diff options
| author | Joachim Lingner <jl@openoffice.org> | 2009-11-09 16:49:25 +0100 |
|---|---|---|
| committer | Joachim Lingner <jl@openoffice.org> | 2009-11-09 16:49:25 +0100 |
| commit | 571f1b108037267691784e09812ac9a3b624e805 (patch) | |
| tree | 054450021a9d029ee7b816a2035454f5795dcf30 /xmlsecurity/source | |
| parent | 1e0bc66d16aee28ce8bd9582ea32178c63841902 (diff) | |
jl137: #i103420# better allow tracing in product built depending on bootstrap var XMLSECURITY_TRACE
Diffstat (limited to 'xmlsecurity/source')
| -rw-r--r-- | xmlsecurity/source/xmlsec/makefile.mk | 3 | ||||
| -rw-r--r-- | xmlsecurity/source/xmlsec/nss/secerror.cxx | 18 | ||||
| -rw-r--r-- | xmlsecurity/source/xmlsec/nss/secerror.hxx | 2 | ||||
| -rw-r--r-- | xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx | 34 | ||||
| -rw-r--r-- | xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx | 24 |
5 files changed, 44 insertions, 37 deletions
diff --git a/xmlsecurity/source/xmlsec/makefile.mk b/xmlsecurity/source/xmlsec/makefile.mk index 233b5c370620..0479c24e8c91 100644 --- a/xmlsecurity/source/xmlsec/makefile.mk +++ b/xmlsecurity/source/xmlsec/makefile.mk @@ -66,7 +66,8 @@ SLOFILES = \ $(SLO)$/certificateextension_xmlsecimpl.obj \ $(SLO)$/xmlstreamio.obj \ $(SLO)$/errorcallback.obj \ - $(SLO)$/xsec_xmlsec.obj + $(SLO)$/xsec_xmlsec.obj \ + $(SLO)$/diagnose.obj # --- Targets ------------------------------------------------------ diff --git a/xmlsecurity/source/xmlsec/nss/secerror.cxx b/xmlsecurity/source/xmlsec/nss/secerror.cxx index 04406cce499e..71e108434484 100644 --- a/xmlsecurity/source/xmlsec/nss/secerror.cxx +++ b/xmlsecurity/source/xmlsec/nss/secerror.cxx @@ -27,11 +27,17 @@ * for a copy of the LGPLv3 License. * ************************************************************************/ + + #include "secerr.h" #include "sslerr.h" #include "nspr.h" #include "certt.h" +#include "../diagnose.hxx" + +using namespace xmlsecurity; + struct ErrDesc { PRErrorCode errNum; const char * errString; @@ -65,7 +71,7 @@ getCertError(PRErrorCode errNum) } void -printChainFailure(FILE *outfile, CERTVerifyLog *log) +printChainFailure(CERTVerifyLog *log) { unsigned int errorFlags = 0; unsigned int depth = (unsigned int)-1; @@ -75,17 +81,17 @@ printChainFailure(FILE *outfile, CERTVerifyLog *log) if (log->count > 0) { - fprintf(outfile,"Bad certifcation path:\n"); + xmlsec_trace("Bad certifcation path:"); for (node = log->head; node; node = node->next) { if (depth != node->depth) { depth = node->depth; - fprintf(outfile,"Certificate: %d. %s %s:\n", depth, + xmlsec_trace("Certificate: %d. %s %s:", depth, node->cert->subjectName, depth ? "[Certificate Authority]": ""); } - fprintf(outfile," ERROR %ld: %s\n", node->error, + xmlsec_trace(" ERROR %ld: %s", node->error, getCertError(node->error)); specificError = NULL; issuer = NULL; @@ -151,9 +157,9 @@ printChainFailure(FILE *outfile, CERTVerifyLog *log) break; } if (specificError) - fprintf(stderr,"%s\n", specificError); + xmlsec_trace("%s", specificError); if (issuer) - fprintf(stderr, "%s\n", issuer); + xmlsec_trace("%s", issuer); } } } diff --git a/xmlsecurity/source/xmlsec/nss/secerror.hxx b/xmlsecurity/source/xmlsec/nss/secerror.hxx index 951e638e3a72..732fef5fd03e 100644 --- a/xmlsecurity/source/xmlsec/nss/secerror.hxx +++ b/xmlsecurity/source/xmlsec/nss/secerror.hxx @@ -35,6 +35,6 @@ const char * getCertError(PRErrorCode errNum); void -printChainFailure(FILE *outfile, CERTVerifyLog *log); +printChainFailure(CERTVerifyLog *log); #endif // _XSECERROR_HXX_ diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx index 6f4e75ed2b8e..ed4fc24de4ce 100644 --- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx @@ -42,7 +42,7 @@ #include "securityenvironment_nssimpl.hxx" #include "x509certificate_nssimpl.hxx" #include <rtl/uuid.h> - +#include "../diagnose.hxx" #include <sal/types.h> //For reasons that escape me, this is what xmlsec does when size_t is not 4 @@ -71,6 +71,7 @@ // MM : added for password exception #include <com/sun/star/security/NoPasswordException.hpp> namespace csss = ::com::sun::star::security; +using namespace xmlsecurity; using namespace ::com::sun::star::security; using namespace com::sun::star; using namespace ::com::sun::star::uno ; @@ -773,7 +774,7 @@ verifyCertificate( const Reference< csss::XCertificate >& aCert, throw RuntimeException() ; } - OSL_TRACE("[xmlsecurity] Start verification of certificate: \n %s \n", + xmlsec_trace("Start verification of certificate: \n %s \n", OUStringToOString( aCert->getSubjectName(), osl_getThreadTextEncoding()).getStr()); @@ -807,14 +808,14 @@ verifyCertificate( const Reference< csss::XCertificate >& aCert, PR_TRUE /* copyDER */); if (!certTmp) { - OSL_TRACE("[xmlsecurity] Failed to add a temporary certificate: %s", + xmlsec_trace("Failed to add a temporary certificate: %s", OUStringToOString(intermediateCerts[i]->getIssuerName(), osl_getThreadTextEncoding()).getStr()); } else { - OSL_TRACE("[xmlsecurity] Added temporary certificate: %s", + xmlsec_trace("Added temporary certificate: %s", certTmp->subjectName ? certTmp->subjectName : ""); vecTmpNSSCertificates.push_back(certTmp); } @@ -914,21 +915,20 @@ verifyCertificate( const Reference< csss::XCertificate >& aCert, {certificateUsageSSLServer, "certificateUsageSSLServer" }, {certificateUsageSSLCA, "certificateUsageSSLCA" }, {certificateUsageEmailSigner, "certificateUsageEmailSigner"}, //only usable for end certs -// {certificateUsageEmailRecipient, "certificateUsageEmailRecipient"}, -// {certificateUsageObjectSigner, "certificateUsageObjectSigner"} + {certificateUsageEmailRecipient, "certificateUsageEmailRecipient"} }; int numUsages = sizeof(arUsages) / sizeof(UsageDescription); for (int i = 0; i < numUsages; i++) { - OSL_TRACE("[xmlsecurity] Testing usage %d of %d: %s (0x%x)", i + 1, + xmlsec_trace("Testing usage %d of %d: %s (0x%x)", i + 1, numUsages, arUsages[i].description, (int) arUsages[i].usage); status = CERT_PKIXVerifyCert(const_cast<CERTCertificate *>(cert), arUsages[i].usage, cvin, cvout, NULL); if( status == SECSuccess ) { - OSL_TRACE("[xmlsecurity] CERT_PKIXVerifyCert returned SECSuccess."); + xmlsec_trace("CERT_PKIXVerifyCert returned SECSuccess."); //When an intermediate or root certificate is checked then we expect the usage //certificateUsageSSLCA. This, however, will be only set when in the trust settings dialog //the button "This certificate can identify websites" is checked. If for example only @@ -939,11 +939,11 @@ verifyCertificate( const Reference< csss::XCertificate >& aCert, //will be displayed as invalid. validity = csss::CertificateValidity::VALID; - OSL_TRACE("[xmlsecurity] Certificate is valid.\n"); + xmlsec_trace("Certificate is valid.\n"); CERTCertificate * issuerCert = cvout[0].value.pointer.cert; if (issuerCert) { - OSL_TRACE("[xmlsecurity] Root certificate: %s", issuerCert->subjectName); + xmlsec_trace("Root certificate: %s", issuerCert->subjectName); CERT_DestroyCertificate(issuerCert); }; @@ -951,17 +951,15 @@ verifyCertificate( const Reference< csss::XCertificate >& aCert, } else { -#if OSL_DEBUG_LEVEL > 1 PRIntn err = PR_GetError(); - fprintf(stderr, "Error: , %d = %s\n", err, getCertError(err)); -#endif + xmlsec_trace("Error: , %d = %s", err, getCertError(err)); + /* Display validation results */ if ( log.count > 0) { CERTVerifyLogNode *node = NULL; -#if OSL_DEBUG_LEVEL > 1 - printChainFailure(stderr, &log); -#endif + printChainFailure(&log); + for (node = log.head; node; node = node->next) { if (node->cert) CERT_DestroyCertificate(node->cert); @@ -969,7 +967,7 @@ verifyCertificate( const Reference< csss::XCertificate >& aCert, log.head = log.tail = NULL; log.count = 0; } - OSL_TRACE("[xmlsecurity] Certificate is invalid."); + xmlsec_trace("Certificate is invalid.\n"); } } @@ -983,7 +981,7 @@ verifyCertificate( const Reference< csss::XCertificate >& aCert, std::vector<CERTCertificate*>::const_iterator cert_i; for (cert_i = vecTmpNSSCertificates.begin(); cert_i != vecTmpNSSCertificates.end(); cert_i++) { - OSL_TRACE("[xmlsecurity] Destroying temporary certificate"); + xmlsec_trace("Destroying temporary certificate"); CERT_DestroyCertificate(*cert_i); } return validity ; diff --git a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx index efa31c8e0ccb..f858a5a31421 100644 --- a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx @@ -64,6 +64,7 @@ #include <rtl/logfile.hxx> #include "seinitializer_nssimpl.hxx" +#include "../diagnose.hxx" #include "securityenvironment_nssimpl.hxx" #include <com/sun/star/mozilla/XMozillaBootstrap.hpp> @@ -79,6 +80,7 @@ namespace cssu = com::sun::star::uno; namespace cssl = com::sun::star::lang; namespace cssxc = com::sun::star::xml::crypto; +using namespace xmlsecurity; using namespace com::sun::star; using ::rtl::OUString; using ::rtl::OString; @@ -142,7 +144,7 @@ void deleteRootsModule() { if (PK11_HasRootCerts(slot)) { - OSL_TRACE("[xmlsecurity] The root certifificates module \"%s" + xmlsec_trace("The root certifificates module \"%s" "\" is already loaded: \n%s", module->commonName, module->dllName); @@ -160,11 +162,11 @@ void deleteRootsModule() PRInt32 modType; if (SECSuccess == SECMOD_DeleteModule(RootsModule->commonName, &modType)) { - OSL_TRACE("[xmlsecurity] Deleted module \"%s\".", RootsModule->commonName); + xmlsec_trace("Deleted module \"%s\".", RootsModule->commonName); } else { - OSL_TRACE("[xmlsecurity] Failed to delete \"%s\" : \n%s", + xmlsec_trace("Failed to delete \"%s\" : \n%s", RootsModule->commonName, RootsModule->dllName); } SECMOD_DestroyModule(RootsModule); @@ -197,7 +199,7 @@ bool nsscrypto_initialize( const char* token, bool & out_nss_init ) { bool return_value = true; - OSL_TRACE("[xmlsecurity] Using profile: %s", token); + xmlsec_trace("Using profile: %s", token); PR_Init( PR_USER_THREAD, PR_PRIORITY_NORMAL, 1 ) ; @@ -250,18 +252,18 @@ bool nsscrypto_initialize( const char* token, bool & out_nss_init ) SECMOD_DestroyModule(RootsModule); RootsModule = 0; if (found) - OSL_TRACE("[xmlsecurity] Added new root certificate module " + xmlsec_trace("Added new root certificate module " "\""ROOT_CERTS"\" contained in \n%s", ospath.getStr()); else { - OSL_TRACE("[xmlsecurity] FAILED to load the new root certificate module " + xmlsec_trace("FAILED to load the new root certificate module " "\""ROOT_CERTS"\" contained in \n%s", ospath.getStr()); return_value = false; } } else { - OSL_TRACE("[xmlsecurity] FAILED to add new root certifice module: " + xmlsec_trace("FAILED to add new root certifice module: " "\""ROOT_CERTS"\" contained in \n%s", ospath.getStr()); return_value = false; @@ -269,7 +271,7 @@ bool nsscrypto_initialize( const char* token, bool & out_nss_init ) } else { - OSL_TRACE("[xmlsecurity] Adding new root certificate module failed."); + xmlsec_trace("Adding new root certificate module failed."); return_value = false; } #if SYSTEM_MOZILLA @@ -290,17 +292,17 @@ extern "C" void nsscrypto_finalize() if (SECSuccess == SECMOD_UnloadUserModule(RootsModule)) { - OSL_TRACE("[xmlsecurity] Unloaded module \""ROOT_CERTS"\"."); + xmlsec_trace("Unloaded module \""ROOT_CERTS"\"."); } else { - OSL_TRACE("[xmlsecurity] Failed unloadeding module \""ROOT_CERTS"\"."); + xmlsec_trace("Failed unloadeding module \""ROOT_CERTS"\"."); } SECMOD_DestroyModule(RootsModule); } else { - OSL_TRACE("[xmlsecurity] Unloading module \""ROOT_CERTS + xmlsec_trace("Unloading module \""ROOT_CERTS "\" failed because it was not found."); } PK11_LogoutAll(); |