mav60: #164341# support AES encryption

12 files changed, 582 insertions, 171 deletions

diff --git a/xmlsecurity/inc/xmlsecurity/digitalsignaturesdialog.hxx b/xmlsecurity/inc/xmlsecurity/digitalsignaturesdialog.hxx
index 4d48aad47555..a0d4668d2477 100644
--- a/xmlsecurity/inc/xmlsecurity/digitalsignaturesdialog.hxx
+++ b/xmlsecurity/inc/xmlsecurity/digitalsignaturesdialog.hxx
@@ -132,8 +132,8 @@ public:
         sal_Bool bReadOnly, const ::rtl::OUString& sODFVersion, bool bHasDocumentSignature);
     ~DigitalSignaturesDialog();
 
-            // Initialize the dialog and the security environment, returns TRUE on success
-    BOOL    Init( const rtl::OUString& rTokenName );
+    // Initialize the dialog and the security environment, returns TRUE on success
+    BOOL    Init();
 
             // Set the storage which should be signed or verified
     void    SetStorage( const cssu::Reference < css::embed::XStorage >& rxStore );
diff --git a/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx b/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
index 4869b4728567..932c37f81252 100644
--- a/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
+++ b/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx
@@ -132,10 +132,9 @@ public:
     XMLSignatureHelper(const com::sun::star::uno::Reference< com::sun::star::uno::XComponentContext >& mrCtx );
     ~XMLSignatureHelper();
 
-                // Initialize the security context with given crypto token.
-                // Empty string means default crypto token.
-                // Returns true for success.
-    bool        Init( const rtl::OUString& rTokenPath );
+    // Initialize the security context with default crypto token.
+    // Returns true for success.
+    bool        Init();
 
                 // Set UriBinding to create input streams to open files.
                 // Default implementation is capable to open files from disk.
diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx
index ff7de666036d..6701f9aebcee 100644
--- a/xmlsecurity/source/component/documentdigitalsignatures.cxx
+++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx
@@ -220,7 +220,7 @@ sal_Bool DocumentDigitalSignatures::ImplViewSignatures(
     sal_Bool bChanges = sal_False;
     DigitalSignaturesDialog aSignaturesDialog(
         NULL, mxCtx, eMode, bReadOnly, m_sODFVersion, m_bHasDocumentSignature);
-    bool bInit = aSignaturesDialog.Init( rtl::OUString() );
+    bool bInit = aSignaturesDialog.Init();
     DBG_ASSERT( bInit, "Error initializing security context!" );
     if ( bInit )
     {
@@ -276,7 +276,7 @@ DocumentDigitalSignatures::ImplVerifySignatures(
 
     XMLSignatureHelper aSignatureHelper( mxCtx );
 
-    bool bInit = aSignatureHelper.Init( rtl::OUString() );
+    bool bInit = aSignatureHelper.Init();
 
     DBG_ASSERT( bInit, "Error initializing security context!" );
 
@@ -379,7 +379,7 @@ void DocumentDigitalSignatures::manageTrustedSources(  ) throw (RuntimeException
     Reference< dcss::xml::crypto::XSecurityEnvironment > xSecEnv;
 
     XMLSignatureHelper aSignatureHelper( mxCtx );
-    if ( aSignatureHelper.Init( rtl::OUString() ) )
+    if ( aSignatureHelper.Init() )
         xSecEnv = aSignatureHelper.GetSecurityEnvironment();
 
     MacroSecurity aDlg( NULL, mxCtx, xSecEnv );
@@ -391,7 +391,7 @@ void DocumentDigitalSignatures::showCertificate(
 {
     XMLSignatureHelper aSignatureHelper( mxCtx );
 
-    bool bInit = aSignatureHelper.Init( rtl::OUString() );
+    bool bInit = aSignatureHelper.Init();
 
     DBG_ASSERT( bInit, "Error initializing security context!" );
 
diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
index df032dcbe5ef..43e709c39b76 100644
--- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
+++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx
@@ -266,9 +266,9 @@ DigitalSignaturesDialog::~DigitalSignaturesDialog()
 {
 }
 
-BOOL DigitalSignaturesDialog::Init( const rtl::OUString& rTokenName )
+BOOL DigitalSignaturesDialog::Init()
 {
-    bool bInit = maSignatureHelper.Init( rTokenName );
+    bool bInit = maSignatureHelper.Init();
 
     DBG_ASSERT( bInit, "Error initializing security context!" );
 
diff --git a/xmlsecurity/source/helper/xmlsignaturehelper.cxx b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
index dd3ae00f69c1..5d898fd645e0 100644
--- a/xmlsecurity/source/helper/xmlsignaturehelper.cxx
+++ b/xmlsecurity/source/helper/xmlsignaturehelper.cxx
@@ -73,11 +73,9 @@ XMLSignatureHelper::XMLSignatureHelper( const uno::Reference< uno::XComponentCon
 
 XMLSignatureHelper::~XMLSignatureHelper()
 {
-    if ( mxSEInitializer.is() && mxSecurityContext.is() )
-        mxSEInitializer->freeSecurityContext( mxSecurityContext );
 }
 
-bool XMLSignatureHelper::Init( const rtl::OUString& rTokenPath )
+bool XMLSignatureHelper::Init()
 {
     DBG_ASSERT( !mxSEInitializer.is(), "XMLSignatureHelper::Init - mxSEInitializer already set!" );
     DBG_ASSERT( !mxSecurityContext.is(), "XMLSignatureHelper::Init - mxSecurityContext already set!" );
@@ -85,7 +83,7 @@ bool XMLSignatureHelper::Init( const rtl::OUString& rTokenPath )
     ImplCreateSEInitializer();
 
     if ( mxSEInitializer.is() )
-        mxSecurityContext = mxSEInitializer->createSecurityContext( rTokenPath );
+        mxSecurityContext = mxSEInitializer->createSecurityContext();
 
     return mxSecurityContext.is();
 }
diff --git a/xmlsecurity/source/xmlsec/nss/ciphercontext.cxx b/xmlsecurity/source/xmlsec/nss/ciphercontext.cxx
new file mode 100644
index 000000000000..64c619d0dfae
--- /dev/null
+++ b/xmlsecurity/source/xmlsec/nss/ciphercontext.cxx
@@ -0,0 +1,146 @@
+ /*************************************************************************
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * Copyright 2000, 2010 Oracle and/or its affiliates.
+ *
+ * OpenOffice.org - a multi-platform office productivity suite
+ *
+ * This file is part of OpenOffice.org.
+ *
+ * OpenOffice.org is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 3
+ * only, as published by the Free Software Foundation.
+ *
+ * OpenOffice.org is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License version 3 for more details
+ * (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * version 3 along with OpenOffice.org.  If not, see
+ * <http://www.openoffice.org/license.html>
+ * for a copy of the LGPLv3 License.
+ *
+ ************************************************************************/
+
+#include <precompiled_xmlsecurity.hxx>
+
+#include <rtl/ref.hxx>
+#include "ciphercontext.hxx"
+
+using namespace ::com::sun::star;
+
+uno::Reference< xml::crypto::XCipherContext > OCipherContext::Create( CK_MECHANISM_TYPE nNSSCipherID, const uno::Sequence< ::sal_Int8 >& aKey, const uno::Sequence< ::sal_Int8 >& aInitializationVector, bool bEncryption )
+{
+    ::rtl::Reference< OCipherContext > xResult = new OCipherContext;
+
+    xResult->m_pSlot = PK11_GetBestSlot( nNSSCipherID, NULL );
+    if ( xResult->m_pSlot )
+    {
+        SECItem aKeyItem = { siBuffer, const_cast< unsigned char* >( reinterpret_cast< const unsigned char* >( aKey.getConstArray() ) ), aKey.getLength() };
+        xResult->m_pSymKey = PK11_ImportSymKey( xResult->m_pSlot, nNSSCipherID, PK11_OriginDerive, bEncryption ? CKA_ENCRYPT : CKA_DECRYPT, &aKeyItem, NULL );
+        if ( xResult->m_pSymKey )
+        {
+            SECItem aIVItem = { siBuffer, const_cast< unsigned char* >( reinterpret_cast< const unsigned char* >( aInitializationVector.getConstArray() ) ), aInitializationVector.getLength() };
+            xResult->m_pSecParam = PK11_ParamFromIV( nNSSCipherID, &aIVItem );
+            if ( xResult->m_pSecParam )
+            {
+                xResult->m_pContext = PK11_CreateContextBySymKey( nNSSCipherID, bEncryption ? CKA_ENCRYPT : CKA_DECRYPT, xResult->m_pSymKey, xResult->m_pSecParam);
+                if ( xResult->m_pContext )
+                {
+                    xResult->m_bPadding = ( PK11_GetPadMechanism( nNSSCipherID ) == nNSSCipherID );
+                    xResult->m_nBlockSize = PK11_GetBlockSize( nNSSCipherID, xResult->m_pSecParam );
+                    return xResult.get();
+                }
+            }
+        }
+    }
+
+    return uno::Reference< xml::crypto::XCipherContext >();
+}
+
+void OCipherContext::Dispose()
+{
+    ::osl::MutexGuard aGuard( m_aMutex );
+
+    if ( m_pContext )
+    {
+        PK11_DestroyContext( m_pContext, PR_TRUE );
+        m_pContext = NULL;
+    }
+
+    if ( m_pSecParam )
+    {
+        SECITEM_FreeItem( m_pSecParam, PR_TRUE );
+        m_pSecParam = NULL;
+    }
+
+    if ( m_pSymKey )
+    {
+        PK11_FreeSymKey( m_pSymKey );
+        m_pSymKey = NULL;
+    }
+
+    if ( m_pSlot )
+    {
+        PK11_FreeSlot( m_pSlot );
+        m_pSlot = NULL;
+    }
+
+    m_bDisposed = true;
+}
+
+uno::Sequence< ::sal_Int8 > SAL_CALL OCipherContext::convertWithCipherContext( const uno::Sequence< ::sal_Int8 >& aData )
+    throw ( lang::IllegalArgumentException, lang::DisposedException, uno::RuntimeException)
+{
+    ::osl::MutexGuard aGuard( m_aMutex );
+
+    if ( m_bBroken )
+        throw uno::RuntimeException();
+
+    if ( m_bDisposed )
+        throw lang::DisposedException();
+
+    if ( !m_bPadding && aData.getLength() % m_nBlockSize )
+        throw lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "CBC without padding is used, the data should contain complete blocks only." ) ), uno::Reference< uno::XInterface >(), 1 );
+
+    int nResultLen = 0;
+    uno::Sequence< sal_Int8 > aResult( aData.getLength() );
+    if ( PK11_CipherOp( m_pContext, reinterpret_cast< unsigned char* >( aResult.getArray() ), &nResultLen, aResult.getLength(), const_cast< unsigned char* >( reinterpret_cast< const unsigned char* >( aData.getConstArray() ) ), aData.getLength() ) != SECSuccess )
+    {
+        m_bBroken = true;
+        Dispose();
+        throw uno::RuntimeException();
+    }
+
+    aResult.realloc( nResultLen );
+    return aResult;
+}
+
+uno::Sequence< ::sal_Int8 > SAL_CALL OCipherContext::finalizeCipherContextAndDispose()
+    throw (lang::DisposedException, uno::RuntimeException)
+{
+    ::osl::MutexGuard aGuard( m_aMutex );
+
+    if ( m_bBroken )
+        throw uno::RuntimeException();
+
+    if ( m_bDisposed )
+        throw lang::DisposedException();
+
+    unsigned nResultLen = 0;
+    uno::Sequence< sal_Int8 > aResult( m_nBlockSize );
+    if ( PK11_DigestFinal( m_pContext, reinterpret_cast< unsigned char* >( aResult.getArray() ), &nResultLen, aResult.getLength() ) != SECSuccess )
+    {
+        m_bBroken = true;
+        Dispose();
+        throw uno::RuntimeException();
+    }
+
+    aResult.realloc( nResultLen );
+    return aResult;
+
+}
+
diff --git a/xmlsecurity/source/xmlsec/nss/ciphercontext.hxx b/xmlsecurity/source/xmlsec/nss/ciphercontext.hxx
new file mode 100644
index 000000000000..2ad8fc4ba62d
--- /dev/null
+++ b/xmlsecurity/source/xmlsec/nss/ciphercontext.hxx
@@ -0,0 +1,80 @@
+/*************************************************************************
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * Copyright 2000, 2010 Oracle and/or its affiliates.
+ *
+ * OpenOffice.org - a multi-platform office productivity suite
+ *
+ * This file is part of OpenOffice.org.
+ *
+ * OpenOffice.org is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 3
+ * only, as published by the Free Software Foundation.
+ *
+ * OpenOffice.org is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License version 3 for more details
+ * (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * version 3 along with OpenOffice.org.  If not, see
+ * <http://www.openoffice.org/license.html>
+ * for a copy of the LGPLv3 License.
+ *
+ ************************************************************************/
+
+#ifndef _CIPHERCONTEXT_HXX
+#define _CIPHERCONTEXT_HXX
+
+#include <com/sun/star/xml/crypto/XCipherContext.hpp>
+
+#include <cppuhelper/implbase1.hxx>
+#include <osl/mutex.hxx>
+#include <pk11pub.h>
+
+class OCipherContext : public cppu::WeakImplHelper1< ::com::sun::star::xml::crypto::XCipherContext >
+{
+private:
+    ::osl::Mutex m_aMutex;
+
+    PK11SlotInfo* m_pSlot;
+    PK11SymKey* m_pSymKey;
+    SECItem* m_pSecParam;
+    PK11Context* m_pContext;
+    sal_Int32 m_nBlockSize;
+    bool m_bPadding;
+
+    bool m_bDisposed;
+    bool m_bBroken;
+
+    void Dispose();
+
+    OCipherContext()
+    : m_pSlot( NULL )
+    , m_pSymKey( NULL )
+    , m_pSecParam( NULL )
+    , m_pContext( NULL )
+    , m_bPadding( false )
+    , m_nBlockSize( 0 )
+    , m_bDisposed( false )
+    , m_bBroken( false )
+    {}
+
+public:
+
+    virtual ~OCipherContext()
+    {
+        Dispose();
+    }
+
+    static ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XCipherContext > Create( CK_MECHANISM_TYPE nNSSCipherID, const ::com::sun::star::uno::Sequence< ::sal_Int8 >& aKey, const ::com::sun::star::uno::Sequence< ::sal_Int8 >& aInitializationVector, bool bEncryption );
+
+    // XCipherContext
+    virtual ::com::sun::star::uno::Sequence< ::sal_Int8 > SAL_CALL convertWithCipherContext( const ::com::sun::star::uno::Sequence< ::sal_Int8 >& aData ) throw (::com::sun::star::lang::IllegalArgumentException, ::com::sun::star::lang::DisposedException, ::com::sun::star::uno::RuntimeException);
+    virtual ::com::sun::star::uno::Sequence< ::sal_Int8 > SAL_CALL finalizeCipherContextAndDispose(  ) throw (::com::sun::star::lang::DisposedException, ::com::sun::star::uno::RuntimeException);
+};
+
+#endif
+
diff --git a/xmlsecurity/source/xmlsec/nss/digestcontext.cxx b/xmlsecurity/source/xmlsec/nss/digestcontext.cxx
new file mode 100644
index 000000000000..17b700f1fd63
--- /dev/null
+++ b/xmlsecurity/source/xmlsec/nss/digestcontext.cxx
@@ -0,0 +1,92 @@
+/*************************************************************************
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * Copyright 2000, 2010 Oracle and/or its affiliates.
+ *
+ * OpenOffice.org - a multi-platform office productivity suite
+ *
+ * This file is part of OpenOffice.org.
+ *
+ * OpenOffice.org is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 3
+ * only, as published by the Free Software Foundation.
+ *
+ * OpenOffice.org is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License version 3 for more details
+ * (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * version 3 along with OpenOffice.org.  If not, see
+ * <http://www.openoffice.org/license.html>
+ * for a copy of the LGPLv3 License.
+ *
+ ************************************************************************/
+
+#include <precompiled_xmlsecurity.hxx>
+
+#include <pk11pub.h>
+#include "digestcontext.hxx"
+
+using namespace ::com::sun::star;
+
+ODigestContext::~ODigestContext()
+{
+    if ( m_pContext )
+    {
+        PK11_DestroyContext( m_pContext, PR_TRUE );
+        m_pContext = NULL;
+    }
+}
+
+void SAL_CALL ODigestContext::updateDigest( const uno::Sequence< ::sal_Int8 >& aData )
+    throw (lang::DisposedException, uno::RuntimeException)
+{
+    ::osl::MutexGuard aGuard( m_aMutex );
+
+    if ( m_bBroken )
+        throw uno::RuntimeException();
+
+    if ( m_bDisposed )
+        throw lang::DisposedException();
+
+    if ( PK11_DigestOp( m_pContext, reinterpret_cast< const unsigned char* >( aData.getConstArray() ), aData.getLength() ) != SECSuccess )
+    {
+        PK11_DestroyContext( m_pContext, PR_TRUE );
+        m_pContext = NULL;
+        m_bBroken = true;
+        throw uno::RuntimeException();
+    }
+}
+
+uno::Sequence< ::sal_Int8 > SAL_CALL ODigestContext::finalizeDigestAndDispose()
+    throw (lang::DisposedException, uno::RuntimeException)
+{
+    ::osl::MutexGuard aGuard( m_aMutex );
+
+    if ( m_bBroken )
+        throw uno::RuntimeException();
+
+    if ( m_bDisposed )
+        throw lang::DisposedException();
+
+    uno::Sequence< sal_Int8 > aResult( m_nDigestLength );
+    unsigned int nResultLen = 0;
+    if ( PK11_DigestFinal( m_pContext, reinterpret_cast< unsigned char* >( aResult.getArray() ), &nResultLen, aResult.getLength() ) != SECSuccess )
+    {
+        PK11_DestroyContext( m_pContext, PR_TRUE );
+        m_pContext = NULL;
+        m_bBroken = true;
+        throw uno::RuntimeException();
+    }
+
+    PK11_DestroyContext( m_pContext, PR_TRUE );
+    m_pContext = NULL;
+    m_bDisposed = true;
+
+    aResult.realloc( nResultLen );
+    return aResult;
+}
+
diff --git a/xmlsecurity/source/xmlsec/nss/digestcontext.hxx b/xmlsecurity/source/xmlsec/nss/digestcontext.hxx
new file mode 100644
index 000000000000..88b2063a84dc
--- /dev/null
+++ b/xmlsecurity/source/xmlsec/nss/digestcontext.hxx
@@ -0,0 +1,63 @@
+/*************************************************************************
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * Copyright 2000, 2010 Oracle and/or its affiliates.
+ *
+ * OpenOffice.org - a multi-platform office productivity suite
+ *
+ * This file is part of OpenOffice.org.
+ *
+ * OpenOffice.org is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 3
+ * only, as published by the Free Software Foundation.
+ *
+ * OpenOffice.org is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License version 3 for more details
+ * (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * version 3 along with OpenOffice.org.  If not, see
+ * <http://www.openoffice.org/license.html>
+ * for a copy of the LGPLv3 License.
+ *
+ ************************************************************************/
+
+#ifndef _DIGESTCONTEXT_HXX
+#define _DIGESTCONTEXT_HXX
+
+#include <com/sun/star/xml/crypto/XDigestContext.hpp>
+
+#include <cppuhelper/implbase1.hxx>
+#include <osl/mutex.hxx>
+
+class ODigestContext : public cppu::WeakImplHelper1< ::com::sun::star::xml::crypto::XDigestContext >
+{
+private:
+    ::osl::Mutex m_aMutex;
+
+    PK11Context* m_pContext;
+    sal_Int32 m_nDigestLength;
+    bool m_bDisposed;
+    bool m_bBroken;
+
+public:
+    ODigestContext( PK11Context* pContext, sal_Int32 nDigestLength )
+    : m_pContext( pContext )
+    , m_nDigestLength( nDigestLength )
+    , m_bDisposed( false )
+    , m_bBroken( false )
+    {}
+
+    virtual ~ODigestContext();
+
+
+    // XDigestContext
+    virtual void SAL_CALL updateDigest( const ::com::sun::star::uno::Sequence< ::sal_Int8 >& aData ) throw (::com::sun::star::lang::DisposedException, ::com::sun::star::uno::RuntimeException);
+    virtual ::com::sun::star::uno::Sequence< ::sal_Int8 > SAL_CALL finalizeDigestAndDispose() throw (::com::sun::star::lang::DisposedException, ::com::sun::star::uno::RuntimeException);
+};
+
+#endif
+
diff --git a/xmlsecurity/source/xmlsec/nss/makefile.mk b/xmlsecurity/source/xmlsec/nss/makefile.mk
index 227b6de88477..8a5fad14ce5d 100644
--- a/xmlsecurity/source/xmlsec/nss/makefile.mk
+++ b/xmlsecurity/source/xmlsec/nss/makefile.mk
@@ -130,6 +130,8 @@ SLOFILES = \
     $(SLO)$/xmlsignature_nssimpl.obj \
     $(SLO)$/x509certificate_nssimpl.obj \
     $(SLO)$/seinitializer_nssimpl.obj \
+    $(SLO)$/digestcontext.obj \
+    $(SLO)$/ciphercontext.obj \
     $(SLO)$/xsec_nss.obj \
         $(SLO)$/secerror.obj
 
diff --git a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx
index 127d7fa43fe6..99415a5a8521 100644
--- a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx
@@ -50,13 +50,17 @@
 #endif
 
 
+#include <com/sun/star/mozilla/XMozillaBootstrap.hpp>
+#include <com/sun/star/xml/crypto/DigestID.hpp>
+#include <com/sun/star/xml/crypto/CipherID.hpp>
+
 #include <sal/types.h>
-#include "rtl/instance.hxx"
-#include "rtl/bootstrap.hxx"
-#include "rtl/string.hxx"
-#include "rtl/strbuf.hxx"
-#include "osl/file.hxx"
-#include "osl/thread.h"
+#include <rtl/instance.hxx>
+#include <rtl/bootstrap.hxx>
+#include <rtl/string.hxx>
+#include <rtl/strbuf.hxx>
+#include <osl/file.hxx>
+#include <osl/thread.h>
 #include <tools/debug.hxx>
 #include <rtl/logfile.hxx>
 
@@ -64,18 +68,21 @@
 #include "../diagnose.hxx"
 
 #include "securityenvironment_nssimpl.hxx"
-#include <com/sun/star/mozilla/XMozillaBootstrap.hpp>
+#include "digestcontext.hxx"
+#include "ciphercontext.hxx"
 
-#include "nspr.h"
-#include "cert.h"
-#include "nss.h"
-#include "secmod.h"
-#include "nssckbi.h"
+#include <nspr.h>
+#include <cert.h>
+#include <nss.h>
+#include <pk11pub.h>
+#include <secmod.h>
+#include <nssckbi.h>
 
 
-namespace cssu = com::sun::star::uno;
-namespace cssl = com::sun::star::lang;
-namespace cssxc = com::sun::star::xml::crypto;
+namespace css = ::com::sun::star;
+namespace cssu = css::uno;
+namespace cssl = css::lang;
+namespace cssxc = css::xml::crypto;
 
 using namespace xmlsecurity;
 using namespace com::sun::star;
@@ -97,30 +104,33 @@ extern "C" void nsscrypto_finalize();
 namespace
 {
 
-bool nsscrypto_initialize( const char * sProfile, bool & out_nss_init);
+bool nsscrypto_initialize( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF, bool & out_nss_init );
 
 struct InitNSSInitialize
 {
-    //path to the database folder
-    const OString m_sProfile;
-    InitNSSInitialize(const OString & sProfile): m_sProfile(sProfile) {};
+    css::uno::Reference< css::lang::XMultiServiceFactory > mxMSF;
+
+    InitNSSInitialize( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF )
+    : mxMSF( xMSF )
+    {
+    }
+
     bool * operator()()
         {
             static bool bInitialized = false;
             bool bNSSInit = false;
-            bInitialized = nsscrypto_initialize(m_sProfile.getStr(), bNSSInit);
+            bInitialized = nsscrypto_initialize( mxMSF, bNSSInit );
             if (bNSSInit)
                 atexit(nsscrypto_finalize );
              return & bInitialized;
-
         }
 };
 
-bool * initNSS(const OString & sProfile)
+bool * initNSS( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF )
 {
     return rtl_Instance< bool, InitNSSInitialize,
         ::osl::MutexGuard, ::osl::GetGlobalMutex >::create(
-            InitNSSInitialize(sProfile), ::osl::GetGlobalMutex());
+            InitNSSInitialize( xMSF ), ::osl::GetGlobalMutex());
 }
 
 void deleteRootsModule()
@@ -171,6 +181,54 @@ void deleteRootsModule()
     }
 }
 
+::rtl::OString getMozillaCurrentProfile( const css::uno::Reference< css::lang::XMultiServiceFactory > &rxMSF )
+{
+    ::rtl::OString sResult;
+    // first, try to get the profile from "MOZILLA_CERTIFICATE_FOLDER"
+    char* pEnv = getenv( "MOZILLA_CERTIFICATE_FOLDER" );
+    if ( pEnv )
+    {
+        sResult = ::rtl::OString( pEnv );
+        RTL_LOGFILE_PRODUCT_TRACE1( "XMLSEC: Using env MOZILLA_CERTIFICATE_FOLDER: %s", sResult.getStr() );
+    }
+    else
+    {
+        mozilla::MozillaProductType productTypes[4] = {
+            mozilla::MozillaProductType_Thunderbird,
+            mozilla::MozillaProductType_Mozilla,
+            mozilla::MozillaProductType_Firefox,
+            mozilla::MozillaProductType_Default };
+        int nProduct = 4;
+
+        uno::Reference<uno::XInterface> xInstance = rxMSF->createInstance(
+            ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM("com.sun.star.mozilla.MozillaBootstrap")) );
+        OSL_ENSURE( xInstance.is(), "failed to create instance" );
+
+        uno::Reference<mozilla::XMozillaBootstrap> xMozillaBootstrap
+            =  uno::Reference<mozilla::XMozillaBootstrap>(xInstance,uno::UNO_QUERY);
+        OSL_ENSURE( xMozillaBootstrap.is(), "failed to create instance" );
+
+        if (xMozillaBootstrap.is())
+        {
+            for (int i=0; i<nProduct; i++)
+            {
+                ::rtl::OUString profile = xMozillaBootstrap->getDefaultProfile(productTypes[i]);
+
+                if (profile != NULL && profile.getLength()>0)
+                {
+                    ::rtl::OUString sProfilePath = xMozillaBootstrap->getProfilePath( productTypes[i], profile );
+                    sResult = ::rtl::OUStringToOString( sProfilePath, osl_getThreadTextEncoding() );
+                    RTL_LOGFILE_PRODUCT_TRACE1( "XMLSEC: Using Mozilla Profile: %s", sResult.getStr() );
+                }
+            }
+        }
+
+        RTL_LOGFILE_PRODUCT_TRACE( "XMLSEC: No Mozilla Profile found!" );
+    }
+
+    return sResult;
+}
+
 //Older versions of Firefox (FF), for example FF2, and Thunderbird (TB) 2 write
 //the roots certificate module (libnssckbi.so), which they use, into the
 //profile. This module will then already be loaded during NSS_Init (and the
@@ -192,18 +250,23 @@ void deleteRootsModule()
 //return true - whole initialization was successful
 //param out_nss_init = true: at least the NSS initialization (NSS_InitReadWrite
 //was successful and therefor NSS_Shutdown should be called when terminating.
-bool nsscrypto_initialize( const char* token, bool & out_nss_init )
+bool nsscrypto_initialize( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF, bool & out_nss_init )
 {
     bool return_value = true;
 
-    xmlsec_trace("Using profile: %s", token);
+    // this method must be called only once, no need for additional lock
+    rtl::OString sCertDir;
+    if ( xMSF.is() )
+        sCertDir = getMozillaCurrentProfile( xMSF );
+
+    xmlsec_trace( "Using profile: %s", sCertDir.getStr() );
 
     PR_Init( PR_USER_THREAD, PR_PRIORITY_NORMAL, 1 ) ;
 
-    //token may be an empty string
-    if (token != NULL && strlen(token) > 0)
+    // there might be no profile
+    if ( sCertDir.getLength() > 0 )
     {
-        if( NSS_InitReadWrite( token ) != SECSuccess )
+        if( NSS_InitReadWrite( sCertDir.getStr() ) != SECSuccess )
         {
             xmlsec_trace("Initializing NSS with profile failed.");
             char * error = NULL;
@@ -323,63 +386,10 @@ extern "C" void nsscrypto_finalize()
     PK11_LogoutAll();
     NSS_Shutdown();
 }
-
-
-bool getMozillaCurrentProfile(
-    const com::sun::star::uno::Reference< com::sun::star::lang::XMultiServiceFactory > &rxMSF,
-    rtl::OUString& profilePath)
-{
-    /*
-     * first, try to get the profile from "MOZILLA_CERTIFICATE_FOLDER"
-     */
-    char * env = getenv("MOZILLA_CERTIFICATE_FOLDER");
-    if (env)
-    {
-        profilePath = rtl::OUString::createFromAscii( env );
-        RTL_LOGFILE_PRODUCT_TRACE1( "XMLSEC: Using env MOZILLA_CERTIFICATE_FOLDER: %s", rtl::OUStringToOString( profilePath, RTL_TEXTENCODING_ASCII_US ).getStr() );
-        return true;
-    }
-    else
-    {
-        mozilla::MozillaProductType productTypes[4] = {
-            mozilla::MozillaProductType_Thunderbird,
-            mozilla::MozillaProductType_Mozilla,
-            mozilla::MozillaProductType_Firefox,
-            mozilla::MozillaProductType_Default };
-        int nProduct = 4;
-
-        uno::Reference<uno::XInterface> xInstance = rxMSF->createInstance(
-            ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM("com.sun.star.mozilla.MozillaBootstrap")) );
-        OSL_ENSURE( xInstance.is(), "failed to create instance" );
-
-        uno::Reference<mozilla::XMozillaBootstrap> xMozillaBootstrap
-            =  uno::Reference<mozilla::XMozillaBootstrap>(xInstance,uno::UNO_QUERY);
-        OSL_ENSURE( xMozillaBootstrap.is(), "failed to create instance" );
-
-        if (xMozillaBootstrap.is())
-        {
-            for (int i=0; i<nProduct; i++)
-            {
-                ::rtl::OUString profile = xMozillaBootstrap->getDefaultProfile(productTypes[i]);
-
-                if (profile != NULL && profile.getLength()>0)
-                {
-                    profilePath = xMozillaBootstrap->getProfilePath(productTypes[i],profile);
-                    RTL_LOGFILE_PRODUCT_TRACE1( "XMLSEC: Using Mozilla Profile: %s", rtl::OUStringToOString( profilePath, RTL_TEXTENCODING_ASCII_US ).getStr() );
-                    return true;
-                }
-            }
-        }
-
-        RTL_LOGFILE_PRODUCT_TRACE( "XMLSEC: No Mozilla Profile found!" );
-        return false;
-    }
-}
-
 } // namespace
 
 SEInitializer_NssImpl::SEInitializer_NssImpl(
-    const com::sun::star::uno::Reference< com::sun::star::lang::XMultiServiceFactory > &rxMSF)
+    const css::uno::Reference< css::lang::XMultiServiceFactory > &rxMSF)
     :mxMSF( rxMSF )
 {
 }
@@ -390,38 +400,13 @@ SEInitializer_NssImpl::~SEInitializer_NssImpl()
 
 /* XSEInitializer */
 cssu::Reference< cssxc::XXMLSecurityContext > SAL_CALL
-    SEInitializer_NssImpl::createSecurityContext(
-    const rtl::OUString& sCertDB )
+    SEInitializer_NssImpl::createSecurityContext()
     throw (cssu::RuntimeException)
 {
     CERTCertDBHandle    *pCertHandle = NULL ;
 
-    rtl::OString sCertDir;
-    if( sCertDB.getLength() )
-    {
-        sCertDir = rtl::OString(sCertDB, sCertDB.getLength(), RTL_TEXTENCODING_ASCII_US);
-    }
-    else
-    {
-        static rtl::OString* pDefaultCertDir = NULL;
-        if ( !pDefaultCertDir )
-        {
-            pDefaultCertDir = new rtl::OString;
-            rtl::OUString ouCertDir;
-
-
-
-            if ( getMozillaCurrentProfile(mxMSF, ouCertDir) )
-                *pDefaultCertDir = rtl::OString(ouCertDir, ouCertDir.getLength(), RTL_TEXTENCODING_ASCII_US);
-        }
-        sCertDir = *pDefaultCertDir;
-
-    }
-
-    if( ! *initNSS( sCertDir.getStr() ) )
-    {
+    if( ! *initNSS( mxMSF ) )
         return NULL;
-    }
 
     pCertHandle = CERT_GetDefaultCertDB() ;
 
@@ -456,16 +441,64 @@ cssu::Reference< cssxc::XXMLSecurityContext > SAL_CALL
     }
 }
 
-void SAL_CALL SEInitializer_NssImpl::freeSecurityContext( const cssu::Reference< cssxc::XXMLSecurityContext >& )
-    throw (cssu::RuntimeException)
+css::uno::Reference< css::xml::crypto::XDigestContext > SAL_CALL SEInitializer_NssImpl::getDigestContext( ::sal_Int32 nDigestID, const css::uno::Any& aParams )
+    throw (css::lang::IllegalArgumentException, css::uno::RuntimeException)
+{
+    SECOidTag nNSSDigestID = SEC_OID_UNKNOWN;
+    sal_Int32 nDigestLength = 0;
+    if ( nDigestID == css::xml::crypto::DigestID::SHA256 )
+    {
+        nNSSDigestID = SEC_OID_SHA256;
+        nDigestLength = 32;
+    }
+    else if ( nDigestID != css::xml::crypto::DigestID::SHA1 )
+    {
+        nNSSDigestID = SEC_OID_SHA1;
+        nDigestLength = 16;
+    }
+    else
+        throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected digest requested." ) ), css::uno::Reference< css::uno::XInterface >(), 1 );
+
+    if ( aParams.hasValue() )
+        throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected arguments provided for digest creation." ) ), css::uno::Reference< css::uno::XInterface >(), 2 );
+
+    css::uno::Reference< css::xml::crypto::XDigestContext > xResult;
+    if( *initNSS( mxMSF ) )
+    {
+        PK11Context* pContext = PK11_CreateDigestContext( nNSSDigestID );
+        if ( pContext && PK11_DigestBegin( pContext ) == SECSuccess )
+            xResult = new ODigestContext( pContext, nDigestLength );
+    }
+
+    return xResult;
+}
+
+css::uno::Reference< css::xml::crypto::XCipherContext > SAL_CALL SEInitializer_NssImpl::getCipherContext( ::sal_Int32 nCipherID, const css::uno::Sequence< ::sal_Int8 >& aKey, const css::uno::Sequence< ::sal_Int8 >& aInitializationVector, ::sal_Bool bEncryption, const css::uno::Any& aParams )
+    throw (css::lang::IllegalArgumentException, css::uno::RuntimeException)
 {
-    /*
-     * because the security context will free all its content when it
-     * is destructed, so here no free process for the security context
-     * is needed.
-     */
-    //PK11_LogoutAll();
-    //NSS_Shutdown();
+    CK_MECHANISM_TYPE nNSSCipherID = -1;
+    if ( nCipherID == css::xml::crypto::CipherID::AES_CBC )
+    {
+        nNSSCipherID = CKM_AES_CBC;
+        if ( aKey.getLength() != 16 && aKey.getLength() != 24 && aKey.getLength() != 32 )
+            throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected key length." ) ), css::uno::Reference< css::uno::XInterface >(), 2 );
+
+        if ( aParams.hasValue() )
+            throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected arguments provided for cipher creation." ) ), css::uno::Reference< css::uno::XInterface >(), 5 );
+    }
+    else
+        throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected cipher requested." ) ), css::uno::Reference< css::uno::XInterface >(), 1 );
+
+    css::uno::Reference< css::xml::crypto::XCipherContext > xResult;
+    if( *initNSS( mxMSF ) )
+    {
+        if ( aInitializationVector.getLength() != PK11_GetIVLength( nNSSCipherID ) )
+            throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected length of initialization vector." ) ), css::uno::Reference< css::uno::XInterface >(), 3 );
+
+        xResult = OCipherContext::Create( nNSSCipherID, aKey, aInitializationVector, bEncryption );
+    }
+
+    return xResult;
 }
 
 rtl::OUString SEInitializer_NssImpl_getImplementationName ()
diff --git a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx
index 70075adc84e3..c7a130981e37 100644
--- a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx
+++ b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx
@@ -29,80 +29,78 @@
 #define _SEINITIALIZERIMPL_HXX
 
 #include <com/sun/star/xml/crypto/XXMLSecurityContext.hpp>
-#ifndef _COM_SUN_STAR_XML_CRYPTO_SEINITIALIZER_HPP_
 #include <com/sun/star/xml/crypto/XSEInitializer.hpp>
-#endif
+#include <com/sun/star/xml/crypto/XDigestContextSupplier.hpp>
+#include <com/sun/star/xml/crypto/XCipherContextSupplier.hpp>
 #include <com/sun/star/lang/XUnoTunnel.hpp>
 #include <com/sun/star/lang/XServiceInfo.hpp>
 #include <com/sun/star/lang/XMultiServiceFactory.hpp>
-#include <cppuhelper/implbase2.hxx>
+
+#include <cppuhelper/implbase4.hxx>
 
 #include <libxml/tree.h>
 
-class SEInitializer_NssImpl : public cppu::WeakImplHelper2
+class SEInitializer_NssImpl : public cppu::WeakImplHelper4
 <
-    com::sun::star::xml::crypto::XSEInitializer,
-    com::sun::star::lang::XServiceInfo
+    ::com::sun::star::xml::crypto::XSEInitializer,
+    ::com::sun::star::xml::crypto::XDigestContextSupplier,
+    ::com::sun::star::xml::crypto::XCipherContextSupplier,
+    ::com::sun::star::lang::XServiceInfo
 >
 /****** SEInitializer_NssImpl.hxx/CLASS SEInitializer_NssImpl ***********
  *
  *   NAME
- *  SEInitializer_NssImpl -- Class to initialize a Security Context
- *  instance
+ *    SEInitializer_NssImpl -- Class to initialize a Security Context
+ *    instance
  *
  *   FUNCTION
- *  Use this class to initialize a XmlSec based Security Context
- *  instance. After this instance is used up, use this class to free this
- *  instance.
- *
- *   HISTORY
- *  05.01.2004 -    Interface supported: XSEInitializer, XSEInitializer
- *
- *   AUTHOR
- *  Michael Mi
- *  Email: michael.mi@sun.com
+ *    Use this class to initialize a XmlSec based Security Context
+ *    instance. After this instance is used up, use this class to free this
+ *    instance.
  ******************************************************************************/
 {
 private:
-    com::sun::star::uno::Reference< com::sun::star::lang::XMultiServiceFactory > mxMSF;
+    ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory > mxMSF;
 
 public:
-    SEInitializer_NssImpl(const com::sun::star::uno::Reference< com::sun::star::lang::XMultiServiceFactory > &rxMSF);
+    SEInitializer_NssImpl(const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory > &rxMSF);
     virtual ~SEInitializer_NssImpl();
 
     /* XSEInitializer */
-    virtual com::sun::star::uno::Reference<
-        com::sun::star::xml::crypto::XXMLSecurityContext >
-        SAL_CALL createSecurityContext( const rtl::OUString& certDB )
-        throw (com::sun::star::uno::RuntimeException);
+    virtual ::com::sun::star::uno::Reference<
+        ::com::sun::star::xml::crypto::XXMLSecurityContext >
+        SAL_CALL createSecurityContext()
+        throw (::com::sun::star::uno::RuntimeException);
+
+    /* XDigestContextSupplier */
+    virtual ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XDigestContext > SAL_CALL getDigestContext( ::sal_Int32 nDigestID, const ::com::sun::star::uno::Any& aParams ) throw (::com::sun::star::lang::IllegalArgumentException, ::com::sun::star::uno::RuntimeException);
 
-    virtual void SAL_CALL freeSecurityContext( const com::sun::star::uno::Reference<
-        com::sun::star::xml::crypto::XXMLSecurityContext >& securityContext )
-        throw (com::sun::star::uno::RuntimeException);
+    /* XCipherContextSupplier */
+    virtual ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XCipherContext > SAL_CALL getCipherContext( ::sal_Int32 nCipherID, const ::com::sun::star::uno::Sequence< ::sal_Int8 >& aKey, const ::com::sun::star::uno::Sequence< ::sal_Int8 >& aInitializationVector, ::sal_Bool bEncryption, const ::com::sun::star::uno::Any& aParams ) throw (::com::sun::star::lang::IllegalArgumentException, ::com::sun::star::uno::RuntimeException);
 
     /* XServiceInfo */
     virtual rtl::OUString SAL_CALL getImplementationName(  )
-        throw (com::sun::star::uno::RuntimeException);
+        throw (::com::sun::star::uno::RuntimeException);
 
     virtual sal_Bool SAL_CALL supportsService( const rtl::OUString& ServiceName )
-        throw (com::sun::star::uno::RuntimeException);
+        throw (::com::sun::star::uno::RuntimeException);
 
-    virtual com::sun::star::uno::Sequence< rtl::OUString > SAL_CALL getSupportedServiceNames(  )
-        throw (com::sun::star::uno::RuntimeException);
+    virtual ::com::sun::star::uno::Sequence< rtl::OUString > SAL_CALL getSupportedServiceNames(  )
+        throw (::com::sun::star::uno::RuntimeException);
 };
 
 rtl::OUString SEInitializer_NssImpl_getImplementationName()
-    throw ( com::sun::star::uno::RuntimeException );
+    throw ( ::com::sun::star::uno::RuntimeException );
 
 sal_Bool SAL_CALL SEInitializer_NssImpl_supportsService( const rtl::OUString& ServiceName )
-    throw ( com::sun::star::uno::RuntimeException );
+    throw ( ::com::sun::star::uno::RuntimeException );
 
 com::sun::star::uno::Sequence< rtl::OUString > SAL_CALL SEInitializer_NssImpl_getSupportedServiceNames(  )
-    throw ( com::sun::star::uno::RuntimeException );
+    throw ( ::com::sun::star::uno::RuntimeException );
 
-com::sun::star::uno::Reference< com::sun::star::uno::XInterface >
-SAL_CALL SEInitializer_NssImpl_createInstance( const com::sun::star::uno::Reference< com::sun::star::lang::XMultiServiceFactory > & rSMgr)
-    throw ( com::sun::star::uno::Exception );
+com::sun::star::uno::Reference< ::com::sun::star::uno::XInterface >
+SAL_CALL SEInitializer_NssImpl_createInstance( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory > & rSMgr)
+    throw ( ::com::sun::star::uno::Exception );
 
 #endif