssu::Sequence < rtl::OUString > aRet(1); 498cdf0e10cSrcweir rtl::OUString* pArray = aRet.getArray(); 499cdf0e10cSrcweir pArray[0] = rtl::OUString ( RTL_CONSTASCII_USTRINGPARAM ( NSS_SERVICE_NAME ) ); 500cdf0e10cSrcweir return aRet; 501cdf0e10cSrcweir } 502cdf0e10cSrcweir 503cdf0e10cSrcweir cssu::Reference< cssu::XInterface > SAL_CALL ONSSInitializer_createInstance( const cssu::Reference< cssl::XMultiServiceFactory > & rSMgr) 504cdf0e10cSrcweir throw( cssu::Exception ) 505cdf0e10cSrcweir { 506cdf0e10cSrcweir return (cppu::OWeakObject*) new ONSSInitializer( rSMgr ); 507cdf0e10cSrcweir } 508cdf0e10cSrcweir 509cdf0e10cSrcweir /* XServiceInfo */ 510cdf0e10cSrcweir rtl::OUString SAL_CALL ONSSInitializer::getImplementationName() 511cdf0e10cSrcweir throw (cssu::RuntimeException) 512cdf0e10cSrcweir { 513cdf0e10cSrcweir return ONSSInitializer_getImplementationName(); 514cdf0e10cSrcweir } 515cdf0e10cSrcweir sal_Bool SAL_CALL ONSSInitializer::supportsService( const rtl::OUString& rServiceName ) 516cdf0e10cSrcweir throw (cssu::RuntimeException) 517cdf0e10cSrcweir { 518cdf0e10cSrcweir return ONSSInitializer_supportsService( rServiceName ); 519cdf0e10cSrcweir } 520cdf0e10cSrcweir cssu::Sequence< rtl::OUString > SAL_CALL ONSSInitializer::getSupportedServiceNames( ) 521cdf0e10cSrcweir throw (cssu::RuntimeException) 522cdf0e10cSrcweir { 523cdf0e10cSrcweir return ONSSInitializer_getSupportedServiceNames(); 524cdf0e10cSrcweir } 525cdf0e10cSrcweir 526