diff options
| author | Tobias Krause <tkr@openoffice.org> | 2011-02-03 16:22:52 +0100 |
|---|---|---|
| committer | Tobias Krause <tkr@openoffice.org> | 2011-02-03 16:22:52 +0100 |
| commit | d5feca7dcd9b2de4332c6b53657f6f5acbeb7b9a (patch) | |
| tree | 6e44b68a8350217b8e1cd96faaefaca108528201 /xmlsecurity | |
| parent | 143e8326931e0751caf3428eec0d8542229dd063 (diff) | |
tkr38: #i112307# Support for x509 v3 Subject Alternative Name extension added
Diffstat (limited to 'xmlsecurity')
19 files changed, 1287 insertions, 15 deletions
diff --git a/xmlsecurity/prj/build.lst b/xmlsecurity/prj/build.lst index 3d70b9cb1181..4618e309f650 100644 --- a/xmlsecurity/prj/build.lst +++ b/xmlsecurity/prj/build.lst @@ -1,4 +1,4 @@ -xs xmlsecurity : l10n xmloff unotools offapi unoil svx MOZ:moz SO:moz_prebuilt LIBXMLSEC:libxmlsec NSS:nss LIBXSLT:libxslt NULL +xs xmlsecurity : l10n xmloff unotools offapi unoil svx MOZ:moz SO:moz_prebuilt LIBXMLSEC:libxmlsec NSS:nss LIBXSLT:libxslt NEON:neon NULL xs xmlsecurity usr1 - all xs_mkout NULL xs xmlsecurity\inc nmake - all xs_inc NULL xs xmlsecurity\source\framework nmake - all xs_fw xs_inc NULL @@ -9,3 +9,4 @@ xs xmlsecurity\source\helper nmake - al xs xmlsecurity\source\dialogs nmake - all xs_dialogs xs_inc NULL xs xmlsecurity\source\component nmake - all xs_component xs_inc NULL xs xmlsecurity\util nmake - all xs_util xs_fw xs_xmlsec xs_nss xs_mscrypt xs_helper xs_dialogs xs_component NULL +xs xmlsecurity\qa\certext nmake - all xs_certext xs_util NULL diff --git a/xmlsecurity/qa/certext/SanCertExt.cxx b/xmlsecurity/qa/certext/SanCertExt.cxx new file mode 100644 index 000000000000..6110f0f7645e --- /dev/null +++ b/xmlsecurity/qa/certext/SanCertExt.cxx @@ -0,0 +1,227 @@ +/************************************************************************* +* +* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +* +* Copyright 2000, 2010 Oracle and/or its affiliates. +* +* OpenOffice.org - a multi-platform office productivity suite +* +* This file is part of OpenOffice.org. +* +* OpenOffice.org is free software: you can redistribute it and/or modify +* it under the terms of the GNU Lesser General Public License version 3 +* only, as published by the Free Software Foundation. +* +* OpenOffice.org is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU Lesser General Public License version 3 for more details +* (a copy is included in the LICENSE file that accompanied this code). +* +* You should have received a copy of the GNU Lesser General Public License +* version 3 along with OpenOffice.org. If not, see +* <http://www.openoffice.org/license.html> +* for a copy of the LGPLv3 License. +* +************************************************************************/ + +#include "precompiled_xmlsecurity.hxx" +#include "sal/config.h" + +#include "../../source/xmlsec/mscrypt/securityenvironment_mscryptimpl.hxx" +#include <com/sun/star/security/XSanExtension.hpp> +#include <com/sun/star/security/ExtAltNameType.hpp> +#include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp> +#include <com/sun/star/xml/crypto/XXMLSecurityContext.hpp> +#include <com/sun/star/security/XCertificate.hpp> +#include <com/sun/star/lang/XMultiServiceFactory.hpp> +#include <com/sun/star/beans/NamedValue.hpp> + +#include "cppuhelper/bootstrap.hxx" +#include "cppunit/TestAssert.h" +#include "cppunit/TestFixture.h" +#include "cppunit/extensions/HelperMacros.h" +#include "cppunit/plugin/TestPlugIn.h" +#include "sal/types.h" +#include "comphelper/sequence.hxx" +#include <rtl/ustring.hxx> + +#include <neon/ne_ssl.h> + +using namespace com::sun::star; +using ::com::sun::star::lang::XMultiServiceFactory; + +#define OID_SUBJECT_ALTERNATIVE_NAME "2.5.29.17" + +namespace { + +class Test: public CppUnit::TestFixture { + +private: + + static uno::Sequence< security::CertAltNameEntry > altNames; + + void init(){ + if (altNames.getLength() == 0){ + cppu::defaultBootstrap_InitialComponentContext(); + ne_ssl_certificate* cert = ne_ssl_cert_read("User_35_Root_11.crt"); + char* certExportB64 = ne_ssl_cert_export(cert); + + uno::Reference< xml::crypto::XSecurityEnvironment > xSecurityEnv( new SecurityEnvironment_MSCryptImpl( uno::Reference< XMultiServiceFactory >() ) ); + + uno::Reference< security::XCertificate > xCert = xSecurityEnv->createCertificateFromAscii( + rtl::OStringToOUString( certExportB64, RTL_TEXTENCODING_ASCII_US ) ); + + uno::Sequence< uno::Reference< security::XCertificateExtension > > extensions = xCert->getExtensions(); + for (sal_Int32 i = 0 ; i < extensions.getLength(); i++) + { + uno::Reference< security::XCertificateExtension >element = extensions[i]; + + rtl::OString aId ( (const sal_Char *)element->getExtensionId().getArray(), element->getExtensionId().getLength()); + if (aId.equals(OID_SUBJECT_ALTERNATIVE_NAME)) + { + uno::Reference< security::XSanExtension > sanExtension ( element, uno::UNO_QUERY ); + altNames = sanExtension->getAlternativeNames(); + break; + } + } + } + + } + +public: + void test_Others() { + init(); + for(int n = 1; n < altNames.getLength(); n++) + { + if (altNames[n].Type == security::ExtAltNameType_OTHER_NAME) + { + ::com::sun::star::beans::NamedValue otherNameProp; + if (altNames[n].Value >>= otherNameProp) + { + //Name + CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("1.2.3.4"), otherNameProp.Name); + + //Value + uno::Sequence< sal_Int8 > ipAddress; + otherNameProp.Value >>= ipAddress; + CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( ipAddress.getLength() > 0 ) ); + } + } + } + } + + void test_RFC822() { + init(); + for(int n = 1; n < altNames.getLength(); n++) + { + if (altNames[n].Type == security::ExtAltNameType_RFC822_NAME) + { + rtl::OUString value; + altNames[n].Value >>= value; + //Value + CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("my@other.address"), value); + } + } + } + + void test_DNS() { + init(); + for(int n = 1; n < altNames.getLength(); n++) + { + if (altNames[n].Type == security::ExtAltNameType_DNS_NAME) + { + rtl::OUString value; + altNames[n].Value >>= value; + //Value + CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("alt.openoffice.org"), value); + } + } + } + + void test_Direcory() { + init(); + for(int n = 1; n < altNames.getLength(); n++) + { + if (altNames[n].Type == security::ExtAltNameType_DIRECTORY_NAME) + { + uno::Sequence< sal_Int8 > value; + altNames[n].Value >>= value; + //Value + CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( value.getLength() > 0 ) ); + } + } + } + + void test_URI() { + init(); + for(int n = 1; n < altNames.getLength(); n++) + { + if (altNames[n].Type == security::ExtAltNameType_URL) + { + rtl::OUString value; + altNames[n].Value >>= value; + //Value + CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("http://my.url.here/"), value); + } + } + } + + void test_IP() { + init(); + for(int n = 1; n < altNames.getLength(); n++) + { + if (altNames[n].Type == security::ExtAltNameType_IP_ADDRESS) + { + uno::Sequence< sal_Int8 > ipAddress; + altNames[n].Value >>= ipAddress; + //Value + CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( ipAddress.getLength() > 0 ) ); + } + } + + } + + void test_RID() { + init(); + for(int n = 1; n < altNames.getLength(); n++) + { + if (altNames[n].Type == security::ExtAltNameType_REGISTERED_ID) + { + rtl::OUString value; + altNames[n].Value >>= value; + //Value + CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("1.2.3.4"), value); + } + } + + } + + void test_EDI() { + // Not implemented + } + + void test_X400() { + // Not implemented + } + + CPPUNIT_TEST_SUITE(Test); + CPPUNIT_TEST(test_Others); + CPPUNIT_TEST(test_RFC822); + CPPUNIT_TEST(test_DNS); + CPPUNIT_TEST(test_Direcory); + CPPUNIT_TEST(test_URI); + CPPUNIT_TEST(test_IP); + CPPUNIT_TEST(test_RID); + CPPUNIT_TEST(test_EDI); + CPPUNIT_TEST(test_X400); + CPPUNIT_TEST_SUITE_END(); +}; + +uno::Sequence< security::CertAltNameEntry > Test::altNames; + +CPPUNIT_TEST_SUITE_REGISTRATION(Test); + +} + +CPPUNIT_PLUGIN_IMPLEMENT(); diff --git a/xmlsecurity/qa/certext/User_35_Root_11.crt b/xmlsecurity/qa/certext/User_35_Root_11.crt new file mode 100644 index 000000000000..6902605756af --- /dev/null +++ b/xmlsecurity/qa/certext/User_35_Root_11.crt @@ -0,0 +1,64 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4130 (0x1022) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11 + Validity + Not Before: Nov 8 10:51:39 2010 GMT + Not After : Nov 8 10:51:39 2011 GMT + Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=User 35 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:9b:36:00:64:f3:ce:93:97:62:19:fa:78:d9:6f: + 92:6a:b9:d2:9a:4e:06:2c:02:52:cd:93:50:84:28: + 19:42:a2:4a:34:e2:cd:e6:b0:39:7a:c8:4d:84:bc: + 71:51:ed:5d:6c:7e:f9:cc:01:5a:4b:73:50:a9:3b: + 5d:ad:cc:89:f7:dc:e0:dd:0a:ff:48:01:a9:34:19: + c0:6a:ee:4b:20:f4:cf:3c:94:c1:ae:88:0f:c9:42: + 1a:a6:47:31:fe:37:04:00:bb:ec:07:5f:cb:ee:70: + c4:c7:7c:6f:ee:03:19:76:de:0b:df:d0:48:91:67: + 55:9b:90:91:f4:ce:56:04:d5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Subject Key Identifier: + 91:47:AC:29:95:5D:EF:72:14:8F:82:45:07:E2:94:49:75:C6:7D:73 + X509v3 Authority Key Identifier: + keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55 + + X509v3 Subject Alternative Name: + DNS:alt.openoffice.org, IP Address:192.168.7.1, IP Address:13:0:0:0:0:0:0:17, email:my@other.address, Registered ID:1.2.3.4, othername:<unsupported>, DirName:/C=DE/O=OpenOffice.org/OU=Development/CN=User 32 Root 11, URI:http://my.url.here/ + Signature Algorithm: sha1WithRSAEncryption + 6e:80:e6:1e:86:3d:d2:65:a6:17:fa:80:2d:2e:dc:85:32:05: + a1:69:82:e1:79:d1:dc:de:69:cd:9e:f0:cc:90:75:a9:45:ee: + 73:46:fe:29:69:c0:99:bb:fc:3a:db:c0:5f:69:c6:b7:ea:9a: + 63:b2:8e:29:2c:a5:5a:88:88:94:75:4b:ab:0a:72:f6:3a:aa: + 5d:6b:3a:5c:b6:9b:57:f5:c1:51:af:df:3c:a6:8a:a3:da:70: + 66:61:49:12:06:78:98:9f:bc:78:3c:43:6d:08:94:aa:32:b6: + f3:cc:af:0d:29:fe:96:47:7d:fe:4a:61:48:90:11:0b:bd:0f: + a0:fd +-----BEGIN CERTIFICATE----- +MIIDajCCAtOgAwIBAgICECIwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx +EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD +VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDExMDgxMDUx +MzlaFw0xMTExMDgxMDUxMzlaMGAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i +dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l +bnQxEDAOBgNVBAMTB1VzZXIgMzUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +AJs2AGTzzpOXYhn6eNlvkmq50ppOBiwCUs2TUIQoGUKiSjTizeawOXrITYS8cVHt +XWx++cwBWktzUKk7Xa3Miffc4N0K/0gBqTQZwGruSyD0zzyUwa6ID8lCGqZHMf43 +BAC77Adfy+5wxMd8b+4DGXbeC9/QSJFnVZuQkfTOVgTVAgMBAAGjggExMIIBLTAL +BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJFHrCmVXe9yFI+CRQfilEl1xn1zMB8GA1Ud +IwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMIHdBgNVHREEgdUwgdKCEmFsdC5v +cGVub2ZmaWNlLm9yZ4cEwKgHAYcQABMAAAAAAAAAAAAAAAAAF4EQbXlAb3RoZXIu +YWRkcmVzc4gDKgMEoB4GAyoDBKAXDBVzb21lIG90aGVyIGlkZW50aWZpZXKkWDBW +MQswCQYDVQQGEwJERTEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT +C0RldmVsb3BtZW50MRgwFgYDVQQDEw9Vc2VyIDMyIFJvb3QgMTGGE2h0dHA6Ly9t +eS51cmwuaGVyZS8wDQYJKoZIhvcNAQEFBQADgYEAboDmHoY90mWmF/qALS7chTIF +oWmC4XnR3N5pzZ7wzJB1qUXuc0b+KWnAmbv8OtvAX2nGt+qaY7KOKSylWoiIlHVL +qwpy9jqqXWs6XLabV/XBUa/fPKaKo9pwZmFJEgZ4mJ+8eDxDbQiUqjK288yvDSn+ +lkd9/kphSJARC70PoP0= +-----END CERTIFICATE----- diff --git a/xmlsecurity/qa/certext/export.map b/xmlsecurity/qa/certext/export.map new file mode 100644 index 000000000000..3308588ef6f8 --- /dev/null +++ b/xmlsecurity/qa/certext/export.map @@ -0,0 +1,34 @@ +#************************************************************************* +# +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# Copyright 2000, 2010 Oracle and/or its affiliates. +# +# OpenOffice.org - a multi-platform office productivity suite +# +# This file is part of OpenOffice.org. +# +# OpenOffice.org is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License version 3 +# only, as published by the Free Software Foundation. +# +# OpenOffice.org is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License version 3 for more details +# (a copy is included in the LICENSE file that accompanied this code). +# +# You should have received a copy of the GNU Lesser General Public License +# version 3 along with OpenOffice.org. If not, see +# <http://www.openoffice.org/license.html> +# for a copy of the LGPLv3 License. +# +#************************************************************************* + +UDK_3_0_0 { + global: + cppunitTestPlugIn; + + local: + *; +}; diff --git a/xmlsecurity/qa/certext/makefile.mk b/xmlsecurity/qa/certext/makefile.mk new file mode 100644 index 000000000000..36ebb954914c --- /dev/null +++ b/xmlsecurity/qa/certext/makefile.mk @@ -0,0 +1,177 @@ +#************************************************************************* +# +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# Copyright 2000, 2010 Oracle and/or its affiliates. +# +# OpenOffice.org - a multi-platform office productivity suite +# +# This file is part of OpenOffice.org. +# +# OpenOffice.org is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License version 3 +# only, as published by the Free Software Foundation. +# +# OpenOffice.org is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License version 3 for more details +# (a copy is included in the LICENSE file that accompanied this code). +# +# You should have received a copy of the GNU Lesser General Public License +# version 3 along with OpenOffice.org. If not, see +# <http://www.openoffice.org/license.html> +# for a copy of the LGPLv3 License. +# +#***********************************************************************/ + +PRJ = ../.. +PRJNAME = xmlsecurity +TARGET = qa_certext + +ENABLE_EXCEPTIONS = TRUE + +.IF "$(OS)" == "WNT" +my_file = file:/// +.ELSE +my_file = file:// +.END + + +.INCLUDE: settings.mk +.INCLUDE : $(PRJ)$/util$/target.pmk + +.IF "$(SYSTEM_LIBXML)" == "YES" +CFLAGS+=-DSYSTEM_LIBXML $(LIBXML_CFLAGS) +.ENDIF + +.IF "$(CRYPTO_ENGINE)" == "nss" + +.IF "$(WITH_MOZILLA)" == "NO" || "$(ENABLE_NSS_MODULE)"!="YES" +.IF "$(SYSTEM_MOZILLA)" != "YES" +@all: + @echo "No mozilla -> no nss -> no libxmlsec -> no xmlsecurity/nss" +.ENDIF +.ENDIF + +.IF "$(SYSTEM_MOZILLA)" != "YES" +MOZ_INC = $(SOLARVERSION)$/$(INPATH)$/inc$(UPDMINOREXT)$/mozilla +NSS_INC = $(MOZ_INC)$/nss +NSPR_INC = $(MOZ_INC)$/nspr +.ELSE +# MOZ_INC already defined from environment +NSS_INC = $(MOZ_NSS_CFLAGS) +NSPR_INC = $(MOZ_INC)$/nspr +.ENDIF + +.IF "$(GUI)"=="UNX" +.IF "$(COMNAME)"=="sunpro5" +CFLAGS += -features=tmplife +#This flag is needed to build mozilla 1.7 code +.ENDIF # "$(COMNAME)"=="sunpro5" +.ENDIF + +.IF "$(GUI)" == "WNT" +.IF "$(DBG_LEVEL)" == "0" +INCPRE += \ +-I$(MOZ_INC)$/profile \ +-I$(MOZ_INC)$/string \ +-I$(MOZ_INC)$/embed_base +CFLAGS += -GR- -W3 -Gy -MD -UDEBUG +.ELSE +INCPRE += \ +-I$(MOZ_INC)$/profile \ +-I$(MOZ_INC)$/string \ +-I$(MOZ_INC)$/embed_base +CFLAGS += -Zi -GR- -W3 -Gy -MDd -UNDEBUG +.ENDIF +.ENDIF +.IF "$(GUI)" == "UNX" +INCPOST += \ +$(MOZ_INC)$/profile \ +-I$(MOZ_INC)$/string \ +-I$(MOZ_INC)$/embed_base +.ENDIF + +CDEFS += -DXMLSEC_CRYPTO_NSS -DXMLSEC_NO_XSLT + +SOLARINC += \ + -I$(MOZ_INC) \ +-I$(NSPR_INC) \ +-I$(PRJ)$/source$/xmlsec + +.IF "$(SYSTEM_MOZILLA)" == "YES" +SOLARINC += -DSYSTEM_MOZILLA $(NSS_INC) +.ELSE +SOLARINC += -I$(NSS_INC) +.ENDIF +.ENDIF + + + + +CFLAGSCXX += $(CPPUNIT_CFLAGS) + +SHL1IMPLIB = i$(SHL1TARGET) +SHL1OBJS = $(SLOFILES) +SHL1RPATH = NONE +SHL1STDLIBS = $(CPPUNITLIB) \ + $(SALLIB) \ + $(NEON3RDLIB) \ + $(CPPULIB) \ + $(XMLOFFLIB) \ + $(CPPUHELPERLIB) \ + $(SVLLIB) \ + $(TOOLSLIB) \ + $(COMPHELPERLIB) + + + +.IF "$(OS)"=="SOLARIS" +SHL1STDLIBS +=-ldl +.ENDIF + +.IF "$(SYSTEM_MOZILLA)" == "YES" +.IF "$(NSPR_LIB)" != "" +SHL1STDLIBS += $(NSPR_LIB) +.ENDIF +.IF "$(NSS_LIB)" != "" +SHL1STDLIBS += $(NSS_LIB) +.ENDIF +.ENDIF + +.IF "$(CRYPTO_ENGINE)" == "mscrypto" +SHL1STDLIBS+= $(MSCRYPTOLIBS) +.ELSE +CDEFS += -DNSS_ENGINE +SHL1STDLIBS+= $(NSSCRYPTOLIBS) +.ENDIF + +.IF "$(ENABLE_NSS_MODULE)"=="YES" || "$(SYSTEM_MOZILLA)" == "YES" + +SHL1LIBS= \ + $(SLB)$/xs_comm.lib + +.IF "$(CRYPTO_ENGINE)" == "mscrypto" +SHL1LIBS += \ + $(SLB)$/xs_mscrypt.lib +.ELSE +SHL1LIBS += \ + $(SLB)$/xs_nss.lib +.ENDIF + +.ENDIF + +SHL1TARGET = qa_CertExt +SHL1VERSIONMAP = $(PRJ)/qa/certext/export.map +DEF1NAME = $(SHL1TARGET) + +SLOFILES = $(SLO)/SanCertExt.obj + +.INCLUDE: target.mk + +ALLTAR : test + +test .PHONY : $(SHL1TARGETN) + $(CPPUNITTESTER) $(SHL1TARGETN) \ + -env:UNO_TYPES=$(my_file)$(SOLARBINDIR)/types.rdb diff --git a/xmlsecurity/source/xmlsec/mscrypt/makefile.mk b/xmlsecurity/source/xmlsec/mscrypt/makefile.mk index 20153edf18e6..2287266de3fa 100644 --- a/xmlsecurity/source/xmlsec/mscrypt/makefile.mk +++ b/xmlsecurity/source/xmlsec/mscrypt/makefile.mk @@ -63,7 +63,8 @@ SLOFILES = \ $(SLO)$/xmlsignature_mscryptimpl.obj \ $(SLO)$/x509certificate_mscryptimpl.obj \ $(SLO)$/seinitializer_mscryptimpl.obj \ - $(SLO)$/xsec_mscrypt.obj + $(SLO)$/xsec_mscrypt.obj \ + $(SLO)$/sanextension_mscryptimpl.obj .ENDIF diff --git a/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx new file mode 100644 index 000000000000..bebc933701b7 --- /dev/null +++ b/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx @@ -0,0 +1,188 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +// MARKER(update_precomp.py): autogen include statement, do not remove +#include "precompiled_xmlsecurity.hxx" +#include <sal/config.h> +#include <rtl/uuid.h> +#include <rtl/ustring.hxx> +#include <com/sun/star/security/ExtAltNameType.hpp> +#include <com/sun/star/security/CertAltNameEntry.hpp> +#include <com/sun/star/beans/NamedValue.hpp> +#include <com/sun/star/uno/Reference.hxx> +#include <comphelper/sequence.hxx> + + +#ifndef _SANEXTENSION_MSCRYPTIMPL_HXX_ +#include "sanextension_mscryptimpl.hxx" +#endif + +using namespace ::com::sun::star; +using namespace ::com::sun::star::uno ; +using namespace ::com::sun::star::security ; +using ::rtl::OUString ; + +using ::com::sun::star::security::XCertificateExtension ; + + +SanExtensionImpl :: SanExtensionImpl() : + m_critical( sal_False ) +{ +} + +SanExtensionImpl :: ~SanExtensionImpl() { +} + + +//Methods from XCertificateExtension +sal_Bool SAL_CALL SanExtensionImpl :: isCritical() throw( ::com::sun::star::uno::RuntimeException ) { + return m_critical ; +} + +::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL SanExtensionImpl :: getExtensionId() throw( ::com::sun::star::uno::RuntimeException ) { + return m_xExtnId ; +} + +::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL SanExtensionImpl :: getExtensionValue() throw( ::com::sun::star::uno::RuntimeException ) { + return m_xExtnValue ; +} + +//Methods from XSanExtension +::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > SAL_CALL SanExtensionImpl :: getAlternativeNames() throw( ::com::sun::star::uno::RuntimeException ){ + + if (!m_Entries.hasElements()) + { + CERT_ALT_NAME_INFO *subjectName; + DWORD size; + CryptDecodeObjectEx(X509_ASN_ENCODING, X509_ALTERNATE_NAME, (unsigned char*) m_xExtnValue.getArray(), m_xExtnValue.getLength(), CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,&subjectName, &size); + + CertAltNameEntry* arrCertAltNameEntry = new CertAltNameEntry[subjectName->cAltEntry]; + + for (unsigned int i = 0; i < (unsigned int)subjectName->cAltEntry; i++){ + PCERT_ALT_NAME_ENTRY pEntry = &subjectName->rgAltEntry[i]; + + switch(pEntry->dwAltNameChoice) { + case CERT_ALT_NAME_OTHER_NAME : + { + arrCertAltNameEntry[i].Type = ExtAltNameType_OTHER_NAME; + PCERT_OTHER_NAME pOtherName = pEntry->pOtherName; + + ::com::sun::star::beans::NamedValue otherNameProp; + otherNameProp.Name = ::rtl::OUString::createFromAscii(pOtherName->pszObjId); + + Sequence< sal_Int8 > otherName( pOtherName->Value.cbData ) ; + for( unsigned int n = 0; n < (unsigned int) pOtherName->Value.cbData ; n ++ ) + otherName[n] = *( pOtherName->Value.pbData + n ) ; + + otherNameProp.Value <<= otherName; + + arrCertAltNameEntry[i].Value <<= otherNameProp; + break; + } + case CERT_ALT_NAME_RFC822_NAME : + arrCertAltNameEntry[i].Type = ExtAltNameType_RFC822_NAME; + arrCertAltNameEntry[i].Value <<= ::rtl::OUString(pEntry->pwszRfc822Name); + break; + case CERT_ALT_NAME_DNS_NAME : + arrCertAltNameEntry[i].Type = ExtAltNameType_DNS_NAME; + arrCertAltNameEntry[i].Value <<= ::rtl::OUString(pEntry->pwszDNSName); + break; + case CERT_ALT_NAME_DIRECTORY_NAME : + { + arrCertAltNameEntry[i].Type = ExtAltNameType_DIRECTORY_NAME; + + Sequence< sal_Int8 > directoryName( pEntry->DirectoryName.cbData ) ; + for( unsigned int n = 0; n < pEntry->DirectoryName.cbData ; n++ ) + directoryName[n] = *( pEntry->DirectoryName.pbData + n ) ; + + arrCertAltNameEntry[i].Value <<= directoryName; + break; + } + case CERT_ALT_NAME_URL : + arrCertAltNameEntry[i].Type = ExtAltNameType_URL; + arrCertAltNameEntry[i].Value <<= ::rtl::OUString(pEntry->pwszURL); + break; + case CERT_ALT_NAME_IP_ADDRESS : + { + arrCertAltNameEntry[i].Type = ExtAltNameType_IP_ADDRESS; + + Sequence< sal_Int8 > ipAddress( pEntry->IPAddress.cbData ) ; + for( unsigned int n = 0; n < pEntry->IPAddress.cbData ; n ++ ) + ipAddress[n] = *( pEntry->IPAddress.pbData + n ) ; + + arrCertAltNameEntry[i].Value <<= ipAddress; + break; + } + case CERT_ALT_NAME_REGISTERED_ID : + arrCertAltNameEntry[i].Type = ExtAltNameType_REGISTERED_ID; + arrCertAltNameEntry[i].Value <<= ::rtl::OUString::createFromAscii(pEntry->pszRegisteredID); + break; + } + } + m_Entries = ::comphelper::arrayToSequence< com::sun::star::security::CertAltNameEntry >(arrCertAltNameEntry, subjectName->cAltEntry); + + delete [] arrCertAltNameEntry; + } + + return m_Entries; +} + +//Helper method +void SanExtensionImpl :: setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) { + m_critical = critical ; + m_xExtnId = extnId ; + m_xExtnValue = extnValue ; +} + +void SanExtensionImpl :: setCertExtn( unsigned char* value, unsigned int vlen, unsigned char* id, unsigned int idlen, sal_Bool critical ) { + unsigned int i ; + if( value != NULL && vlen != 0 ) { + Sequence< sal_Int8 > extnv( vlen ) ; + for( i = 0; i < vlen ; i ++ ) + extnv[i] = *( value + i ) ; + + m_xExtnValue = extnv ; + } else { + m_xExtnValue = Sequence<sal_Int8>(); + } + + if( id != NULL && idlen != 0 ) { + Sequence< sal_Int8 > extnId( idlen ) ; + for( i = 0; i < idlen ; i ++ ) + extnId[i] = *( id + i ) ; + + m_xExtnId = extnId ; + } else { + m_xExtnId = Sequence<sal_Int8>(); + } + + m_critical = critical ; +} + +void SanExtensionImpl :: extractCertExt () { +} + diff --git a/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.hxx b/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.hxx new file mode 100644 index 000000000000..0fb3616486be --- /dev/null +++ b/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.hxx @@ -0,0 +1,84 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +#ifndef _SANEXTENSION_MSCRYPTIMPL_HXX_ +#define _SANEXTENSION_MSCRYPTIMPL_HXX_ + +#ifdef _MSC_VER +#pragma warning(push,1) +#endif +#include "Windows.h" +#include "WinCrypt.h" +#ifdef _MSC_VER +#pragma warning(pop) +#endif +#include <sal/config.h> +#include <rtl/ustring.hxx> +#include <cppuhelper/factory.hxx> +#include <cppuhelper/implbase1.hxx> +#include <com/sun/star/uno/Exception.hpp> +#include "com/sun/star/uno/SecurityException.hpp" +#include <com/sun/star/uno/Exception.hpp> +#include <com/sun/star/security/XCertificateExtension.hpp> +#include <com/sun/star/security/XSanExtension.hpp> +#include <com/sun/star/security/CertAltNameEntry.hpp> + +class SanExtensionImpl : public ::cppu::WeakImplHelper1< + ::com::sun::star::security::XSanExtension > +{ + private : + sal_Bool m_critical ; + ::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnId ; + ::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnValue ; + + ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > m_Entries; + + public : + SanExtensionImpl() ; + virtual ~SanExtensionImpl() ; + + //Methods from XCertificateExtension + virtual sal_Bool SAL_CALL isCritical() throw( ::com::sun::star::uno::RuntimeException ) ; + + virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getExtensionId() throw( ::com::sun::star::uno::RuntimeException ) ; + + virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getExtensionValue() throw( ::com::sun::star::uno::RuntimeException ) ; + + //Methods from XSanExtension + + virtual ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > SAL_CALL getAlternativeNames() throw( ::com::sun::star::uno::RuntimeException ) ; + + //Helper method + void setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) ; + + void setCertExtn( unsigned char* value, unsigned int vlen, unsigned char* id, unsigned int idlen, sal_Bool critical ) ; + + void extractCertExt() ; +} ; + +#endif // _CERTIFICATEEXTENSION_XMLSECIMPL_HXX_ + diff --git a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.hxx b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.hxx index a97c96b6c3d3..7d6f21ce1551 100644 --- a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.hxx +++ b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.hxx @@ -60,6 +60,9 @@ #include <list> #include "xmlsec/xmlsec.h" +#include "sal/types.h" + + class SecurityEnvironment_MSCryptImpl : public ::cppu::WeakImplHelper4< ::com::sun::star::xml::crypto::XSecurityEnvironment , ::com::sun::star::lang::XInitialization , diff --git a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx index 48d27e4e6737..773c92e38c57 100644 --- a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx +++ b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx @@ -31,6 +31,7 @@ #include <rtl/uuid.h> #include "x509certificate_mscryptimpl.hxx" #include "certificateextension_xmlsecimpl.hxx" +#include "sanextension_mscryptimpl.hxx" //MM : added by MM #include "oid.hxx" @@ -392,7 +393,13 @@ sal_Int16 SAL_CALL X509Certificate_MSCryptImpl :: getVersion() throw ( ::com::su for( unsigned int i = 0; i < m_pCertContext->pCertInfo->cExtension; i++ ) { pExtn = &(m_pCertContext->pCertInfo->rgExtension[i]) ; - xExtn = new CertificateExtension_XmlSecImpl() ; + + ::rtl::OUString objId = ::rtl::OUString::createFromAscii( pExtn->pszObjId ); + + if ( objId.equalsAscii("2.5.29.17") ) + xExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ; + else + xExtn = new CertificateExtension_XmlSecImpl() ; if( xExtn == NULL ) throw RuntimeException() ; diff --git a/xmlsecurity/source/xmlsec/nss/makefile.mk b/xmlsecurity/source/xmlsec/nss/makefile.mk index 227b6de88477..f4ba0bde768e 100644 --- a/xmlsecurity/source/xmlsec/nss/makefile.mk +++ b/xmlsecurity/source/xmlsec/nss/makefile.mk @@ -131,7 +131,8 @@ SLOFILES = \ $(SLO)$/x509certificate_nssimpl.obj \ $(SLO)$/seinitializer_nssimpl.obj \ $(SLO)$/xsec_nss.obj \ - $(SLO)$/secerror.obj + $(SLO)$/sanextension_nssimpl.obj \ + $(SLO)$/secerror.obj diff --git a/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.cxx new file mode 100644 index 000000000000..14b01b69864d --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.cxx @@ -0,0 +1,254 @@ +/************************************************************************* +* +* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +* +* Copyright 2000, 2010 Oracle and/or its affiliates. +* +* OpenOffice.org - a multi-platform office productivity suite +* +* This file is part of OpenOffice.org. +* +* OpenOffice.org is free software: you can redistribute it and/or modify +* it under the terms of the GNU Lesser General Public License version 3 +* only, as published by the Free Software Foundation. +* +* OpenOffice.org is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU Lesser General Public License version 3 for more details +* (a copy is included in the LICENSE file that accompanied this code). +* +* You should have received a copy of the GNU Lesser General Public License +* version 3 along with OpenOffice.org. If not, see +* <http://www.openoffice.org/license.html> +* for a copy of the LGPLv3 License. +* +************************************************************************/ + +// MARKER(update_precomp.py): autogen include statement, do not remove +#include "precompiled_xmlsecurity.hxx" +#include <sal/config.h> +#include <rtl/uuid.h> +#include <rtl/ustring.hxx> +#include <com/sun/star/security/ExtAltNameType.hpp> +#include <com/sun/star/security/CertAltNameEntry.hpp> +#include <com/sun/star/beans/PropertyValue.hpp> +#include <com/sun/star/uno/Reference.hxx> +#include <comphelper/sequence.hxx> +#include <seccomon.h> +#include <cert.h> +#include <certt.h> +#include <secitem.h> +#include <secport.h> + + +#ifndef _SANEXTENSION_NSSIMPL_HXX_ +#include "sanextension_nssimpl.hxx" +#endif + +using namespace ::com::sun::star; +using namespace ::com::sun::star::uno ; +using namespace ::com::sun::star::security ; +using ::rtl::OUString ; + +using ::com::sun::star::security::XCertificateExtension ; + + +SanExtensionImpl :: SanExtensionImpl() : +m_critical( sal_False ) +{ +} + +SanExtensionImpl :: ~SanExtensionImpl() { +} + + +//Methods from XCertificateExtension +sal_Bool SAL_CALL SanExtensionImpl :: isCritical() throw( ::com::sun::star::uno::RuntimeException ) { + return m_critical ; +} + +::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL SanExtensionImpl :: getExtensionId() throw( ::com::sun::star::uno::RuntimeException ) { + return m_xExtnId ; +} + +::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL SanExtensionImpl :: getExtensionValue() throw( ::com::sun::star::uno::RuntimeException ) { + return m_xExtnValue ; +} + +namespace { + // Helper functions from nss/lib/certdb/genname.c + static int GetNamesLength(CERTGeneralName *names) + { + int length = 0; + CERTGeneralName *first; + + first = names; + if (names != NULL) { + do { + length++; + names = CERT_GetNextGeneralName(names); + } while (names != first); + } + return length; + } + + static SECStatus DestroyGeneralName(CERTGeneralName *name) + { + CERTGeneralName *first; + CERTGeneralName *next = NULL; + + first = name; + do { + next = CERT_GetNextGeneralName(name); + PORT_Free(name); + name = next; + } while (name != first); + return SECSuccess; + + } +} + +//Methods from XSanExtension +::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > SAL_CALL SanExtensionImpl :: getAlternativeNames() throw( ::com::sun::star::uno::RuntimeException ){ + + if (!m_Entries.hasElements()) + { + SECItem item; + + item.type = siDERCertBuffer; + item.data = (unsigned char*) m_xExtnValue.getArray(); + item.len = m_xExtnValue.getLength(); + + PRArenaPool *arena; + CERTGeneralName *nameList; + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + + if (!arena) + return m_Entries; + + nameList = CERT_DecodeAltNameExtension(arena, &item); + + CERTGeneralName* current = nameList; + + int size = GetNamesLength(nameList); + CertAltNameEntry* arrCertAltNameEntry = new CertAltNameEntry[size]; + for(int i = 0; i < size ; i++){ + switch (current->type) { + case certOtherName: { + arrCertAltNameEntry[i].Type = ExtAltNameType_OTHER_NAME; + ::com::sun::star::beans::PropertyValue otherNameProp; + otherNameProp.Name = ::rtl::OUString::createFromAscii(CERT_GetOidString(¤t->name.OthName.oid)); + + Sequence< sal_Int8 > otherName( current->name.OthName.name.len ) ; + for( unsigned int r = 0; r < current->name.OthName.name.len ; r ++ ) + otherName[r] = *( current->name.OthName.name.data + r ) ; + + otherNameProp.Value <<= otherName; + + arrCertAltNameEntry[i].Value <<= otherNameProp; + break; + } + case certRFC822Name: + arrCertAltNameEntry[i].Type = ExtAltNameType_RFC822_NAME; + arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Char*)current->name.other.data, current->name.other.len, RTL_TEXTENCODING_ASCII_US); + break; + case certDNSName: + arrCertAltNameEntry[i].Type = ExtAltNameType_DNS_NAME; + arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Char*)current->name.other.data, current->name.other.len, RTL_TEXTENCODING_ASCII_US); + break; + case certX400Address: { + // unsupported + arrCertAltNameEntry[i].Type = ExtAltNameType_X400_ADDRESS; + arrCertAltNameEntry[i].value <<= Any.VOID; + break; + } + case certDirectoryName: { + arrCertAltNameEntry[i].Type = ExtAltNameType_DIRECTORY_NAME; + + char * directoryName = CERT_NameToAscii(¤t->name.directoryName); + + arrCertAltNameEntry[i].Value <<= ::rtl::OUString::createFromAscii(directoryName); + + PORT_Free(directoryName); + break; + } + case certEDIPartyName: { + // unsupported + arrCertAltNameEntry[i].Type = ExtAltNameType_EDI_PARTY_NAME; + arrCertAltNameEntry[i].Value <<= Any.VOID; + break; + } + case certURI: + arrCertAltNameEntry[i].Type = ExtAltNameType_URL; + arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Char*)current->name.other.data, current->name.other.len, RTL_TEXTENCODING_ASCII_US); + break; + case certIPAddress: { + arrCertAltNameEntry[i].Type = ExtAltNameType_IP_ADDRESS; + + Sequence< sal_Int8 > ipAddress( current->name.other.len ) ; + for( unsigned int r = 0; r < current->name.other.len ; r ++ ) + ipAddress[r] = *( current->name.other.data + r ) ; + + arrCertAltNameEntry[i].Value <<= ipAddress; + break; + } + case certRegisterID: + arrCertAltNameEntry[i].Type = ExtAltNameType_REGISTERED_ID; + arrCertAltNameEntry[i].Value <<= ::rtl::OUString::createFromAscii(CERT_GetOidString(¤t->name.other)); + break; + } + + + // break; + + current = CERT_GetNextGeneralName(current); + } + + m_Entries = ::comphelper::arrayToSequence< com::sun::star::security::CertAltNameEntry >(arrCertAltNameEntry, size); + + delete [] arrCertAltNameEntry; + + PORT_FreeArena(arena, PR_FALSE); + + + } + + return m_Entries; +} + +//Helper method +void SanExtensionImpl :: setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) { + m_critical = critical ; + m_xExtnId = extnId ; + m_xExtnValue = extnValue ; +} + +void SanExtensionImpl :: setCertExtn( unsigned char* value, unsigned int vlen, unsigned char* id, unsigned int idlen, sal_Bool critical ) { + unsigned int i ; + if( value != NULL && vlen != 0 ) { + Sequence< sal_Int8 > extnv( vlen ) ; + for( i = 0; i < vlen ; i ++ ) + extnv[i] = *( value + i ) ; + + m_xExtnValue = extnv ; + } else { + m_xExtnValue = Sequence<sal_Int8>(); + } + + if( id != NULL && idlen != 0 ) { + Sequence< sal_Int8 > extnId( idlen ) ; + for( i = 0; i < idlen ; i ++ ) + extnId[i] = *( id + i ) ; + + m_xExtnId = extnId ; + } else { + m_xExtnId = Sequence<sal_Int8>(); + } + + m_critical = critical ; +} + +void SanExtensionImpl :: extractCertExt () { +} + diff --git a/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.hxx new file mode 100644 index 000000000000..153185c38c6a --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.hxx @@ -0,0 +1,76 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +#ifndef _SANEXTENSION_NSSIMPL_HXX_ +#define _SANEXTENSION_NSSIMPL_HXX_ + +#include <sal/config.h> +#include <rtl/ustring.hxx> +#include <cppuhelper/factory.hxx> +#include <cppuhelper/implbase1.hxx> +#include <com/sun/star/uno/Exception.hpp> +#include "com/sun/star/uno/SecurityException.hpp" +#include <com/sun/star/uno/Exception.hpp> +#include <com/sun/star/security/XCertificateExtension.hpp> +#include <com/sun/star/security/XSanExtension.hpp> +#include <com/sun/star/security/CertAltNameEntry.hpp> + +class SanExtensionImpl : public ::cppu::WeakImplHelper1< + ::com::sun::star::security::XSanExtension > +{ + private : + sal_Bool m_critical ; + ::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnId ; + ::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnValue ; + + ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > m_Entries; + + public : + SanExtensionImpl() ; + virtual ~SanExtensionImpl() ; + + //Methods from XCertificateExtension + virtual sal_Bool SAL_CALL isCritical() throw( ::com::sun::star::uno::RuntimeException ) ; + + virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getExtensionId() throw( ::com::sun::star::uno::RuntimeException ) ; + + virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getExtensionValue() throw( ::com::sun::star::uno::RuntimeException ) ; + + //Methods from XSanExtension + + virtual ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > SAL_CALL getAlternativeNames() throw( ::com::sun::star::uno::RuntimeException ) ; + + //Helper method + void setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) ; + + void setCertExtn( unsigned char* value, unsigned int vlen, unsigned char* id, unsigned int idlen, sal_Bool critical ) ; + + void extractCertExt() ; +} ; + +#endif // _CERTIFICATEEXTENSION_XMLSECIMPL_HXX_ + diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx index 287dce6408ef..a9fb57c39769 100644 --- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx @@ -51,6 +51,9 @@ #include "certificateextension_xmlsecimpl.hxx" #endif +#ifndef _SANEXTENSION_NSSIMPL_HXX_ +#include "sanextension_nssimpl.hxx" +#endif using namespace ::com::sun::star::uno ; using namespace ::com::sun::star::security ; @@ -203,12 +206,27 @@ sal_Int16 SAL_CALL X509Certificate_NssImpl :: getVersion() throw ( ::com::sun::s Sequence< Reference< XCertificateExtension > > xExtns( len ) ; for( extns = m_pCert->extensions, len = 0; *extns != NULL; extns ++, len ++ ) { - pExtn = new CertificateExtension_XmlSecImpl() ; + const SECItem id = (*extns)->id; + ::rtl::OString oidString(CERT_GetOidString(&id)); + + // remove "OID." prefix if existing + ::rtl::OString objID; + ::rtl::OString oid("OID."); + if (oidString.match(oid)) + objID = oidString.copy(oid.getLength()); + else + objID = oidString; + + if ( objId.equals("2.5.29.17") ) + pExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ; + else + pExtn = new CertificateExtension_XmlSecImpl() ; + if( (*extns)->critical.data == NULL ) crit = sal_False ; else crit = ( (*extns)->critical.data[0] == 0xFF ) ? sal_True : sal_False ; - pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (*extns)->id.data, (*extns)->id.len, crit ) ; + pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (unsigned char*)objId.getStr(), objId.getLength(), crit ) ; xExtns[len] = pExtn ; } @@ -232,7 +250,12 @@ sal_Int16 SAL_CALL X509Certificate_NssImpl :: getVersion() throw ( ::com::sun::s pExtn = NULL ; for( extns = m_pCert->extensions; *extns != NULL; extns ++ ) { if( SECITEM_CompareItem( &idItem, &(*extns)->id ) == SECEqual ) { - pExtn = new CertificateExtension_XmlSecImpl() ; + const SECItem id = (*extns)->id; + ::rtl::OString objId(CERT_GetOidString(&id)); + if ( objId.equals("OID.2.5.29.17") ) + pExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ; + else + pExtn = new CertificateExtension_XmlSecImpl() ; if( (*extns)->critical.data == NULL ) crit = sal_False ; else diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt b/xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt index 7061a98fa15f..f6c52e5ac22f 100755 --- a/xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt +++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt @@ -32,3 +32,4 @@ V 350113102213Z 101E unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/C V 350113102601Z 101F unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x003\x000\x00<\x00 \x00>\x00#\x00;\x00 \x00"\x00+\x00" V 350113102847Z 1020 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x003\x001\x00 \x00\\x00"\x00a\x00,\x00b\x00"\x00+\x00C\x00N\x00=\x00U\x00S\x00,\x00 \x00>\x00 \x00\\x00\\x00d\x00e\x00 \x00< V 350113104059Z 1021 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x001\x004\x00 \x00"\x00,\x00m\x00i\x00d\x00d\x00l\x00e\x00 \x00q\x00u\x00o\x00t\x00e +V 111108105139Z 1022 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=User 35 diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1022.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1022.pem new file mode 100644 index 000000000000..6902605756af --- /dev/null +++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1022.pem @@ -0,0 +1,64 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4130 (0x1022) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11 + Validity + Not Before: Nov 8 10:51:39 2010 GMT + Not After : Nov 8 10:51:39 2011 GMT + Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=User 35 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:9b:36:00:64:f3:ce:93:97:62:19:fa:78:d9:6f: + 92:6a:b9:d2:9a:4e:06:2c:02:52:cd:93:50:84:28: + 19:42:a2:4a:34:e2:cd:e6:b0:39:7a:c8:4d:84:bc: + 71:51:ed:5d:6c:7e:f9:cc:01:5a:4b:73:50:a9:3b: + 5d:ad:cc:89:f7:dc:e0:dd:0a:ff:48:01:a9:34:19: + c0:6a:ee:4b:20:f4:cf:3c:94:c1:ae:88:0f:c9:42: + 1a:a6:47:31:fe:37:04:00:bb:ec:07:5f:cb:ee:70: + c4:c7:7c:6f:ee:03:19:76:de:0b:df:d0:48:91:67: + 55:9b:90:91:f4:ce:56:04:d5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Subject Key Identifier: + 91:47:AC:29:95:5D:EF:72:14:8F:82:45:07:E2:94:49:75:C6:7D:73 + X509v3 Authority Key Identifier: + keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55 + + X509v3 Subject Alternative Name: + DNS:alt.openoffice.org, IP Address:192.168.7.1, IP Address:13:0:0:0:0:0:0:17, email:my@other.address, Registered ID:1.2.3.4, othername:<unsupported>, DirName:/C=DE/O=OpenOffice.org/OU=Development/CN=User 32 Root 11, URI:http://my.url.here/ + Signature Algorithm: sha1WithRSAEncryption + 6e:80:e6:1e:86:3d:d2:65:a6:17:fa:80:2d:2e:dc:85:32:05: + a1:69:82:e1:79:d1:dc:de:69:cd:9e:f0:cc:90:75:a9:45:ee: + 73:46:fe:29:69:c0:99:bb:fc:3a:db:c0:5f:69:c6:b7:ea:9a: + 63:b2:8e:29:2c:a5:5a:88:88:94:75:4b:ab:0a:72:f6:3a:aa: + 5d:6b:3a:5c:b6:9b:57:f5:c1:51:af:df:3c:a6:8a:a3:da:70: + 66:61:49:12:06:78:98:9f:bc:78:3c:43:6d:08:94:aa:32:b6: + f3:cc:af:0d:29:fe:96:47:7d:fe:4a:61:48:90:11:0b:bd:0f: + a0:fd +-----BEGIN CERTIFICATE----- +MIIDajCCAtOgAwIBAgICECIwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx +EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD +VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDExMDgxMDUx +MzlaFw0xMTExMDgxMDUxMzlaMGAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i +dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l +bnQxEDAOBgNVBAMTB1VzZXIgMzUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +AJs2AGTzzpOXYhn6eNlvkmq50ppOBiwCUs2TUIQoGUKiSjTizeawOXrITYS8cVHt +XWx++cwBWktzUKk7Xa3Miffc4N0K/0gBqTQZwGruSyD0zzyUwa6ID8lCGqZHMf43 +BAC77Adfy+5wxMd8b+4DGXbeC9/QSJFnVZuQkfTOVgTVAgMBAAGjggExMIIBLTAL +BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJFHrCmVXe9yFI+CRQfilEl1xn1zMB8GA1Ud +IwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMIHdBgNVHREEgdUwgdKCEmFsdC5v +cGVub2ZmaWNlLm9yZ4cEwKgHAYcQABMAAAAAAAAAAAAAAAAAF4EQbXlAb3RoZXIu +YWRkcmVzc4gDKgMEoB4GAyoDBKAXDBVzb21lIG90aGVyIGlkZW50aWZpZXKkWDBW +MQswCQYDVQQGEwJERTEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT +C0RldmVsb3BtZW50MRgwFgYDVQQDEw9Vc2VyIDMyIFJvb3QgMTGGE2h0dHA6Ly9t +eS51cmwuaGVyZS8wDQYJKoZIhvcNAQEFBQADgYEAboDmHoY90mWmF/qALS7chTIF +oWmC4XnR3N5pzZ7wzJB1qUXuc0b+KWnAmbv8OtvAX2nGt+qaY7KOKSylWoiIlHVL +qwpy9jqqXWs6XLabV/XBUa/fPKaKo9pwZmFJEgZ4mJ+8eDxDbQiUqjK288yvDSn+ +lkd9/kphSJARC70PoP0= +-----END CERTIFICATE----- diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/serial b/xmlsecurity/test_docs/CAs/Root_11/demoCA/serial index c7781419a38b..b70608fe859d 100755 --- a/xmlsecurity/test_docs/CAs/Root_11/demoCA/serial +++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/serial @@ -1 +1 @@ -1022 +1023 diff --git a/xmlsecurity/test_docs/CAs/Root_11/openssl.cfg b/xmlsecurity/test_docs/CAs/Root_11/openssl.cfg index 8bf98da50e74..9d98db508b63 100755 --- a/xmlsecurity/test_docs/CAs/Root_11/openssl.cfg +++ b/xmlsecurity/test_docs/CAs/Root_11/openssl.cfg @@ -178,13 +178,16 @@ authorityKeyIdentifier=keyid,issuer # An alternative to produce certificates that aren't # deprecated according to PKIX. # subjectAltName=email:move -subjectAltName=dirName:dn_subjectAlt -# Copy subject details -# issuerAltName=issuer:copy - - -[dn_subjectAlt] -CN=User 14 Root 11 +subjectAltName=DNS:alt.openoffice.org,IP:192.168.7.1,IP:13::17,email:my@other.address,RID:1.2.3.4,otherName:1.2.3.4;UTF8:some other identifier,dirName:dir_sect,URI:http://my.url.here/ +# Copy subject details +# issuerAltName=issuer:copy + + +[dir_sect] +C=DE +O=OpenOffice.org +OU=Development +CN=User 32 Root 11 [ v3_req ] diff --git a/xmlsecurity/test_docs/certs/end_certs/User_35_Root_11.crt b/xmlsecurity/test_docs/certs/end_certs/User_35_Root_11.crt new file mode 100644 index 000000000000..6902605756af --- /dev/null +++ b/xmlsecurity/test_docs/certs/end_certs/User_35_Root_11.crt @@ -0,0 +1,64 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4130 (0x1022) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11 + Validity + Not Before: Nov 8 10:51:39 2010 GMT + Not After : Nov 8 10:51:39 2011 GMT + Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=User 35 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:9b:36:00:64:f3:ce:93:97:62:19:fa:78:d9:6f: + 92:6a:b9:d2:9a:4e:06:2c:02:52:cd:93:50:84:28: + 19:42:a2:4a:34:e2:cd:e6:b0:39:7a:c8:4d:84:bc: + 71:51:ed:5d:6c:7e:f9:cc:01:5a:4b:73:50:a9:3b: + 5d:ad:cc:89:f7:dc:e0:dd:0a:ff:48:01:a9:34:19: + c0:6a:ee:4b:20:f4:cf:3c:94:c1:ae:88:0f:c9:42: + 1a:a6:47:31:fe:37:04:00:bb:ec:07:5f:cb:ee:70: + c4:c7:7c:6f:ee:03:19:76:de:0b:df:d0:48:91:67: + 55:9b:90:91:f4:ce:56:04:d5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Subject Key Identifier: + 91:47:AC:29:95:5D:EF:72:14:8F:82:45:07:E2:94:49:75:C6:7D:73 + X509v3 Authority Key Identifier: + keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55 + + X509v3 Subject Alternative Name: + DNS:alt.openoffice.org, IP Address:192.168.7.1, IP Address:13:0:0:0:0:0:0:17, email:my@other.address, Registered ID:1.2.3.4, othername:<unsupported>, DirName:/C=DE/O=OpenOffice.org/OU=Development/CN=User 32 Root 11, URI:http://my.url.here/ + Signature Algorithm: sha1WithRSAEncryption + 6e:80:e6:1e:86:3d:d2:65:a6:17:fa:80:2d:2e:dc:85:32:05: + a1:69:82:e1:79:d1:dc:de:69:cd:9e:f0:cc:90:75:a9:45:ee: + 73:46:fe:29:69:c0:99:bb:fc:3a:db:c0:5f:69:c6:b7:ea:9a: + 63:b2:8e:29:2c:a5:5a:88:88:94:75:4b:ab:0a:72:f6:3a:aa: + 5d:6b:3a:5c:b6:9b:57:f5:c1:51:af:df:3c:a6:8a:a3:da:70: + 66:61:49:12:06:78:98:9f:bc:78:3c:43:6d:08:94:aa:32:b6: + f3:cc:af:0d:29:fe:96:47:7d:fe:4a:61:48:90:11:0b:bd:0f: + a0:fd +-----BEGIN CERTIFICATE----- +MIIDajCCAtOgAwIBAgICECIwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx +EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD +VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDExMDgxMDUx +MzlaFw0xMTExMDgxMDUxMzlaMGAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i +dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l +bnQxEDAOBgNVBAMTB1VzZXIgMzUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +AJs2AGTzzpOXYhn6eNlvkmq50ppOBiwCUs2TUIQoGUKiSjTizeawOXrITYS8cVHt +XWx++cwBWktzUKk7Xa3Miffc4N0K/0gBqTQZwGruSyD0zzyUwa6ID8lCGqZHMf43 +BAC77Adfy+5wxMd8b+4DGXbeC9/QSJFnVZuQkfTOVgTVAgMBAAGjggExMIIBLTAL +BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJFHrCmVXe9yFI+CRQfilEl1xn1zMB8GA1Ud +IwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMIHdBgNVHREEgdUwgdKCEmFsdC5v +cGVub2ZmaWNlLm9yZ4cEwKgHAYcQABMAAAAAAAAAAAAAAAAAF4EQbXlAb3RoZXIu +YWRkcmVzc4gDKgMEoB4GAyoDBKAXDBVzb21lIG90aGVyIGlkZW50aWZpZXKkWDBW +MQswCQYDVQQGEwJERTEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT +C0RldmVsb3BtZW50MRgwFgYDVQQDEw9Vc2VyIDMyIFJvb3QgMTGGE2h0dHA6Ly9t +eS51cmwuaGVyZS8wDQYJKoZIhvcNAQEFBQADgYEAboDmHoY90mWmF/qALS7chTIF +oWmC4XnR3N5pzZ7wzJB1qUXuc0b+KWnAmbv8OtvAX2nGt+qaY7KOKSylWoiIlHVL +qwpy9jqqXWs6XLabV/XBUa/fPKaKo9pwZmFJEgZ4mJ+8eDxDbQiUqjK288yvDSn+ +lkd9/kphSJARC70PoP0= +-----END CERTIFICATE----- |