1*06b3ce53SAndrew Rist /************************************************************** 2cdf0e10cSrcweir * 3*06b3ce53SAndrew Rist * Licensed to the Apache Software Foundation (ASF) under one 4*06b3ce53SAndrew Rist * or more contributor license agreements. See the NOTICE file 5*06b3ce53SAndrew Rist * distributed with this work for additional information 6*06b3ce53SAndrew Rist * regarding copyright ownership. The ASF licenses this file 7*06b3ce53SAndrew Rist * to you under the Apache License, Version 2.0 (the 8*06b3ce53SAndrew Rist * "License"); you may not use this file except in compliance 9*06b3ce53SAndrew Rist * with the License. You may obtain a copy of the License at 10cdf0e10cSrcweir * 11*06b3ce53SAndrew Rist * http://www.apache.org/licenses/LICENSE-2.0 12cdf0e10cSrcweir * 13*06b3ce53SAndrew Rist * Unless required by applicable law or agreed to in writing, 14*06b3ce53SAndrew Rist * software distributed under the License is distributed on an 15*06b3ce53SAndrew Rist * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16*06b3ce53SAndrew Rist * KIND, either express or implied. See the License for the 17*06b3ce53SAndrew Rist * specific language governing permissions and limitations 18*06b3ce53SAndrew Rist * under the License. 19cdf0e10cSrcweir * 20*06b3ce53SAndrew Rist *************************************************************/ 21*06b3ce53SAndrew Rist 22*06b3ce53SAndrew Rist 23cdf0e10cSrcweir 24cdf0e10cSrcweir // MARKER(update_precomp.py): autogen include statement, do not remove 25cdf0e10cSrcweir #include "precompiled_xmlsecurity.hxx" 26cdf0e10cSrcweir 27cdf0e10cSrcweir 28e00f6fb2SPedro Giffuni #ifndef __nssrenam_h_ 29e00f6fb2SPedro Giffuni #define CERT_DecodeDERCertificate __CERT_DecodeDERCertificate 30e00f6fb2SPedro Giffuni #endif /* __nssrenam_h_ */ 31cdf0e10cSrcweir 32cdf0e10cSrcweir #include "nspr.h" 33cdf0e10cSrcweir #include "nss.h" 34cdf0e10cSrcweir #include "secder.h" 35cdf0e10cSrcweir 36cdf0e10cSrcweir //MM : added by MM 37cdf0e10cSrcweir #include "hasht.h" 38cdf0e10cSrcweir #include "secoid.h" 39cdf0e10cSrcweir #include "pk11func.h" 40cdf0e10cSrcweir //MM : end 41cdf0e10cSrcweir 42cdf0e10cSrcweir 43cdf0e10cSrcweir 44cdf0e10cSrcweir #include <sal/config.h> 45cdf0e10cSrcweir #include <rtl/uuid.h> 46cdf0e10cSrcweir #include "x509certificate_nssimpl.hxx" 47cdf0e10cSrcweir 48cdf0e10cSrcweir #ifndef _CERTIFICATEEXTENSION_NSSIMPL_HXX_ 49cdf0e10cSrcweir #include "certificateextension_xmlsecimpl.hxx" 50cdf0e10cSrcweir #endif 51cdf0e10cSrcweir 52cdf0e10cSrcweir #ifndef _SANEXTENSION_NSSIMPL_HXX_ 53cdf0e10cSrcweir #include "sanextension_nssimpl.hxx" 54cdf0e10cSrcweir #endif 55cdf0e10cSrcweir 56cdf0e10cSrcweir using namespace ::com::sun::star::uno ; 57cdf0e10cSrcweir using namespace ::com::sun::star::security ; 58cdf0e10cSrcweir using ::rtl::OUString ; 59cdf0e10cSrcweir 60cdf0e10cSrcweir using ::com::sun::star::security::XCertificate ; 61cdf0e10cSrcweir using ::com::sun::star::util::DateTime ; 62cdf0e10cSrcweir 63cdf0e10cSrcweir X509Certificate_NssImpl :: X509Certificate_NssImpl() : 64cdf0e10cSrcweir m_pCert( NULL ) 65cdf0e10cSrcweir { 66cdf0e10cSrcweir } 67cdf0e10cSrcweir 68cdf0e10cSrcweir X509Certificate_NssImpl :: ~X509Certificate_NssImpl() { 69cdf0e10cSrcweir if( m_pCert != NULL ) { 70cdf0e10cSrcweir CERT_DestroyCertificate( m_pCert ) ; 71cdf0e10cSrcweir } 72cdf0e10cSrcweir } 73cdf0e10cSrcweir 74cdf0e10cSrcweir //Methods from XCertificate 75cdf0e10cSrcweir sal_Int16 SAL_CALL X509Certificate_NssImpl :: getVersion() throw ( ::com::sun::star::uno::RuntimeException) { 76cdf0e10cSrcweir if( m_pCert != NULL ) { 77cdf0e10cSrcweir if( m_pCert->version.len > 0 ) { 78cdf0e10cSrcweir return ( char )*( m_pCert->version.data ) ; 79cdf0e10cSrcweir } else 80cdf0e10cSrcweir return 0 ; 81cdf0e10cSrcweir } else { 82cdf0e10cSrcweir return -1 ; 83cdf0e10cSrcweir } 84cdf0e10cSrcweir } 85cdf0e10cSrcweir 86cdf0e10cSrcweir ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl :: getSerialNumber() throw ( ::com::sun::star::uno::RuntimeException) { 87cdf0e10cSrcweir if( m_pCert != NULL && m_pCert->serialNumber.len > 0 ) { 88cdf0e10cSrcweir Sequence< sal_Int8 > serial( m_pCert->serialNumber.len ) ; 89cdf0e10cSrcweir for( unsigned int i = 0 ; i < m_pCert->serialNumber.len ; i ++ ) 90cdf0e10cSrcweir serial[i] = *( m_pCert->serialNumber.data + i ) ; 91cdf0e10cSrcweir 92cdf0e10cSrcweir return serial ; 93cdf0e10cSrcweir } else { 94cdf0e10cSrcweir return ::com::sun::star::uno::Sequence< sal_Int8 >(); 95cdf0e10cSrcweir } 96cdf0e10cSrcweir } 97cdf0e10cSrcweir 98cdf0e10cSrcweir ::rtl::OUString SAL_CALL X509Certificate_NssImpl :: getIssuerName() throw ( ::com::sun::star::uno::RuntimeException) { 99cdf0e10cSrcweir if( m_pCert != NULL ) { 100cdf0e10cSrcweir return OUString(m_pCert->issuerName , PL_strlen(m_pCert->issuerName) , RTL_TEXTENCODING_UTF8) ; 101cdf0e10cSrcweir } else { 102cdf0e10cSrcweir return OUString() ; 103cdf0e10cSrcweir } 104cdf0e10cSrcweir } 105cdf0e10cSrcweir 106cdf0e10cSrcweir ::rtl::OUString SAL_CALL X509Certificate_NssImpl :: getSubjectName() throw ( ::com::sun::star::uno::RuntimeException) { 107cdf0e10cSrcweir if( m_pCert != NULL ) { 108cdf0e10cSrcweir return OUString(m_pCert->subjectName , PL_strlen(m_pCert->subjectName) , RTL_TEXTENCODING_UTF8); 109cdf0e10cSrcweir } else { 110cdf0e10cSrcweir return OUString() ; 111cdf0e10cSrcweir } 112cdf0e10cSrcweir } 113cdf0e10cSrcweir 114cdf0e10cSrcweir ::com::sun::star::util::DateTime SAL_CALL X509Certificate_NssImpl :: getNotValidBefore() throw ( ::com::sun::star::uno::RuntimeException) { 115cdf0e10cSrcweir if( m_pCert != NULL ) { 116cdf0e10cSrcweir SECStatus rv ; 117cdf0e10cSrcweir PRTime notBefore ; 118cdf0e10cSrcweir PRExplodedTime explTime ; 119cdf0e10cSrcweir DateTime dateTime ; 120cdf0e10cSrcweir 121cdf0e10cSrcweir rv = DER_DecodeTimeChoice( ¬Before, &m_pCert->validity.notBefore ) ; 122cdf0e10cSrcweir if( rv ) { 123cdf0e10cSrcweir return DateTime() ; 124cdf0e10cSrcweir } 125cdf0e10cSrcweir 126cdf0e10cSrcweir //Convert the time to readable local time 127cdf0e10cSrcweir PR_ExplodeTime( notBefore, PR_LocalTimeParameters, &explTime ) ; 128cdf0e10cSrcweir 129cdf0e10cSrcweir dateTime.HundredthSeconds = static_cast< sal_Int16 >( explTime.tm_usec / 1000 ); 130cdf0e10cSrcweir dateTime.Seconds = static_cast< sal_Int16 >( explTime.tm_sec ); 131cdf0e10cSrcweir dateTime.Minutes = static_cast< sal_Int16 >( explTime.tm_min ); 132cdf0e10cSrcweir dateTime.Hours = static_cast< sal_Int16 >( explTime.tm_hour ); 133cdf0e10cSrcweir dateTime.Day = static_cast< sal_Int16 >( explTime.tm_mday ); 134cdf0e10cSrcweir dateTime.Month = static_cast< sal_Int16 >( explTime.tm_month+1 ); 135cdf0e10cSrcweir dateTime.Year = static_cast< sal_Int16 >( explTime.tm_year ); 136cdf0e10cSrcweir 137cdf0e10cSrcweir return dateTime ; 138cdf0e10cSrcweir } else { 139cdf0e10cSrcweir return DateTime() ; 140cdf0e10cSrcweir } 141cdf0e10cSrcweir } 142cdf0e10cSrcweir 143cdf0e10cSrcweir ::com::sun::star::util::DateTime SAL_CALL X509Certificate_NssImpl :: getNotValidAfter() throw ( ::com::sun::star::uno::RuntimeException) { 144cdf0e10cSrcweir if( m_pCert != NULL ) { 145cdf0e10cSrcweir SECStatus rv ; 146cdf0e10cSrcweir PRTime notAfter ; 147cdf0e10cSrcweir PRExplodedTime explTime ; 148cdf0e10cSrcweir DateTime dateTime ; 149cdf0e10cSrcweir 150cdf0e10cSrcweir rv = DER_DecodeTimeChoice( ¬After, &m_pCert->validity.notAfter ) ; 151cdf0e10cSrcweir if( rv ) { 152cdf0e10cSrcweir return DateTime() ; 153cdf0e10cSrcweir } 154cdf0e10cSrcweir 155cdf0e10cSrcweir //Convert the time to readable local time 156cdf0e10cSrcweir PR_ExplodeTime( notAfter, PR_LocalTimeParameters, &explTime ) ; 157cdf0e10cSrcweir 158cdf0e10cSrcweir dateTime.HundredthSeconds = static_cast< sal_Int16 >( explTime.tm_usec / 1000 ); 159cdf0e10cSrcweir dateTime.Seconds = static_cast< sal_Int16 >( explTime.tm_sec ); 160cdf0e10cSrcweir dateTime.Minutes = static_cast< sal_Int16 >( explTime.tm_min ); 161cdf0e10cSrcweir dateTime.Hours = static_cast< sal_Int16 >( explTime.tm_hour ); 162cdf0e10cSrcweir dateTime.Day = static_cast< sal_Int16 >( explTime.tm_mday ); 163cdf0e10cSrcweir dateTime.Month = static_cast< sal_Int16 >( explTime.tm_month+1 ); 164cdf0e10cSrcweir dateTime.Year = static_cast< sal_Int16 >( explTime.tm_year ); 165cdf0e10cSrcweir 166cdf0e10cSrcweir return dateTime ; 167cdf0e10cSrcweir } else { 168cdf0e10cSrcweir return DateTime() ; 169cdf0e10cSrcweir } 170cdf0e10cSrcweir } 171cdf0e10cSrcweir 172cdf0e10cSrcweir ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl :: getIssuerUniqueID() throw ( ::com::sun::star::uno::RuntimeException) { 173cdf0e10cSrcweir if( m_pCert != NULL && m_pCert->issuerID.len > 0 ) { 174cdf0e10cSrcweir Sequence< sal_Int8 > issuerUid( m_pCert->issuerID.len ) ; 175cdf0e10cSrcweir for( unsigned int i = 0 ; i < m_pCert->issuerID.len ; i ++ ) 176cdf0e10cSrcweir issuerUid[i] = *( m_pCert->issuerID.data + i ) ; 177cdf0e10cSrcweir 178cdf0e10cSrcweir return issuerUid ; 179cdf0e10cSrcweir } else { 180cdf0e10cSrcweir return ::com::sun::star::uno::Sequence< sal_Int8 >(); 181cdf0e10cSrcweir } 182cdf0e10cSrcweir } 183cdf0e10cSrcweir 184cdf0e10cSrcweir ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl :: getSubjectUniqueID() throw ( ::com::sun::star::uno::RuntimeException) { 185cdf0e10cSrcweir if( m_pCert != NULL && m_pCert->subjectID.len > 0 ) { 186cdf0e10cSrcweir Sequence< sal_Int8 > subjectUid( m_pCert->subjectID.len ) ; 187cdf0e10cSrcweir for( unsigned int i = 0 ; i < m_pCert->subjectID.len ; i ++ ) 188cdf0e10cSrcweir subjectUid[i] = *( m_pCert->subjectID.data + i ) ; 189cdf0e10cSrcweir 190cdf0e10cSrcweir return subjectUid ; 191cdf0e10cSrcweir } else { 192cdf0e10cSrcweir return ::com::sun::star::uno::Sequence< sal_Int8 >(); 193cdf0e10cSrcweir } 194cdf0e10cSrcweir } 195cdf0e10cSrcweir 196cdf0e10cSrcweir ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificateExtension > > SAL_CALL X509Certificate_NssImpl :: getExtensions() throw ( ::com::sun::star::uno::RuntimeException) { 197cdf0e10cSrcweir if( m_pCert != NULL && m_pCert->extensions != NULL ) { 198cdf0e10cSrcweir CERTCertExtension** extns ; 199cdf0e10cSrcweir CertificateExtension_XmlSecImpl* pExtn ; 200cdf0e10cSrcweir sal_Bool crit ; 201cdf0e10cSrcweir int len ; 202cdf0e10cSrcweir 203cdf0e10cSrcweir for( len = 0, extns = m_pCert->extensions; *extns != NULL; len ++, extns ++ ) ; 204cdf0e10cSrcweir Sequence< Reference< XCertificateExtension > > xExtns( len ) ; 205cdf0e10cSrcweir 206cdf0e10cSrcweir for( extns = m_pCert->extensions, len = 0; *extns != NULL; extns ++, len ++ ) { 207cdf0e10cSrcweir const SECItem id = (*extns)->id; 208cdf0e10cSrcweir ::rtl::OString oidString(CERT_GetOidString(&id)); 209cdf0e10cSrcweir 210cdf0e10cSrcweir // remove "OID." prefix if existing 211cdf0e10cSrcweir ::rtl::OString objID; 212cdf0e10cSrcweir ::rtl::OString oid("OID."); 213cdf0e10cSrcweir if (oidString.match(oid)) 214cdf0e10cSrcweir objID = oidString.copy(oid.getLength()); 215cdf0e10cSrcweir else 216cdf0e10cSrcweir objID = oidString; 217cdf0e10cSrcweir 218cdf0e10cSrcweir if ( objID.equals("2.5.29.17") ) 219cdf0e10cSrcweir pExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ; 220cdf0e10cSrcweir else 221cdf0e10cSrcweir pExtn = new CertificateExtension_XmlSecImpl() ; 222cdf0e10cSrcweir 223cdf0e10cSrcweir if( (*extns)->critical.data == NULL ) 224cdf0e10cSrcweir crit = sal_False ; 225cdf0e10cSrcweir else 226cdf0e10cSrcweir crit = ( (*extns)->critical.data[0] == 0xFF ) ? sal_True : sal_False ; 227cdf0e10cSrcweir pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (unsigned char*)objID.getStr(), objID.getLength(), crit ) ; 228cdf0e10cSrcweir 229cdf0e10cSrcweir xExtns[len] = pExtn ; 230cdf0e10cSrcweir } 231cdf0e10cSrcweir 232cdf0e10cSrcweir return xExtns ; 233cdf0e10cSrcweir } else { 234cdf0e10cSrcweir return ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificateExtension > > (); 235cdf0e10cSrcweir } 236cdf0e10cSrcweir } 237cdf0e10cSrcweir 238cdf0e10cSrcweir ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificateExtension > SAL_CALL X509Certificate_NssImpl :: findCertificateExtension( const ::com::sun::star::uno::Sequence< sal_Int8 >& oid ) throw (::com::sun::star::uno::RuntimeException) { 239cdf0e10cSrcweir if( m_pCert != NULL && m_pCert->extensions != NULL ) { 240cdf0e10cSrcweir CertificateExtension_XmlSecImpl* pExtn ; 241cdf0e10cSrcweir CERTCertExtension** extns ; 242cdf0e10cSrcweir SECItem idItem ; 243cdf0e10cSrcweir sal_Bool crit ; 244cdf0e10cSrcweir 245cdf0e10cSrcweir idItem.data = ( unsigned char* )&oid[0] ; 246cdf0e10cSrcweir idItem.len = oid.getLength() ; 247cdf0e10cSrcweir 248cdf0e10cSrcweir pExtn = NULL ; 249cdf0e10cSrcweir for( extns = m_pCert->extensions; *extns != NULL; extns ++ ) { 250cdf0e10cSrcweir if( SECITEM_CompareItem( &idItem, &(*extns)->id ) == SECEqual ) { 251cdf0e10cSrcweir const SECItem id = (*extns)->id; 252cdf0e10cSrcweir ::rtl::OString objId(CERT_GetOidString(&id)); 253cdf0e10cSrcweir if ( objId.equals("OID.2.5.29.17") ) 254cdf0e10cSrcweir pExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ; 255cdf0e10cSrcweir else 256cdf0e10cSrcweir pExtn = new CertificateExtension_XmlSecImpl() ; 257cdf0e10cSrcweir if( (*extns)->critical.data == NULL ) 258cdf0e10cSrcweir crit = sal_False ; 259cdf0e10cSrcweir else 260cdf0e10cSrcweir crit = ( (*extns)->critical.data[0] == 0xFF ) ? sal_True : sal_False ; 261cdf0e10cSrcweir pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (*extns)->id.data, (*extns)->id.len, crit ) ; 262cdf0e10cSrcweir } 263cdf0e10cSrcweir } 264cdf0e10cSrcweir 265cdf0e10cSrcweir return pExtn ; 266cdf0e10cSrcweir } else { 267cdf0e10cSrcweir return NULL ; 268cdf0e10cSrcweir } 269cdf0e10cSrcweir } 270cdf0e10cSrcweir 271cdf0e10cSrcweir 272cdf0e10cSrcweir ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl :: getEncoded() throw ( ::com::sun::star::uno::RuntimeException) { 273cdf0e10cSrcweir if( m_pCert != NULL && m_pCert->derCert.len > 0 ) { 274cdf0e10cSrcweir Sequence< sal_Int8 > rawCert( m_pCert->derCert.len ) ; 275cdf0e10cSrcweir 276cdf0e10cSrcweir for( unsigned int i = 0 ; i < m_pCert->derCert.len ; i ++ ) 277cdf0e10cSrcweir rawCert[i] = *( m_pCert->derCert.data + i ) ; 278cdf0e10cSrcweir 279cdf0e10cSrcweir return rawCert ; 280cdf0e10cSrcweir } else { 281cdf0e10cSrcweir return ::com::sun::star::uno::Sequence< sal_Int8 >(); 282cdf0e10cSrcweir } 283cdf0e10cSrcweir } 284cdf0e10cSrcweir 285cdf0e10cSrcweir //Helper methods 286cdf0e10cSrcweir void X509Certificate_NssImpl :: setCert( CERTCertificate* cert ) { 287cdf0e10cSrcweir if( m_pCert != NULL ) { 288cdf0e10cSrcweir CERT_DestroyCertificate( m_pCert ) ; 289cdf0e10cSrcweir m_pCert = NULL ; 290cdf0e10cSrcweir } 291cdf0e10cSrcweir 292cdf0e10cSrcweir if( cert != NULL ) { 293cdf0e10cSrcweir m_pCert = CERT_DupCertificate( cert ) ; 294cdf0e10cSrcweir } 295cdf0e10cSrcweir } 296cdf0e10cSrcweir 297cdf0e10cSrcweir const CERTCertificate* X509Certificate_NssImpl :: getNssCert() const { 298cdf0e10cSrcweir if( m_pCert != NULL ) { 299cdf0e10cSrcweir return m_pCert ; 300cdf0e10cSrcweir } else { 301cdf0e10cSrcweir return NULL ; 302cdf0e10cSrcweir } 303cdf0e10cSrcweir } 304cdf0e10cSrcweir 305cdf0e10cSrcweir void X509Certificate_NssImpl :: setRawCert( Sequence< sal_Int8 > rawCert ) throw ( ::com::sun::star::uno::RuntimeException) { 306cdf0e10cSrcweir CERTCertificate* cert ; 307cdf0e10cSrcweir SECItem certItem ; 308cdf0e10cSrcweir 309cdf0e10cSrcweir certItem.data = ( unsigned char* )&rawCert[0] ; 310cdf0e10cSrcweir certItem.len = rawCert.getLength() ; 311cdf0e10cSrcweir 312cdf0e10cSrcweir cert = CERT_DecodeDERCertificate( &certItem, PR_TRUE, NULL ) ; 313cdf0e10cSrcweir if( cert == NULL ) 314cdf0e10cSrcweir throw RuntimeException() ; 315cdf0e10cSrcweir 316cdf0e10cSrcweir if( m_pCert != NULL ) { 317cdf0e10cSrcweir CERT_DestroyCertificate( m_pCert ) ; 318cdf0e10cSrcweir m_pCert = NULL ; 319cdf0e10cSrcweir } 320cdf0e10cSrcweir 321cdf0e10cSrcweir m_pCert = cert ; 322cdf0e10cSrcweir } 323cdf0e10cSrcweir 324cdf0e10cSrcweir /* XUnoTunnel */ 325cdf0e10cSrcweir sal_Int64 SAL_CALL X509Certificate_NssImpl :: getSomething( const Sequence< sal_Int8 >& aIdentifier ) throw( RuntimeException ) { 326cdf0e10cSrcweir if( aIdentifier.getLength() == 16 && 0 == rtl_compareMemory( getUnoTunnelId().getConstArray(), aIdentifier.getConstArray(), 16 ) ) { 327cdf0e10cSrcweir return sal::static_int_cast<sal_Int64>(reinterpret_cast<sal_uIntPtr>(this)); 328cdf0e10cSrcweir } 329cdf0e10cSrcweir return 0 ; 330cdf0e10cSrcweir } 331cdf0e10cSrcweir 332cdf0e10cSrcweir /* XUnoTunnel extension */ 333cdf0e10cSrcweir const Sequence< sal_Int8>& X509Certificate_NssImpl :: getUnoTunnelId() { 334cdf0e10cSrcweir static Sequence< sal_Int8 >* pSeq = 0 ; 335cdf0e10cSrcweir if( !pSeq ) { 336cdf0e10cSrcweir ::osl::Guard< ::osl::Mutex > aGuard( ::osl::Mutex::getGlobalMutex() ) ; 337cdf0e10cSrcweir if( !pSeq ) { 338cdf0e10cSrcweir static Sequence< sal_Int8> aSeq( 16 ) ; 339cdf0e10cSrcweir rtl_createUuid( ( sal_uInt8* )aSeq.getArray() , 0 , sal_True ) ; 340cdf0e10cSrcweir pSeq = &aSeq ; 341cdf0e10cSrcweir } 342cdf0e10cSrcweir } 343cdf0e10cSrcweir return *pSeq ; 344cdf0e10cSrcweir } 345cdf0e10cSrcweir 346cdf0e10cSrcweir /* XUnoTunnel extension */ 347cdf0e10cSrcweir X509Certificate_NssImpl* X509Certificate_NssImpl :: getImplementation( const Reference< XInterface > xObj ) { 348cdf0e10cSrcweir Reference< XUnoTunnel > xUT( xObj , UNO_QUERY ) ; 349cdf0e10cSrcweir if( xUT.is() ) { 350cdf0e10cSrcweir return reinterpret_cast<X509Certificate_NssImpl*>( 351cdf0e10cSrcweir sal::static_int_cast<sal_uIntPtr>(xUT->getSomething( getUnoTunnelId() ))); 352cdf0e10cSrcweir } else 353cdf0e10cSrcweir return NULL ; 354cdf0e10cSrcweir } 355cdf0e10cSrcweir 356cdf0e10cSrcweir // MM : added by MM 357cdf0e10cSrcweir ::rtl::OUString getAlgorithmDescription(SECAlgorithmID *aid) 358cdf0e10cSrcweir { 359cdf0e10cSrcweir SECOidTag tag; 360cdf0e10cSrcweir tag = SECOID_GetAlgorithmTag(aid); 361cdf0e10cSrcweir 362cdf0e10cSrcweir const char *pDesc = SECOID_FindOIDTagDescription(tag); 363cdf0e10cSrcweir 364cdf0e10cSrcweir return rtl::OUString::createFromAscii( pDesc ) ; 365cdf0e10cSrcweir } 366cdf0e10cSrcweir 367cdf0e10cSrcweir ::com::sun::star::uno::Sequence< sal_Int8 > getThumbprint(CERTCertificate *pCert, SECOidTag id) 368cdf0e10cSrcweir { 369cdf0e10cSrcweir if( pCert != NULL ) 370cdf0e10cSrcweir { 371cdf0e10cSrcweir unsigned char fingerprint[20]; 372cdf0e10cSrcweir //char *fpStr = NULL; 373cdf0e10cSrcweir SECItem fpItem; 374cdf0e10cSrcweir int length = ((id == SEC_OID_MD5)?MD5_LENGTH:SHA1_LENGTH); 375cdf0e10cSrcweir 376cdf0e10cSrcweir memset(fingerprint, 0, sizeof fingerprint); 377cdf0e10cSrcweir PK11_HashBuf(id, fingerprint, pCert->derCert.data, pCert->derCert.len); 378cdf0e10cSrcweir fpItem.data = fingerprint; 379cdf0e10cSrcweir fpItem.len = length; 380cdf0e10cSrcweir //fpStr = CERT_Hexify(&fpItem, 1); 381cdf0e10cSrcweir 382cdf0e10cSrcweir Sequence< sal_Int8 > thumbprint( length ) ; 383cdf0e10cSrcweir for( int i = 0 ; i < length ; i ++ ) 384cdf0e10cSrcweir { 385cdf0e10cSrcweir thumbprint[i] = fingerprint[i]; 386cdf0e10cSrcweir } 387cdf0e10cSrcweir 388cdf0e10cSrcweir //PORT_Free(fpStr); 389cdf0e10cSrcweir return thumbprint; 390cdf0e10cSrcweir } 391cdf0e10cSrcweir else 392cdf0e10cSrcweir { 393cdf0e10cSrcweir return ::com::sun::star::uno::Sequence< sal_Int8 >(); 394cdf0e10cSrcweir } 395cdf0e10cSrcweir } 396cdf0e10cSrcweir 397cdf0e10cSrcweir ::rtl::OUString SAL_CALL X509Certificate_NssImpl::getSubjectPublicKeyAlgorithm() 398cdf0e10cSrcweir throw ( ::com::sun::star::uno::RuntimeException) 399cdf0e10cSrcweir { 400cdf0e10cSrcweir if( m_pCert != NULL ) 401cdf0e10cSrcweir { 402cdf0e10cSrcweir return getAlgorithmDescription(&(m_pCert->subjectPublicKeyInfo.algorithm)); 403cdf0e10cSrcweir } 404cdf0e10cSrcweir else 405cdf0e10cSrcweir { 406cdf0e10cSrcweir return OUString() ; 407cdf0e10cSrcweir } 408cdf0e10cSrcweir } 409cdf0e10cSrcweir 410cdf0e10cSrcweir ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getSubjectPublicKeyValue() 411cdf0e10cSrcweir throw ( ::com::sun::star::uno::RuntimeException) 412cdf0e10cSrcweir { 413cdf0e10cSrcweir if( m_pCert != NULL ) 414cdf0e10cSrcweir { 415cdf0e10cSrcweir SECItem spk = m_pCert->subjectPublicKeyInfo.subjectPublicKey; 416cdf0e10cSrcweir DER_ConvertBitString(&spk); 417cdf0e10cSrcweir 418cdf0e10cSrcweir if ( spk.len>0) 419cdf0e10cSrcweir { 420cdf0e10cSrcweir Sequence< sal_Int8 > key( spk.len ) ; 421cdf0e10cSrcweir for( unsigned int i = 0 ; i < spk.len ; i ++ ) 422cdf0e10cSrcweir { 423cdf0e10cSrcweir key[i] = *( spk.data + i ) ; 424cdf0e10cSrcweir } 425cdf0e10cSrcweir 426cdf0e10cSrcweir return key ; 427cdf0e10cSrcweir } 428cdf0e10cSrcweir } 429cdf0e10cSrcweir 430cdf0e10cSrcweir return ::com::sun::star::uno::Sequence< sal_Int8 >(); 431cdf0e10cSrcweir } 432cdf0e10cSrcweir 433cdf0e10cSrcweir ::rtl::OUString SAL_CALL X509Certificate_NssImpl::getSignatureAlgorithm() 434cdf0e10cSrcweir throw ( ::com::sun::star::uno::RuntimeException) 435cdf0e10cSrcweir { 436cdf0e10cSrcweir if( m_pCert != NULL ) 437cdf0e10cSrcweir { 438cdf0e10cSrcweir return getAlgorithmDescription(&(m_pCert->signature)); 439cdf0e10cSrcweir } 440cdf0e10cSrcweir else 441cdf0e10cSrcweir { 442cdf0e10cSrcweir return OUString() ; 443cdf0e10cSrcweir } 444cdf0e10cSrcweir } 445cdf0e10cSrcweir 446cdf0e10cSrcweir ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getSHA1Thumbprint() 447cdf0e10cSrcweir throw ( ::com::sun::star::uno::RuntimeException) 448cdf0e10cSrcweir { 449cdf0e10cSrcweir return getThumbprint(m_pCert, SEC_OID_SHA1); 450cdf0e10cSrcweir } 451cdf0e10cSrcweir 452cdf0e10cSrcweir ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getMD5Thumbprint() 453cdf0e10cSrcweir throw ( ::com::sun::star::uno::RuntimeException) 454cdf0e10cSrcweir { 455cdf0e10cSrcweir return getThumbprint(m_pCert, SEC_OID_MD5); 456cdf0e10cSrcweir } 457cdf0e10cSrcweir 458cdf0e10cSrcweir sal_Int32 SAL_CALL X509Certificate_NssImpl::getCertificateUsage( ) 459cdf0e10cSrcweir throw ( ::com::sun::star::uno::RuntimeException) 460cdf0e10cSrcweir { 461cdf0e10cSrcweir SECStatus rv; 462cdf0e10cSrcweir SECItem tmpitem; 463cdf0e10cSrcweir sal_Int32 usage; 464cdf0e10cSrcweir 465cdf0e10cSrcweir rv = CERT_FindKeyUsageExtension(m_pCert, &tmpitem); 466cdf0e10cSrcweir if ( rv == SECSuccess ) 467cdf0e10cSrcweir { 468cdf0e10cSrcweir usage = tmpitem.data[0]; 469cdf0e10cSrcweir PORT_Free(tmpitem.data); 470cdf0e10cSrcweir tmpitem.data = NULL; 471cdf0e10cSrcweir } 472cdf0e10cSrcweir else 473cdf0e10cSrcweir { 474cdf0e10cSrcweir usage = KU_ALL; 475cdf0e10cSrcweir } 476cdf0e10cSrcweir 477cdf0e10cSrcweir /* 478cdf0e10cSrcweir * to make the nss implementation compatible with MSCrypto, 479cdf0e10cSrcweir * the following usage is ignored 480cdf0e10cSrcweir * 481cdf0e10cSrcweir * 482cdf0e10cSrcweir if ( CERT_GovtApprovedBitSet(m_pCert) ) 483cdf0e10cSrcweir { 484cdf0e10cSrcweir usage |= KU_NS_GOVT_APPROVED; 485cdf0e10cSrcweir } 486cdf0e10cSrcweir */ 487cdf0e10cSrcweir 488cdf0e10cSrcweir return usage; 489cdf0e10cSrcweir } 490cdf0e10cSrcweir 491cdf0e10cSrcweir // MM : end 492cdf0e10cSrcweir 493