koheidatapilot03: merge with DEV300_m60

2 files changed, 120 insertions, 24 deletions

diff --git a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx
index 00049d2901fc..41dbd6232bce 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx
@@ -43,6 +43,7 @@
 #include <rtl/locale.h>
 #include <osl/nlsupport.h>
 #include <osl/process.h>
+#include <utility>
 
 //CP : end
 
@@ -53,36 +54,130 @@ using ::rtl::OUString ;
 using ::com::sun::star::security::XCertificate ;
 using ::com::sun::star::util::DateTime ;
 
-/*
- * mmi : because MS Crypto use the 'S' tag (equal to the 'ST' tag in NSS), but the NSS can't recognise
- *      it, so the 'S' tag should be changed to 'ST' tag
- *
- */
-OUString replaceTagSWithTagST(OUString oldDN)
+#define OUSTR(x) ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM(x) )
+
+/*Resturns the index withing rRawString where sTypeName starts and where it ends.
+    The starting index is pair.first. The ending index in pair.second points
+    one char after the last character of the type.
+    sTypeName can be
+    "S" or "CN" (without ""). Do not use spaces at the beginning of the type name.
+    If the type name is not found then pair.first and pair.second are -1.
+*/
+std::pair< sal_Int32, sal_Int32 >
+findTypeInDN(const OUString& rRawString, const OUString& sTypeName)
 {
-
-    sal_Int32 nIndex = 0;
-    OUString newDN;
-    do
+    std::pair< sal_Int32, sal_Int32 > retVal;
+    bool bInEscape = false;
+    bool bInValue = false;
+    bool bFound = false;
+    sal_Int32 nTypeNameStart = 0;
+    sal_Int32 length = rRawString.getLength();
+
+    for (sal_Int32 i = 0; i < length; i++)
     {
-        OUString aToken = oldDN.getToken( 0, ',', nIndex ).trim();
-        if (aToken.compareToAscii("S=",2) == 0)
+        sal_Unicode c = rRawString[i];
+
+        if (c == '=')
         {
-            newDN+=OUString::createFromAscii("ST=");
-            newDN+=aToken.copy(2);
+            if (! bInValue)
+            {
+                OUString sType = rRawString.copy(nTypeNameStart, i - nTypeNameStart);
+                sType = sType.trim();
+                if (sType.equalsIgnoreAsciiCase(sTypeName))
+                {
+                    bFound = true;
+                    break;
+                }
+            }
         }
-        else
+        else if (c == '"')
         {
-            newDN+=aToken;
+            if (!bInEscape)
+            {
+                //If this is the quote is the first of the couple which enclose the
+                //whole value, because the value contains special characters
+                //then we just drop it. That is, this character must be followed by
+                //a character which is not '"'.
+                if ( i + 1 < length && rRawString[i+1] == '"')
+                    bInEscape = true;
+                else
+                    bInValue = !bInValue; //value is enclosed in " "
+            }
+            else
+            {
+                //This quote is escaped by a preceding quote and therefore is
+                //part of the value
+                bInEscape = false;
+            }
         }
+        else if (c == ',')
+        {
+            //The comma separate the attribute value pairs.
+            //If the comma is not part of a value (the value would then be enclosed in '"'),
+            //then we have reached the end of the value
+            if (!bInValue)
+            {
+                //The next char is the start of the new type
+                nTypeNameStart = i + 1;
+            }
+        }
+    }
 
-        if (nIndex >= 0)
+    //Found the Type Name, but there can still be spaces after the last comma
+    //and the beginning of the type.
+    if (bFound)
+    {
+        while (true)
+        {
+            sal_Unicode c = rRawString[nTypeNameStart];
+            if (c != ' ' && c != '\t')
+                //found
+                break;
+            nTypeNameStart ++;
+        }
+        // search end (one after last letter)
+        sal_Int32 nTypeNameEnd = nTypeNameStart;
+        nTypeNameEnd++;
+        while (true)
         {
-            newDN+=OUString::createFromAscii(",");
+             sal_Unicode c = rRawString[nTypeNameEnd];
+             if (c == ' ' || c == '\t' || c == '=')
+                 break;
+             nTypeNameEnd++;
         }
-    } while ( nIndex >= 0 );
+        retVal = std::make_pair(nTypeNameStart, nTypeNameEnd);
+    }
+    else
+    {
+        retVal = std::make_pair(-1, -1);
+    }
+    return retVal;
+}
+
 
-    return newDN;
+/*
+  MS Crypto uses the 'S' tag (equal to the 'ST' tag in NSS), but the NSS can't recognise
+  it, so the 'S' tag should be changed to 'ST' tag. However I am not sure if this is necessary
+  anymore, because we provide always the signers certificate when signing. So libmlsec can find
+  the private key based on the provided certificate (X509Certificate element) and does not need
+  the issuer name (X509IssuerName element). The issuer name in the xml signature has also no
+  effect for the signature nor the certificate validation.
+  In many RFCs, for example 4519, on speaks of 'ST'. However, the certificate does not contain
+  strings for type names. Instead it uses OIDs.
+ */
+
+OUString replaceTagSWithTagST(OUString oldDN)
+{
+    std::pair<sal_Int32, sal_Int32 > pairIndex = findTypeInDN(oldDN, OUSTR("S"));
+
+    if (pairIndex.first != -1)
+    {
+        OUString newDN = oldDN.copy(0, pairIndex.first);
+        newDN += OUSTR("ST");
+        newDN += oldDN.copy(pairIndex.second);
+        return newDN;
+    }
+    return oldDN;
 }
 /* end */
 
@@ -159,7 +254,7 @@ sal_Int16 SAL_CALL X509Certificate_MSCryptImpl :: getVersion() throw ( ::com::su
             OUString xIssuer(issuer , cbIssuer ,encoding ) ; //By CP
             delete issuer ;
 
-            return replaceTagSWithTagST(xIssuer) ;
+            return replaceTagSWithTagST(xIssuer);
         } else {
             return OUString() ;
         }
@@ -208,7 +303,7 @@ sal_Int16 SAL_CALL X509Certificate_MSCryptImpl :: getVersion() throw ( ::com::su
             OUString xSubject(subject , cbSubject ,encoding ) ; //By CP
             delete subject ;
 
-            return replaceTagSWithTagST(xSubject) ;
+            return replaceTagSWithTagST(xSubject);
         } else {
             return OUString() ;
         }
diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
index 4a290ae2feb5..90779823eca3 100644
--- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
@@ -58,7 +58,7 @@
 #include <rtl/ustrbuf.hxx>
 #include <comphelper/processfactory.hxx>
 #include <cppuhelper/servicefactory.hxx>
-#include <svtools/docpasswdrequest.hxx>
+#include <comphelper/docpasswordrequest.hxx>
 #include <xmlsecurity/biginteger.hxx>
 #include <rtl/logfile.h>
 #include <com/sun/star/task/XInteractionHandler.hpp>
@@ -94,7 +94,8 @@ char* GetPasswordFunction( PK11SlotInfo* pSlot, PRBool bRetry, void* /*arg*/ )
         if ( xInteractionHandler.is() )
         {
             task::PasswordRequestMode eMode = bRetry ? task::PasswordRequestMode_PASSWORD_REENTER : task::PasswordRequestMode_PASSWORD_ENTER;
-            RequestDocumentPassword* pPasswordRequest = new RequestDocumentPassword( eMode, ::rtl::OUString::createFromAscii(PK11_GetTokenName(pSlot)) );
+            ::comphelper::DocPasswordRequest* pPasswordRequest = new ::comphelper::DocPasswordRequest(
+                ::comphelper::DocPasswordRequestType_STANDARD, eMode, ::rtl::OUString::createFromAscii(PK11_GetTokenName(pSlot)) );
 
             uno::Reference< task::XInteractionRequest > xRequest( pPasswordRequest );
             xInteractionHandler->handle( xRequest );