xmlsecurity: add EqualDistinguishedNames()

Change-Id: I1222658522e25b916010817f847685c20b1cf5c4 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111545 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
author: Michael Stahl <michael.stahl@allotropia.de> 2021-02-25 14:17:48 +0100
committer: Michael Stahl <michael.stahl@allotropia.de> 2021-03-03 12:46:23 +0100
commit: 1d3da3486d827dd5e7a3bf1c7a533f5aa9860e42 (patch)
tree: 88189c6db8a0a328331f80000364372754532fdf /xmlsecurity
parent: 2bfa00e6bf4b2a310a8b8f5060acec85b5f7a3ce (diff)
3 files changed, 75 insertions, 0 deletions
diff --git a/xmlsecurity/inc/biginteger.hxx b/xmlsecurity/inc/biginteger.hxx
index ac411c2e53b7..c15b54de6229 100644
--- a/xmlsecurity/inc/biginteger.hxx
+++ b/xmlsecurity/inc/biginteger.hxx
@@ -34,6 +34,9 @@ namespace xmlsecurity
 XSECXMLSEC_DLLPUBLIC OUString bigIntegerToNumericString(const css::uno::Sequence<sal_Int8>& serial);
 XSECXMLSEC_DLLPUBLIC css::uno::Sequence<sal_Int8>
 numericStringToBigInteger(std::u16string_view serialNumber);
+
+XSECXMLSEC_DLLPUBLIC bool EqualDistinguishedNames(std::u16string_view rName1,
+                                                  std::u16string_view rName2);
 }
 
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx
index 1672a21c7868..d9d45f5e7062 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx
@@ -26,6 +26,7 @@
 #include <cppuhelper/supportsservice.hxx>
 #include "x509certificate_mscryptimpl.hxx"
 #include <certificateextension_xmlsecimpl.hxx>
+#include <biginteger.hxx>
 #include "sanextension_mscryptimpl.hxx"
 
 #include "oid.hxx"
@@ -651,4 +652,50 @@ Sequence<OUString> SAL_CALL X509Certificate_MSCryptImpl::getSupportedServiceName
     return { OUString() };
 }
 
+namespace xmlsecurity {
+
+static bool EncodeDistinguishedName(std::u16string_view const rName, CERT_NAME_BLOB & rBlob)
+{
+    LPCWSTR pszError;
+    if (!CertStrToNameW(X509_ASN_ENCODING,
+            reinterpret_cast<LPCWSTR>(rName.data()), CERT_X500_NAME_STR,
+            nullptr, nullptr, &rBlob.cbData, &pszError))
+    {
+        SAL_INFO("xmlsecurity.xmlsec", "CertStrToNameW failed: " << WindowsErrorString(GetLastError()) << "; " << reinterpret_cast<char16_t const*>(pszError));
+        return false;
+    }
+    rBlob.pbData = new BYTE[rBlob.cbData];
+    if (!CertStrToNameW(X509_ASN_ENCODING,
+            reinterpret_cast<LPCWSTR>(rName.data()), CERT_X500_NAME_STR,
+            nullptr, rBlob.pbData, &rBlob.cbData, &pszError))
+    {
+        SAL_INFO("xmlsecurity.xmlsec", "CertStrToNameW failed: " << WindowsErrorString(GetLastError()) << "; " << reinterpret_cast<char16_t const*>(pszError));
+        return false;
+    }
+    return true;
+}
+
+bool EqualDistinguishedNames(
+        std::u16string_view const rName1, std::u16string_view const rName2)
+{
+    CERT_NAME_BLOB blob1;
+    if (!EncodeDistinguishedName(rName1, blob1))
+    {
+        return false;
+    }
+    CERT_NAME_BLOB blob2;
+    if (!EncodeDistinguishedName(rName2, blob2))
+    {
+        delete[] blob1.pbData;
+        return false;
+    }
+    bool const ret(CertCompareCertificateName(X509_ASN_ENCODING,
+            &blob1, &blob2) == TRUE);
+    delete[] blob2.pbData;
+    delete[] blob1.pbData;
+    return ret;
+}
+
+} // namespace xmlsecurity
+
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
index 15ec8a346895..940656193e94 100644
--- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
@@ -31,6 +31,7 @@
 #include <rtl/ref.hxx>
 #include "x509certificate_nssimpl.hxx"
 
+#include <biginteger.hxx>
 #include <certificateextension_xmlsecimpl.hxx>
 
 #include "sanextension_nssimpl.hxx"
@@ -533,4 +534,28 @@ sal_Bool SAL_CALL X509Certificate_NssImpl::supportsService(const OUString& servi
 /* XServiceInfo */
 Sequence<OUString> SAL_CALL X509Certificate_NssImpl::getSupportedServiceNames() { return { OUString() }; }
 
+namespace xmlsecurity {
+
+bool EqualDistinguishedNames(
+        std::u16string_view const rName1, std::u16string_view const rName2)
+{
+    CERTName *const pName1(CERT_AsciiToName(OUStringToOString(rName1, RTL_TEXTENCODING_UTF8).getStr()));
+    if (pName1 == nullptr)
+    {
+        return false;
+    }
+    CERTName *const pName2(CERT_AsciiToName(OUStringToOString(rName2, RTL_TEXTENCODING_UTF8).getStr()));
+    if (pName2 == nullptr)
+    {
+        CERT_DestroyName(pName1);
+        return false;
+    }
+    bool const ret(CERT_CompareName(pName1, pName2) == SECEqual);
+    CERT_DestroyName(pName2);
+    CERT_DestroyName(pName1);
+    return ret;
+}
+
+} // namespace xmlsecurity
+
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
author	Michael Stahl <michael.stahl@allotropia.de>	2021-02-25 14:17:48 +0100
committer	Michael Stahl <michael.stahl@allotropia.de>	2021-03-03 12:46:23 +0100
commit	1d3da3486d827dd5e7a3bf1c7a533f5aa9860e42 (patch)
tree	88189c6db8a0a328331f80000364372754532fdf /xmlsecurity
parent	2bfa00e6bf4b2a310a8b8f5060acec85b5f7a3ce (diff)