xmlsecurity: use common NSS init in PDFDocument

The custom code took care of NSS only, the shared code will handle mscrypto as well. Change-Id: I73b904d2e0750d2d847eaaf1ac2b02d41b37d357 Reviewed-on: https://gerrit.libreoffice.org/29763 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins <ci@libreoffice.org>
author: Miklos Vajna <vmiklos@collabora.co.uk> 2016-10-13 13:13:44 +0200
committer: Miklos Vajna <vmiklos@collabora.co.uk> 2016-10-13 12:44:38 +0000
commit: 9fe910e4861a7911c6d286258a30954e715653ac (patch)
tree: 6593f8a31e7bff4e3b0edf4e046c13dd73482df5 /xmlsecurity
parent: 7da303f371c4bcfd8bde284e47a7e2d20c6cb719 (diff)
4 files changed, 21 insertions, 20 deletions
diff --git a/xmlsecurity/inc/pdfsignaturehelper.hxx b/xmlsecurity/inc/pdfsignaturehelper.hxx
index fb928340817d..fe7847bff4eb 100644
--- a/xmlsecurity/inc/pdfsignaturehelper.hxx
+++ b/xmlsecurity/inc/pdfsignaturehelper.hxx
@@ -17,13 +17,20 @@
 
 #include <com/sun/star/io/XInputStream.hpp>
 #include <com/sun/star/security/DocumentSignatureInformation.hpp>
+#include <com/sun/star/uno/XComponentContext.hpp>
+#include <com/sun/star/xml/crypto/XSEInitializer.hpp>
+#include <com/sun/star/xml/crypto/XXMLSecurityContext.hpp>
 
 /// Handles signatures of a PDF file.
 class XMLSECURITY_DLLPUBLIC PDFSignatureHelper
 {
+    css::uno::Reference<css::uno::XComponentContext> m_xComponentContext;
+    css::uno::Reference<css::xml::crypto::XSEInitializer> m_xSEInitializer;
+    css::uno::Reference<css::xml::crypto::XXMLSecurityContext> m_xSecurityContext;
     std::vector<css::security::DocumentSignatureInformation> m_aSignatureInfos;
 
 public:
+    PDFSignatureHelper(const css::uno::Reference<css::uno::XComponentContext>& xComponentContext);
     bool ReadAndVerifySignature(const css::uno::Reference<css::io::XInputStream>& xInputStream);
     css::uno::Sequence<css::security::DocumentSignatureInformation> GetDocumentSignatureInformations();
 };
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index 2fa08a442cd3..17b3783c4ce5 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -263,7 +263,7 @@ DocumentDigitalSignatures::ImplVerifySignatures(
         if (xSignStream.is())
         {
             // Something not ZIP-based, try PDF.
-            PDFSignatureHelper aSignatureHelper;
+            PDFSignatureHelper aSignatureHelper(mxCtx);
             if (aSignatureHelper.ReadAndVerifySignature(xSignStream))
                 return aSignatureHelper.GetDocumentSignatureInformations();
         }
diff --git a/xmlsecurity/source/helper/pdfsignaturehelper.cxx b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
index d8e6cd5eb6ac..9a5ec842f13d 100644
--- a/xmlsecurity/source/helper/pdfsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/pdfsignaturehelper.cxx
@@ -11,6 +11,8 @@
 
 #include <memory>
 
+#include <com/sun/star/xml/crypto/SEInitializer.hpp>
+
 #include <comphelper/sequence.hxx>
 #include <tools/stream.hxx>
 #include <unotools/ucbstreamhelper.hxx>
@@ -19,6 +21,15 @@
 
 using namespace ::com::sun::star;
 
+PDFSignatureHelper::PDFSignatureHelper(const uno::Reference<uno::XComponentContext>& xComponentContext)
+    : m_xComponentContext(xComponentContext)
+{
+    m_xSEInitializer = xml::crypto::SEInitializer::create(m_xComponentContext);
+    if (m_xSEInitializer.is())
+        // This initializes nss / mscrypto.
+        m_xSecurityContext = m_xSEInitializer->createSecurityContext(OUString());
+}
+
 bool PDFSignatureHelper::ReadAndVerifySignature(const uno::Reference<io::XInputStream>& xInputStream)
 {
     if (!xInputStream.is())
diff --git a/xmlsecurity/source/pdfio/pdfdocument.cxx b/xmlsecurity/source/pdfio/pdfdocument.cxx
index 3bd90db5e478..4ca43a2c2565 100644
--- a/xmlsecurity/source/pdfio/pdfdocument.cxx
+++ b/xmlsecurity/source/pdfio/pdfdocument.cxx
@@ -734,20 +734,8 @@ bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement* pSignat
     }
 
 #ifdef XMLSEC_CRYPTO_NSS
-    // Validate the signature.
-
-    const char* pEnv = getenv("MOZILLA_CERTIFICATE_FOLDER");
-    if (!pEnv)
-    {
-        SAL_WARN("xmlsecurity.pdfio", "PDFDocument::ValidateSignature: no mozilla cert folder");
-        return false;
-    }
-
-    if (NSS_Init(pEnv) != SECSuccess)
-    {
-        SAL_WARN("xmlsecurity.pdfio", "PDFDocument::ValidateSignature: NSS_Init() failed");
-        return false;
-    }
+    // Validate the signature. No need to call NSS_Init() here, assume that the
+    // caller did that already.
 
     SECItem aSignatureItem;
     aSignatureItem.data = aSignature.data();
@@ -875,11 +863,6 @@ bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement* pSignat
     PORT_Free(pActualResultBuffer);
     HASH_Destroy(pHASHContext);
     NSS_CMSSignerInfo_Destroy(pCMSSignerInfo);
-    if (NSS_Shutdown() != SECSuccess)
-    {
-        SAL_WARN("xmlsecurity.pdfio", "PDFDocument::ValidateSignature: NSS_Shutdown() failed");
-        return false;
-    }
 
     return true;
 #else
author	Miklos Vajna <vmiklos@collabora.co.uk>	2016-10-13 13:13:44 +0200
committer	Miklos Vajna <vmiklos@collabora.co.uk>	2016-10-13 12:44:38 +0000
commit	9fe910e4861a7911c6d286258a30954e715653ac (patch)
tree	6593f8a31e7bff4e3b0edf4e046c13dd73482df5 /xmlsecurity
parent	7da303f371c4bcfd8bde284e47a7e2d20c6cb719 (diff)