Revert "[API CHANGE] createSecurityContext() was always called with an empty string"

I got cold feet. I don't want to have to revert this many years later
instead, when some obscure 3rd-party software stops working.

This reverts commit e1ce7bad62f07faf8f21adac6c3848d142f61953.

5 files changed, 44 insertions, 7 deletions

diff --git a/xmlsecurity/source/helper/documentsignaturemanager.cxx b/xmlsecurity/source/helper/documentsignaturemanager.cxx
index df753def1118..76e0b0aefaa9 100644
--- a/xmlsecurity/source/helper/documentsignaturemanager.cxx
+++ b/xmlsecurity/source/helper/documentsignaturemanager.cxx
@@ -56,7 +56,7 @@ bool DocumentSignatureManager::init()
     mxSEInitializer = css::xml::crypto::SEInitializer::create(mxContext);
 
     if (mxSEInitializer.is())
-        mxSecurityContext = mxSEInitializer->createSecurityContext();
+        mxSecurityContext = mxSEInitializer->createSecurityContext(OUString());
 
     return mxSecurityContext.is();
 }
diff --git a/xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.cxx
index a933ba9691b2..91158dd14d6b 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.cxx
@@ -45,12 +45,31 @@ SEInitializer_MSCryptImpl::~SEInitializer_MSCryptImpl()
 
 /* XSEInitializer */
 cssu::Reference< cssxc::XXMLSecurityContext > SAL_CALL
-    SEInitializer_MSCryptImpl::createSecurityContext()
+    SEInitializer_MSCryptImpl::createSecurityContext(
+    const OUString& sCertDB )
     throw (cssu::RuntimeException)
 {
+    const char* n_pCertStore ;
+    HCERTSTORE  n_hStoreHandle ;
+
     //Initialize the crypto engine
+    if( sCertDB.getLength() > 0 )
+    {
+        OString sCertDir(sCertDB.getStr(), sCertDB.getLength(), RTL_TEXTENCODING_ASCII_US);
+        n_pCertStore = sCertDir.getStr();
+        n_hStoreHandle = CertOpenSystemStore( NULL, n_pCertStore ) ;
+        if( n_hStoreHandle == nullptr )
+        {
+            return nullptr;
+        }
+    }
+    else
+    {
+        n_pCertStore = nullptr ;
+        n_hStoreHandle = nullptr ;
+    }
 
-    xmlSecMSCryptoAppInit( nullptr ) ;
+    xmlSecMSCryptoAppInit( n_pCertStore ) ;
 
     try {
         /* Build Security Environment */
@@ -61,11 +80,24 @@ cssu::Reference< cssxc::XXMLSecurityContext > SAL_CALL
         SecurityEnvironment_MSCryptImpl* pSecEnv = reinterpret_cast<SecurityEnvironment_MSCryptImpl*>(xSecEnvTunnel->getSomething( SecurityEnvironment_MSCryptImpl::getUnoTunnelId() ));
         if( pSecEnv == nullptr )
         {
+            if( n_hStoreHandle != nullptr )
+            {
+                CertCloseStore( n_hStoreHandle, CERT_CLOSE_STORE_FORCE_FLAG ) ;
+            }
+
             xmlSecMSCryptoAppShutdown() ;
             return nullptr;
         }
 
-        pSecEnv->enableDefaultCrypt( true ) ;
+        if( n_hStoreHandle != nullptr )
+        {
+            pSecEnv->setCryptoSlot( n_hStoreHandle ) ;
+            pSecEnv->setCertDb( n_hStoreHandle ) ;
+        }
+        else
+        {
+            pSecEnv->enableDefaultCrypt( true ) ;
+        }
 
         /* Build XML Security Context */
         cssu::Reference< cssxc::XXMLSecurityContext > xSecCtx = cssxc::XMLSecurityContext::create( mxContext );
@@ -75,6 +107,11 @@ cssu::Reference< cssxc::XXMLSecurityContext > SAL_CALL
     }
     catch( cssu::Exception& )
     {
+        if( n_hStoreHandle != nullptr )
+        {
+            CertCloseStore( n_hStoreHandle, CERT_CLOSE_STORE_FORCE_FLAG ) ;
+        }
+
         xmlSecMSCryptoAppShutdown() ;
         return nullptr;
     }
diff --git a/xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.hxx b/xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.hxx
index ac11d9fa1957..46c698c4e455 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.hxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.hxx
@@ -56,7 +56,7 @@ public:
 
     /* XSEInitializer */
     virtual css::uno::Reference< css::xml::crypto::XXMLSecurityContext >
-        SAL_CALL createSecurityContext()
+        SAL_CALL createSecurityContext( const OUString& certDB )
         throw (css::uno::RuntimeException) override;
 
     virtual void SAL_CALL freeSecurityContext( const css::uno::Reference<
diff --git a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx
index 0273a28ea06e..012106c41c05 100644
--- a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx
@@ -63,7 +63,7 @@ SEInitializer_NssImpl::~SEInitializer_NssImpl()
 
 /* XSEInitializer */
 uno::Reference< cssxc::XXMLSecurityContext > SAL_CALL
-    SEInitializer_NssImpl::createSecurityContext()
+    SEInitializer_NssImpl::createSecurityContext( const OUString& )
     throw (uno::RuntimeException, std::exception)
 {
     CERTCertDBHandle    *pCertHandle = nullptr ;
diff --git a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx
index e223134909cd..685473283195 100644
--- a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx
+++ b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx
@@ -41,7 +41,7 @@ public:
 
     /* XSEInitializer */
     virtual css::uno::Reference< css::xml::crypto::XXMLSecurityContext >
-        SAL_CALL createSecurityContext()
+        SAL_CALL createSecurityContext( const OUString& )
         throw (css::uno::RuntimeException, std::exception) override;
 
     virtual void SAL_CALL freeSecurityContext( const css::uno::Reference<