lokit: convert PEM certificate to DER if it is detected as such

Change-Id: I1ae105067c109a32f4acc34749b425d9e4e26514 Reviewed-on: https://gerrit.libreoffice.org/64291 Tested-by: Jenkins Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
author: Tomaž Vajngerl <tomaz.vajngerl@collabora.co.uk> 2018-11-29 21:52:26 +0100
committer: Tomaž Vajngerl <quikee@gmail.com> 2018-12-01 09:07:25 +0100
commit: d69edca3e004ab8669b3363b4755da8bb42f62fc (patch)
tree: 0e0ee5232c947d90bde3de9d2360524dde765690
parent: c1d7cc390c6e095d6e58b856758ba86f7666195f (diff)
1 files changed, 84 insertions, 6 deletions
diff --git a/desktop/source/lib/init.cxx b/desktop/source/lib/init.cxx
index a7ce8182ebd1..d96c7737157d 100644
--- a/desktop/source/lib/init.cxx
+++ b/desktop/source/lib/init.cxx
@@ -48,6 +48,7 @@
 #include <comphelper/propertysequence.hxx>
 #include <comphelper/scopeguard.hxx>
 #include <comphelper/threadpool.hxx>
+#include <comphelper/base64.hxx>
 
 #include <com/sun/star/beans/XPropertySet.hpp>
 #include <com/sun/star/container/XNameAccess.hpp>
@@ -526,6 +527,48 @@ int lcl_getViewId(const std::string& payload)
     return 0;
 }
 
+std::string extractCertificate(const std::string & certificate)
+{
+    const std::string header("-----BEGIN CERTIFICATE-----");
+    const std::string footer("-----END CERTIFICATE-----");
+
+    std::string result;
+
+    size_t pos1 = certificate.find(header);
+    if (pos1 == std::string::npos)
+        return result;
+
+    size_t pos2 = certificate.find(footer, pos1 + 1);
+    if (pos2 == std::string::npos)
+        return result;
+
+    pos1 = pos1 + header.length();
+    pos2 = pos2 - pos1;
+
+    return certificate.substr(pos1, pos2);
+}
+
+std::string extractPrivateKey(const std::string & privateKey)
+{
+    const std::string header("-----BEGIN PRIVATE KEY-----");
+    const std::string footer("-----END PRIVATE KEY-----");
+
+    std::string result;
+
+    size_t pos1 = privateKey.find(header);
+    if (pos1 == std::string::npos)
+        return result;
+
+    size_t pos2 = privateKey.find(footer, pos1 + 1);
+    if (pos2 == std::string::npos)
+        return result;
+
+    pos1 = pos1 + header.length();
+    pos2 = pos2 - pos1;
+
+    return privateKey.substr(pos1, pos2);
+}
+
 }  // end anonymous namespace
 
 // Could be anonymous in principle, but for the unit testing purposes, we
@@ -3724,11 +3767,34 @@ static bool doc_insertCertificate(LibreOfficeKitDocument* pThis,
     if (!xCertificateCreator.is())
         return false;
 
-    uno::Sequence<sal_Int8> aCertificateSequence(nCertificateBinarySize);
-    std::copy(pCertificateBinary, pCertificateBinary + nCertificateBinarySize, aCertificateSequence.begin());
+    uno::Sequence<sal_Int8> aCertificateSequence;
 
-    uno::Sequence<sal_Int8> aPrivateKeySequence(nPrivateKeySize);
-    std::copy(pPrivateKeyBinary, pPrivateKeyBinary + nPrivateKeySize, aPrivateKeySequence.begin());
+    std::string aCertificateString(reinterpret_cast<const char*>(pCertificateBinary), nCertificateBinarySize);
+    std::string aCertificateBase64String = extractCertificate(aCertificateString);
+    if (!aCertificateBase64String.empty())
+    {
+        OUString aBase64OUString = OUString::createFromAscii(aCertificateBase64String.c_str());
+        comphelper::Base64::decode(aCertificateSequence, aBase64OUString);
+    }
+    else
+    {
+        aCertificateSequence.realloc(nCertificateBinarySize);
+        std::copy(pCertificateBinary, pCertificateBinary + nCertificateBinarySize, aCertificateSequence.begin());
+    }
+
+    uno::Sequence<sal_Int8> aPrivateKeySequence;
+    std::string aPrivateKeyString(reinterpret_cast<const char*>(pPrivateKeyBinary), nPrivateKeySize);
+    std::string aPrivateKeyBase64String = extractPrivateKey(aPrivateKeyString);
+    if (!aPrivateKeyBase64String.empty())
+    {
+        OUString aBase64OUString = OUString::createFromAscii(aPrivateKeyBase64String.c_str());
+        comphelper::Base64::decode(aPrivateKeySequence, aBase64OUString);
+    }
+    else
+    {
+        aPrivateKeySequence.realloc(nPrivateKeySize);
+        std::copy(pPrivateKeyBinary, pPrivateKeyBinary + nPrivateKeySize, aPrivateKeySequence.begin());
+    }
 
     uno::Reference<security::XCertificate> xCertificate;
     xCertificate = xCertificateCreator->createDERCertificateWithPrivateKey(aCertificateSequence, aPrivateKeySequence);
@@ -3772,8 +3838,20 @@ static bool doc_addCertificate(LibreOfficeKitDocument* pThis,
     if (!xCertificateCreator.is())
         return false;
 
-    uno::Sequence<sal_Int8> aCertificateSequence(nCertificateBinarySize);
-    std::copy(pCertificateBinary, pCertificateBinary + nCertificateBinarySize, aCertificateSequence.begin());
+    uno::Sequence<sal_Int8> aCertificateSequence;
+
+    std::string aCertificateString(reinterpret_cast<const char*>(pCertificateBinary), nCertificateBinarySize);
+    std::string aCertificateBase64String = extractCertificate(aCertificateString);
+    if (!aCertificateBase64String.empty())
+    {
+        OUString aBase64OUString = OUString::createFromAscii(aCertificateBase64String.c_str());
+        comphelper::Base64::decode(aCertificateSequence, aBase64OUString);
+    }
+    else
+    {
+        aCertificateSequence.realloc(nCertificateBinarySize);
+        std::copy(pCertificateBinary, pCertificateBinary + nCertificateBinarySize, aCertificateSequence.begin());
+    }
 
     uno::Reference<security::XCertificate> xCertificate;
     xCertificate = xCertificateCreator->addDERCertificateToTheDatabase(aCertificateSequence, "TCu,Cu,Tu");
author	Tomaž Vajngerl <tomaz.vajngerl@collabora.co.uk>	2018-11-29 21:52:26 +0100
committer	Tomaž Vajngerl <quikee@gmail.com>	2018-12-01 09:07:25 +0100
commit	d69edca3e004ab8669b3363b4755da8bb42f62fc (patch)
tree	0e0ee5232c947d90bde3de9d2360524dde765690
parent	c1d7cc390c6e095d6e58b856758ba86f7666195f (diff)