From b1c145876007352a59f389126746c8ef0f660ee5 Mon Sep 17 00:00:00 2001 From: Tor Lillqvist Date: Thu, 22 Dec 2016 08:16:23 +0200 Subject: Revert "[API CHANGE] createSecurityContext() was always called with an empty string" I got cold feet. I don't want to have to revert this many years later instead, when some obscure 3rd-party software stops working. This reverts commit e1ce7bad62f07faf8f21adac6c3848d142f61953. --- xmlsecurity/qa/certext/SanCertExt.cxx | 2 +- xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx | 10 ++--- .../source/helper/documentsignaturemanager.cxx | 2 +- .../xmlsec/mscrypt/seinitializer_mscryptimpl.cxx | 43 ++++++++++++++++++++-- .../xmlsec/mscrypt/seinitializer_mscryptimpl.hxx | 2 +- .../source/xmlsec/nss/seinitializer_nssimpl.cxx | 2 +- .../source/xmlsec/nss/seinitializer_nssimpl.hxx | 2 +- xmlsecurity/workben/pdfverify.cxx | 2 +- 8 files changed, 51 insertions(+), 14 deletions(-) (limited to 'xmlsecurity') diff --git a/xmlsecurity/qa/certext/SanCertExt.cxx b/xmlsecurity/qa/certext/SanCertExt.cxx index 3102ca0ecee0..43254fdd7873 100644 --- a/xmlsecurity/qa/certext/SanCertExt.cxx +++ b/xmlsecurity/qa/certext/SanCertExt.cxx @@ -126,7 +126,7 @@ namespace { uno::Reference< lang::XMultiServiceFactory > factory(context->getServiceManager(), uno::UNO_QUERY_THROW); uno::Reference< xml::crypto::XSEInitializer > xSEInitializer = xml::crypto::SEInitializer::create(context); uno::Reference< xml::crypto::XXMLSecurityContext > xSecurityContext( - xSEInitializer->createSecurityContext()); + xSEInitializer->createSecurityContext(OUString())); return xSecurityContext->getSecurityEnvironment(); } diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx index cbde51748912..507b3e5ea09e 100644 --- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx +++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx @@ -119,7 +119,7 @@ void PDFSigningTest::setUp() std::vector PDFSigningTest::verify(const OUString& rURL, size_t nCount, const OString& rExpectedSubFilter) { uno::Reference xSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext); - uno::Reference xSecurityContext = xSEInitializer->createSecurityContext(); + uno::Reference xSecurityContext = xSEInitializer->createSecurityContext(OUString()); std::vector aRet; SvFileStream aStream(rURL, StreamMode::READ); @@ -151,7 +151,7 @@ bool PDFSigningTest::sign(const OUString& rInURL, const OUString& rOutURL, size_ { // Make sure that input has nOriginalSignatureCount signatures. uno::Reference xSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext); - uno::Reference xSecurityContext = xSEInitializer->createSecurityContext(); + uno::Reference xSecurityContext = xSEInitializer->createSecurityContext(OUString()); xmlsecurity::pdfio::PDFDocument aDocument; { SvFileStream aStream(rInURL, StreamMode::READ); @@ -223,7 +223,7 @@ void PDFSigningTest::testPDFRemove() { // Make sure that good.pdf has 1 valid signature. uno::Reference xSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext); - uno::Reference xSecurityContext = xSEInitializer->createSecurityContext(); + uno::Reference xSecurityContext = xSEInitializer->createSecurityContext(OUString()); xmlsecurity::pdfio::PDFDocument aDocument; { OUString aSourceDir = m_directories.getURLFromSrc(DATA_DIRECTORY); @@ -257,7 +257,7 @@ void PDFSigningTest::testPDFRemoveAll() // testPDFRemove(), here intentionally test DocumentSignatureManager and // PDFSignatureHelper code as well. uno::Reference xSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext); - uno::Reference xSecurityContext = xSEInitializer->createSecurityContext(); + uno::Reference xSecurityContext = xSEInitializer->createSecurityContext(OUString()); // Copy the test document to a temporary file, as it'll be modified. OUString aTargetDir = m_directories.getURLFromWorkdir("/CppunitTest/xmlsecurity_pdfsigning.test.user/"); @@ -410,7 +410,7 @@ void PDFSigningTest::testUnknownSubFilter() { // Tokenize the bugdoc. uno::Reference xSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext); - uno::Reference xSecurityContext = xSEInitializer->createSecurityContext(); + uno::Reference xSecurityContext = xSEInitializer->createSecurityContext(OUString()); SvStream* pStream = utl::UcbStreamHelper::CreateStream(m_directories.getURLFromSrc(DATA_DIRECTORY) + "cr-comment.pdf", StreamMode::READ | StreamMode::WRITE); uno::Reference xStream(new utl::OStreamWrapper(*pStream)); DocumentSignatureManager aManager(mxComponentContext, DocumentSignatureMode::Content); diff --git a/xmlsecurity/source/helper/documentsignaturemanager.cxx b/xmlsecurity/source/helper/documentsignaturemanager.cxx index df753def1118..76e0b0aefaa9 100644 --- a/xmlsecurity/source/helper/documentsignaturemanager.cxx +++ b/xmlsecurity/source/helper/documentsignaturemanager.cxx @@ -56,7 +56,7 @@ bool DocumentSignatureManager::init() mxSEInitializer = css::xml::crypto::SEInitializer::create(mxContext); if (mxSEInitializer.is()) - mxSecurityContext = mxSEInitializer->createSecurityContext(); + mxSecurityContext = mxSEInitializer->createSecurityContext(OUString()); return mxSecurityContext.is(); } diff --git a/xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.cxx index a933ba9691b2..91158dd14d6b 100644 --- a/xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.cxx +++ b/xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.cxx @@ -45,12 +45,31 @@ SEInitializer_MSCryptImpl::~SEInitializer_MSCryptImpl() /* XSEInitializer */ cssu::Reference< cssxc::XXMLSecurityContext > SAL_CALL - SEInitializer_MSCryptImpl::createSecurityContext() + SEInitializer_MSCryptImpl::createSecurityContext( + const OUString& sCertDB ) throw (cssu::RuntimeException) { + const char* n_pCertStore ; + HCERTSTORE n_hStoreHandle ; + //Initialize the crypto engine + if( sCertDB.getLength() > 0 ) + { + OString sCertDir(sCertDB.getStr(), sCertDB.getLength(), RTL_TEXTENCODING_ASCII_US); + n_pCertStore = sCertDir.getStr(); + n_hStoreHandle = CertOpenSystemStore( NULL, n_pCertStore ) ; + if( n_hStoreHandle == nullptr ) + { + return nullptr; + } + } + else + { + n_pCertStore = nullptr ; + n_hStoreHandle = nullptr ; + } - xmlSecMSCryptoAppInit( nullptr ) ; + xmlSecMSCryptoAppInit( n_pCertStore ) ; try { /* Build Security Environment */ @@ -61,11 +80,24 @@ cssu::Reference< cssxc::XXMLSecurityContext > SAL_CALL SecurityEnvironment_MSCryptImpl* pSecEnv = reinterpret_cast(xSecEnvTunnel->getSomething( SecurityEnvironment_MSCryptImpl::getUnoTunnelId() )); if( pSecEnv == nullptr ) { + if( n_hStoreHandle != nullptr ) + { + CertCloseStore( n_hStoreHandle, CERT_CLOSE_STORE_FORCE_FLAG ) ; + } + xmlSecMSCryptoAppShutdown() ; return nullptr; } - pSecEnv->enableDefaultCrypt( true ) ; + if( n_hStoreHandle != nullptr ) + { + pSecEnv->setCryptoSlot( n_hStoreHandle ) ; + pSecEnv->setCertDb( n_hStoreHandle ) ; + } + else + { + pSecEnv->enableDefaultCrypt( true ) ; + } /* Build XML Security Context */ cssu::Reference< cssxc::XXMLSecurityContext > xSecCtx = cssxc::XMLSecurityContext::create( mxContext ); @@ -75,6 +107,11 @@ cssu::Reference< cssxc::XXMLSecurityContext > SAL_CALL } catch( cssu::Exception& ) { + if( n_hStoreHandle != nullptr ) + { + CertCloseStore( n_hStoreHandle, CERT_CLOSE_STORE_FORCE_FLAG ) ; + } + xmlSecMSCryptoAppShutdown() ; return nullptr; } diff --git a/xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.hxx b/xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.hxx index ac11d9fa1957..46c698c4e455 100644 --- a/xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.hxx +++ b/xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.hxx @@ -56,7 +56,7 @@ public: /* XSEInitializer */ virtual css::uno::Reference< css::xml::crypto::XXMLSecurityContext > - SAL_CALL createSecurityContext() + SAL_CALL createSecurityContext( const OUString& certDB ) throw (css::uno::RuntimeException) override; virtual void SAL_CALL freeSecurityContext( const css::uno::Reference< diff --git a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx index 0273a28ea06e..012106c41c05 100644 --- a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx @@ -63,7 +63,7 @@ SEInitializer_NssImpl::~SEInitializer_NssImpl() /* XSEInitializer */ uno::Reference< cssxc::XXMLSecurityContext > SAL_CALL - SEInitializer_NssImpl::createSecurityContext() + SEInitializer_NssImpl::createSecurityContext( const OUString& ) throw (uno::RuntimeException, std::exception) { CERTCertDBHandle *pCertHandle = nullptr ; diff --git a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx index e223134909cd..685473283195 100644 --- a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx +++ b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx @@ -41,7 +41,7 @@ public: /* XSEInitializer */ virtual css::uno::Reference< css::xml::crypto::XXMLSecurityContext > - SAL_CALL createSecurityContext() + SAL_CALL createSecurityContext( const OUString& ) throw (css::uno::RuntimeException, std::exception) override; virtual void SAL_CALL freeSecurityContext( const css::uno::Reference< diff --git a/xmlsecurity/workben/pdfverify.cxx b/xmlsecurity/workben/pdfverify.cxx index fea369d74e4d..92504fcba42d 100644 --- a/xmlsecurity/workben/pdfverify.cxx +++ b/xmlsecurity/workben/pdfverify.cxx @@ -56,7 +56,7 @@ int pdfVerify(int nArgc, char** pArgv) SAL_WARN("xmlsecurity.pdfio", "DeploymentException while creating SEInitializer: " << rException.Message); return 1; } - uno::Reference xSecurityContext = xSEInitializer->createSecurityContext(); + uno::Reference xSecurityContext = xSEInitializer->createSecurityContext(OUString()); OUString aInURL; osl::FileBase::getFileURLFromSystemPath(OUString::fromUtf8(pArgv[1]), aInURL); -- cgit