From 38cb72b307e5fdc4c4bd70a4841dac306892ff0c Mon Sep 17 00:00:00 2001 From: Tomaž Vajngerl Date: Thu, 18 Oct 2018 10:34:14 +0200 Subject: xmlsecurity: implement XCertificateCreator for NSS backend MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-on: https://gerrit.libreoffice.org/61914 Tested-by: Jenkins Reviewed-by: Tomaž Vajngerl (cherry picked from commit ef2623b712d7417d8135279d654a16de2caf56fc) Conflicts: xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx Change-Id: I28aa17e6c97494769185ed289836524064030f39 --- .../xmlsec/nss/securityenvironment_nssimpl.cxx | 67 ++++++++++++++++++---- .../xmlsec/nss/securityenvironment_nssimpl.hxx | 12 +++- 2 files changed, 66 insertions(+), 13 deletions(-) (limited to 'xmlsecurity') diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx index 3ba0062e86b4..035896932ed3 100644 --- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx @@ -26,7 +26,6 @@ #include #include #include "securityenvironment_nssimpl.hxx" -#include "x509certificate_nssimpl.hxx" #include #include @@ -528,20 +527,23 @@ Sequence< Reference < XCertificate > > SecurityEnvironment_NssImpl::buildCertifi return Sequence< Reference < XCertificate > >(); } -Reference< XCertificate > SecurityEnvironment_NssImpl::createCertificateFromRaw( const Sequence< sal_Int8 >& rawCertificate ) { - X509Certificate_NssImpl* xcert ; - - if( rawCertificate.getLength() > 0 ) { - xcert = new X509Certificate_NssImpl() ; - if( xcert == nullptr ) - throw RuntimeException() ; +X509Certificate_NssImpl* SecurityEnvironment_NssImpl::createX509CertificateFromDER(const css::uno::Sequence& aDerCertificate) +{ + X509Certificate_NssImpl* pX509Certificate = nullptr; - xcert->setRawCert( rawCertificate ) ; - } else { - xcert = nullptr ; + if (aDerCertificate.getLength() > 0) + { + pX509Certificate = new X509Certificate_NssImpl(); + if (pX509Certificate == nullptr) + throw RuntimeException(); + pX509Certificate->setRawCert(aDerCertificate); } + return pX509Certificate; +} - return xcert ; +Reference SecurityEnvironment_NssImpl::createCertificateFromRaw(const Sequence< sal_Int8 >& rawCertificate) +{ + return createX509CertificateFromDER(rawCertificate); } Reference< XCertificate > SecurityEnvironment_NssImpl::createCertificateFromAscii( const OUString& asciiCertificate ) @@ -968,4 +970,45 @@ void SecurityEnvironment_NssImpl::destroyKeysManager(xmlSecKeysMngrPtr pKeysMngr } } +uno::Reference SecurityEnvironment_NssImpl::createDERCertificateWithPrivateKey( + Sequence const & raDERCertificate, Sequence const & raPrivateKey) +{ + SECStatus nStatus = SECSuccess; + + PK11SlotInfo* pSlot = PK11_GetInternalKeySlot(); + if (!pSlot) + return uno::Reference(); + + SECItem pDerPrivateKeyInfo; + pDerPrivateKeyInfo.data = reinterpret_cast(const_cast(raPrivateKey.getConstArray())); + pDerPrivateKeyInfo.len = raPrivateKey.getLength(); + + const unsigned int keyUsage = KU_KEY_ENCIPHERMENT | KU_DATA_ENCIPHERMENT | KU_DIGITAL_SIGNATURE; + SECKEYPrivateKey* pPrivateKey = nullptr; + + bool bPermanent = false; + bool bSensitive = false; + + nStatus = PK11_ImportDERPrivateKeyInfoAndReturnKey( + pSlot, &pDerPrivateKeyInfo, nullptr, nullptr, bPermanent, bSensitive, + keyUsage, &pPrivateKey, nullptr); + + if (nStatus != SECSuccess) + return uno::Reference(); + + if (!pPrivateKey) + return uno::Reference(); + + X509Certificate_NssImpl* pX509Certificate = createX509CertificateFromDER(raDERCertificate); + if (!pX509Certificate) + return uno::Reference(); + + addCryptoSlot(pSlot); + + CERTCertificate* pCERTCertificate = const_cast(pX509Certificate->getNssCert()); + pCERTCertificate->slot = pSlot; + + return pX509Certificate; +} + /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx index 0e47cd9d4213..becde1168661 100644 --- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx +++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx @@ -31,11 +31,14 @@ #include #include +#include #include #include #include #include +#include "x509certificate_nssimpl.hxx" + #include #include @@ -46,7 +49,8 @@ #include class SecurityEnvironment_NssImpl : public ::cppu::WeakImplHelper< - css::xml::crypto::XSecurityEnvironment , + css::xml::crypto::XSecurityEnvironment, + css::xml::crypto::XCertificateCreator, css::lang::XServiceInfo, css::lang::XUnoTunnel > { @@ -137,6 +141,10 @@ private: virtual css::uno::Reference< css::security::XCertificate > SAL_CALL createCertificateFromRaw( const css::uno::Sequence< sal_Int8 >& rawCertificate ) override ; virtual css::uno::Reference< css::security::XCertificate > SAL_CALL createCertificateFromAscii( const OUString& asciiCertificate ) override ; + // Methods of XCertificateCreator + css::uno::Reference SAL_CALL createDERCertificateWithPrivateKey( + css::uno::Sequence const & raDERCertificate, + css::uno::Sequence const & raPrivateKey) override; //Native methods /// @throws css::uno::RuntimeException @@ -148,6 +156,8 @@ private: private: void updateSlots(); + X509Certificate_NssImpl* createX509CertificateFromDER(const css::uno::Sequence& aDerCertificate); + /// @throws css::uno::Exception /// @throws css::uno::RuntimeException void addCryptoSlot( PK11SlotInfo* aSlot ) ; -- cgit