ucb: cmis: remove CertValidationHandler

Bothering users with a dialog for a problematic TLS certificate just
conditions them to click OK and compromise their security.

WebDAV UCP already doesn't show such a dialog since LO 7.3, now remove
the dialog from CMIS UCP too.

Users can add any self-signed CAs they want to use to the operating
system trusted CA store, for example with p11-kit's trust(1).

Change-Id: Iedb8518923f9ac75c33a3b0df6ff795a7810a18a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169338
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>

4 files changed, 0 insertions, 184 deletions

diff --git a/ucb/source/ucp/cmis/certvalidation_handler.cxx b/ucb/source/ucp/cmis/certvalidation_handler.cxx
deleted file mode 100644
index 0080df37a483..000000000000
--- a/ucb/source/ucp/cmis/certvalidation_handler.cxx
+++ /dev/null
@@ -1,126 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/*
- * This file is part of the LibreOffice project.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * This file incorporates work covered by the following license notice:
- *
- */
-
-#include <com/sun/star/security/CertificateContainer.hpp>
-#include <com/sun/star/security/XCertificate.hpp>
-#include <com/sun/star/security/XCertificateContainer.hpp>
-#include <com/sun/star/xml/crypto/SEInitializer.hpp>
-#include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp>
-
-#include <rtl/ref.hxx>
-#include <comphelper/sequence.hxx>
-#include <ucbhelper/simplecertificatevalidationrequest.hxx>
-
-#include "certvalidation_handler.hxx"
-
-#define STD_TO_OUSTR( str ) OUString( str.c_str(), str.length( ), RTL_TEXTENCODING_UTF8 )
-
-using namespace com::sun::star;
-
-namespace cmis
-{
-    bool CertValidationHandler::validateCertificate( std::vector< std::string > aCertificates )
-    {
-        bool bValidate = false;
-        if ( !aCertificates.empty() && m_xEnv.is() )
-        {
-            uno::Reference< xml::crypto::XSEInitializer > xSEInitializer;
-            try
-            {
-                xSEInitializer = xml::crypto::SEInitializer::create( m_xContext );
-            }
-            catch ( uno::Exception const & )
-            {
-            }
-
-            if ( xSEInitializer.is() )
-            {
-                uno::Reference< xml::crypto::XXMLSecurityContext > xSecurityContext(
-                    xSEInitializer->createSecurityContext( OUString() ) );
-
-                uno::Reference< xml::crypto::XSecurityEnvironment > xSecurityEnv(
-                        xSecurityContext->getSecurityEnvironment() );
-
-                std::vector< std::string >::iterator pIt = aCertificates.begin();
-                std::string sCert = *pIt;
-                // We need to get rid of the PEM header/footer lines
-                OUString sCleanCert = STD_TO_OUSTR( sCert );
-                sCleanCert = sCleanCert.replaceAll( "-----BEGIN CERTIFICATE-----", "" );
-                sCleanCert = sCleanCert.replaceAll( "-----END CERTIFICATE-----", "" );
-                uno::Reference< security::XCertificate > xCert(
-                        xSecurityEnv->createCertificateFromAscii(
-                            sCleanCert ) );
-
-                uno::Reference< security::XCertificateContainer > xCertificateContainer;
-                try
-                {
-                    xCertificateContainer = security::CertificateContainer::create( m_xContext );
-                }
-                catch ( uno::Exception const & )
-                {
-                }
-
-                if ( xCertificateContainer.is( ) )
-                {
-                    security::CertificateContainerStatus status(
-                        xCertificateContainer->hasCertificate(
-                            m_sHostname, xCert->getSubjectName() ) );
-
-                    if ( status != security::CertificateContainerStatus_NOCERT )
-                        return status == security::CertificateContainerStatus_TRUSTED;
-                }
-
-                // If we had no certificate, ask what to do
-                std::vector< uno::Reference< security::XCertificate > > vecCerts;
-
-                for ( ++pIt; pIt != aCertificates.end(); ++pIt )
-                {
-                    sCert = *pIt;
-                    uno::Reference< security::XCertificate> xImCert(
-                        xSecurityEnv->createCertificateFromAscii(
-                            STD_TO_OUSTR( sCert ) ) );
-                    if ( xImCert.is() )
-                        vecCerts.push_back( xImCert );
-                }
-
-                sal_Int64 certValidity = xSecurityEnv->verifyCertificate( xCert,
-                    ::comphelper::containerToSequence( vecCerts ) );
-
-                uno::Reference< task::XInteractionHandler > xIH(
-                    m_xEnv->getInteractionHandler() );
-                if ( xIH.is() )
-                {
-                    rtl::Reference< ucbhelper::SimpleCertificateValidationRequest >
-                        xRequest( new ucbhelper::SimpleCertificateValidationRequest(
-                                   sal_Int32( certValidity ), xCert, m_sHostname ) );
-                    xIH->handle( xRequest );
-                    rtl::Reference< ucbhelper::InteractionContinuation > xSelection
-                        = xRequest->getSelection();
-
-                    if ( xSelection.is() )
-                    {
-                        uno::Reference< task::XInteractionApprove > xApprove(
-                            xSelection.get(), uno::UNO_QUERY );
-                        bValidate = xApprove.is();
-
-                        // Store the decision in the container
-                        xCertificateContainer->addCertificate(
-                            m_sHostname, xCert->getSubjectName(), bValidate );
-                    }
-                }
-            }
-        }
-        return bValidate;
-    }
-}
-
-/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/ucb/source/ucp/cmis/certvalidation_handler.hxx b/ucb/source/ucp/cmis/certvalidation_handler.hxx
deleted file mode 100644
index ae46c8397f3c..000000000000
--- a/ucb/source/ucp/cmis/certvalidation_handler.hxx
+++ /dev/null
@@ -1,46 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/*
- * This file is part of the LibreOffice project.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * This file incorporates work covered by the following license notice:
- *
- */
-#pragma once
-
-#if defined __GNUC__ && !defined __clang__
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wdeprecated"
-#pragma GCC diagnostic ignored "-Wunused-but-set-parameter"
-#endif
-#include <libcmis/libcmis.hxx>
-#if defined __GNUC__ && !defined __clang__
-#pragma GCC diagnostic pop
-#endif
-
-#include <com/sun/star/ucb/XCommandEnvironment.hpp>
-#include <utility>
-
-namespace cmis
-{
-    class CertValidationHandler : public libcmis::CertValidationHandler
-    {
-        const css::uno::Reference< css::ucb::XCommandEnvironment>& m_xEnv;
-        const css::uno::Reference< css::uno::XComponentContext >& m_xContext;
-        OUString m_sHostname;
-
-        public:
-            CertValidationHandler (
-                           const css::uno::Reference< css::ucb::XCommandEnvironment>& xEnv,
-                           const css::uno::Reference< css::uno::XComponentContext>& xContext,
-                           OUString  sHostname ):
-                m_xEnv( xEnv ), m_xContext( xContext ), m_sHostname(std::move( sHostname )) { }
-
-            bool validateCertificate( std::vector< std::string > certificates ) override;
-    };
-}
-
-/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/ucb/source/ucp/cmis/cmis_content.cxx b/ucb/source/ucp/cmis/cmis_content.cxx
index c1808f8bc492..6bd5146bb7bc 100644
--- a/ucb/source/ucp/cmis/cmis_content.cxx
+++ b/ucb/source/ucp/cmis/cmis_content.cxx
@@ -59,7 +59,6 @@
 #include <utility>
 
 #include "auth_provider.hxx"
-#include "certvalidation_handler.hxx"
 #include "cmis_content.hxx"
 #include "cmis_provider.hxx"
 #include "cmis_resultset.hxx"
@@ -315,11 +314,6 @@ namespace cmis
 
         if ( nullptr == m_pSession )
         {
-            // Set the SSL Validation handler
-            libcmis::CertValidationHandlerPtr certHandler(
-                    new CertValidationHandler( xEnv, m_xContext, aBindingUrl.GetHost( ) ) );
-            libcmis::SessionFactory::setCertificateValidationHandler( certHandler );
-
             // init libcurl callback
             libcmis::SessionFactory::setCurlInitProtocolsFunction(&::InitCurl_easy);
 
diff --git a/ucb/source/ucp/cmis/cmis_repo_content.cxx b/ucb/source/ucp/cmis/cmis_repo_content.cxx
index 38c261cdf3b8..87742e14bf99 100644
--- a/ucb/source/ucp/cmis/cmis_repo_content.cxx
+++ b/ucb/source/ucp/cmis/cmis_repo_content.cxx
@@ -33,7 +33,6 @@
 #include <ucbhelper/macros.hxx>
 
 #include "auth_provider.hxx"
-#include "certvalidation_handler.hxx"
 #include "cmis_content.hxx"
 #include "cmis_provider.hxx"
 #include "cmis_repo_content.hxx"
@@ -128,11 +127,6 @@ namespace cmis
         if ( !m_aRepositories.empty() )
             return;
 
-        // Set the SSL Validation handler
-        libcmis::CertValidationHandlerPtr certHandler(
-                new CertValidationHandler( xEnv, m_xContext, aBindingUrl.GetHost( ) ) );
-        libcmis::SessionFactory::setCertificateValidationHandler( certHandler );
-
         // init libcurl callback
         libcmis::SessionFactory::setCurlInitProtocolsFunction(&::InitCurl_easy);