diff options
author | Mikhail Voytenko <mav@openoffice.org> | 2011-03-09 17:29:09 +0100 |
---|---|---|
committer | Mikhail Voytenko <mav@openoffice.org> | 2011-03-09 17:29:09 +0100 |
commit | 7422ecbc2a6057dfcd4d2237da3f581965d270f3 (patch) | |
tree | 3fd61f6f4aac635e0a82151c34f15d4510c73204 /xmlsecurity | |
parent | CWS-TOOLING: integrate CWS dba34b (diff) | |
download | core-7422ecbc2a6057dfcd4d2237da3f581965d270f3.tar.gz core-7422ecbc2a6057dfcd4d2237da3f581965d270f3.zip |
mav60: #164341# support AES encryption
Diffstat (limited to 'xmlsecurity')
-rw-r--r-- | xmlsecurity/inc/xmlsecurity/digitalsignaturesdialog.hxx | 4 | ||||
-rw-r--r-- | xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx | 7 | ||||
-rw-r--r-- | xmlsecurity/source/component/documentdigitalsignatures.cxx | 8 | ||||
-rw-r--r-- | xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx | 4 | ||||
-rw-r--r-- | xmlsecurity/source/helper/xmlsignaturehelper.cxx | 6 | ||||
-rw-r--r-- | xmlsecurity/source/xmlsec/nss/ciphercontext.cxx | 146 | ||||
-rw-r--r-- | xmlsecurity/source/xmlsec/nss/ciphercontext.hxx | 80 | ||||
-rw-r--r-- | xmlsecurity/source/xmlsec/nss/digestcontext.cxx | 92 | ||||
-rw-r--r-- | xmlsecurity/source/xmlsec/nss/digestcontext.hxx | 63 | ||||
-rw-r--r-- | xmlsecurity/source/xmlsec/nss/makefile.mk | 2 | ||||
-rw-r--r-- | xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx | 269 | ||||
-rw-r--r-- | xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx | 72 |
12 files changed, 582 insertions, 171 deletions
diff --git a/xmlsecurity/inc/xmlsecurity/digitalsignaturesdialog.hxx b/xmlsecurity/inc/xmlsecurity/digitalsignaturesdialog.hxx index 4d48aad47555..a0d4668d2477 100644 --- a/xmlsecurity/inc/xmlsecurity/digitalsignaturesdialog.hxx +++ b/xmlsecurity/inc/xmlsecurity/digitalsignaturesdialog.hxx @@ -132,8 +132,8 @@ public: sal_Bool bReadOnly, const ::rtl::OUString& sODFVersion, bool bHasDocumentSignature); ~DigitalSignaturesDialog(); - // Initialize the dialog and the security environment, returns TRUE on success - BOOL Init( const rtl::OUString& rTokenName ); + // Initialize the dialog and the security environment, returns TRUE on success + BOOL Init(); // Set the storage which should be signed or verified void SetStorage( const cssu::Reference < css::embed::XStorage >& rxStore ); diff --git a/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx b/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx index 4869b4728567..932c37f81252 100644 --- a/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx +++ b/xmlsecurity/inc/xmlsecurity/xmlsignaturehelper.hxx @@ -132,10 +132,9 @@ public: XMLSignatureHelper(const com::sun::star::uno::Reference< com::sun::star::uno::XComponentContext >& mrCtx ); ~XMLSignatureHelper(); - // Initialize the security context with given crypto token. - // Empty string means default crypto token. - // Returns true for success. - bool Init( const rtl::OUString& rTokenPath ); + // Initialize the security context with default crypto token. + // Returns true for success. + bool Init(); // Set UriBinding to create input streams to open files. // Default implementation is capable to open files from disk. diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx index ff7de666036d..6701f9aebcee 100644 --- a/xmlsecurity/source/component/documentdigitalsignatures.cxx +++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx @@ -220,7 +220,7 @@ sal_Bool DocumentDigitalSignatures::ImplViewSignatures( sal_Bool bChanges = sal_False; DigitalSignaturesDialog aSignaturesDialog( NULL, mxCtx, eMode, bReadOnly, m_sODFVersion, m_bHasDocumentSignature); - bool bInit = aSignaturesDialog.Init( rtl::OUString() ); + bool bInit = aSignaturesDialog.Init(); DBG_ASSERT( bInit, "Error initializing security context!" ); if ( bInit ) { @@ -276,7 +276,7 @@ DocumentDigitalSignatures::ImplVerifySignatures( XMLSignatureHelper aSignatureHelper( mxCtx ); - bool bInit = aSignatureHelper.Init( rtl::OUString() ); + bool bInit = aSignatureHelper.Init(); DBG_ASSERT( bInit, "Error initializing security context!" ); @@ -379,7 +379,7 @@ void DocumentDigitalSignatures::manageTrustedSources( ) throw (RuntimeException Reference< dcss::xml::crypto::XSecurityEnvironment > xSecEnv; XMLSignatureHelper aSignatureHelper( mxCtx ); - if ( aSignatureHelper.Init( rtl::OUString() ) ) + if ( aSignatureHelper.Init() ) xSecEnv = aSignatureHelper.GetSecurityEnvironment(); MacroSecurity aDlg( NULL, mxCtx, xSecEnv ); @@ -391,7 +391,7 @@ void DocumentDigitalSignatures::showCertificate( { XMLSignatureHelper aSignatureHelper( mxCtx ); - bool bInit = aSignatureHelper.Init( rtl::OUString() ); + bool bInit = aSignatureHelper.Init(); DBG_ASSERT( bInit, "Error initializing security context!" ); diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx index df032dcbe5ef..43e709c39b76 100644 --- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx +++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx @@ -266,9 +266,9 @@ DigitalSignaturesDialog::~DigitalSignaturesDialog() { } -BOOL DigitalSignaturesDialog::Init( const rtl::OUString& rTokenName ) +BOOL DigitalSignaturesDialog::Init() { - bool bInit = maSignatureHelper.Init( rTokenName ); + bool bInit = maSignatureHelper.Init(); DBG_ASSERT( bInit, "Error initializing security context!" ); diff --git a/xmlsecurity/source/helper/xmlsignaturehelper.cxx b/xmlsecurity/source/helper/xmlsignaturehelper.cxx index dd3ae00f69c1..5d898fd645e0 100644 --- a/xmlsecurity/source/helper/xmlsignaturehelper.cxx +++ b/xmlsecurity/source/helper/xmlsignaturehelper.cxx @@ -73,11 +73,9 @@ XMLSignatureHelper::XMLSignatureHelper( const uno::Reference< uno::XComponentCon XMLSignatureHelper::~XMLSignatureHelper() { - if ( mxSEInitializer.is() && mxSecurityContext.is() ) - mxSEInitializer->freeSecurityContext( mxSecurityContext ); } -bool XMLSignatureHelper::Init( const rtl::OUString& rTokenPath ) +bool XMLSignatureHelper::Init() { DBG_ASSERT( !mxSEInitializer.is(), "XMLSignatureHelper::Init - mxSEInitializer already set!" ); DBG_ASSERT( !mxSecurityContext.is(), "XMLSignatureHelper::Init - mxSecurityContext already set!" ); @@ -85,7 +83,7 @@ bool XMLSignatureHelper::Init( const rtl::OUString& rTokenPath ) ImplCreateSEInitializer(); if ( mxSEInitializer.is() ) - mxSecurityContext = mxSEInitializer->createSecurityContext( rTokenPath ); + mxSecurityContext = mxSEInitializer->createSecurityContext(); return mxSecurityContext.is(); } diff --git a/xmlsecurity/source/xmlsec/nss/ciphercontext.cxx b/xmlsecurity/source/xmlsec/nss/ciphercontext.cxx new file mode 100644 index 000000000000..64c619d0dfae --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/ciphercontext.cxx @@ -0,0 +1,146 @@ + /************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +#include <precompiled_xmlsecurity.hxx> + +#include <rtl/ref.hxx> +#include "ciphercontext.hxx" + +using namespace ::com::sun::star; + +uno::Reference< xml::crypto::XCipherContext > OCipherContext::Create( CK_MECHANISM_TYPE nNSSCipherID, const uno::Sequence< ::sal_Int8 >& aKey, const uno::Sequence< ::sal_Int8 >& aInitializationVector, bool bEncryption ) +{ + ::rtl::Reference< OCipherContext > xResult = new OCipherContext; + + xResult->m_pSlot = PK11_GetBestSlot( nNSSCipherID, NULL ); + if ( xResult->m_pSlot ) + { + SECItem aKeyItem = { siBuffer, const_cast< unsigned char* >( reinterpret_cast< const unsigned char* >( aKey.getConstArray() ) ), aKey.getLength() }; + xResult->m_pSymKey = PK11_ImportSymKey( xResult->m_pSlot, nNSSCipherID, PK11_OriginDerive, bEncryption ? CKA_ENCRYPT : CKA_DECRYPT, &aKeyItem, NULL ); + if ( xResult->m_pSymKey ) + { + SECItem aIVItem = { siBuffer, const_cast< unsigned char* >( reinterpret_cast< const unsigned char* >( aInitializationVector.getConstArray() ) ), aInitializationVector.getLength() }; + xResult->m_pSecParam = PK11_ParamFromIV( nNSSCipherID, &aIVItem ); + if ( xResult->m_pSecParam ) + { + xResult->m_pContext = PK11_CreateContextBySymKey( nNSSCipherID, bEncryption ? CKA_ENCRYPT : CKA_DECRYPT, xResult->m_pSymKey, xResult->m_pSecParam); + if ( xResult->m_pContext ) + { + xResult->m_bPadding = ( PK11_GetPadMechanism( nNSSCipherID ) == nNSSCipherID ); + xResult->m_nBlockSize = PK11_GetBlockSize( nNSSCipherID, xResult->m_pSecParam ); + return xResult.get(); + } + } + } + } + + return uno::Reference< xml::crypto::XCipherContext >(); +} + +void OCipherContext::Dispose() +{ + ::osl::MutexGuard aGuard( m_aMutex ); + + if ( m_pContext ) + { + PK11_DestroyContext( m_pContext, PR_TRUE ); + m_pContext = NULL; + } + + if ( m_pSecParam ) + { + SECITEM_FreeItem( m_pSecParam, PR_TRUE ); + m_pSecParam = NULL; + } + + if ( m_pSymKey ) + { + PK11_FreeSymKey( m_pSymKey ); + m_pSymKey = NULL; + } + + if ( m_pSlot ) + { + PK11_FreeSlot( m_pSlot ); + m_pSlot = NULL; + } + + m_bDisposed = true; +} + +uno::Sequence< ::sal_Int8 > SAL_CALL OCipherContext::convertWithCipherContext( const uno::Sequence< ::sal_Int8 >& aData ) + throw ( lang::IllegalArgumentException, lang::DisposedException, uno::RuntimeException) +{ + ::osl::MutexGuard aGuard( m_aMutex ); + + if ( m_bBroken ) + throw uno::RuntimeException(); + + if ( m_bDisposed ) + throw lang::DisposedException(); + + if ( !m_bPadding && aData.getLength() % m_nBlockSize ) + throw lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "CBC without padding is used, the data should contain complete blocks only." ) ), uno::Reference< uno::XInterface >(), 1 ); + + int nResultLen = 0; + uno::Sequence< sal_Int8 > aResult( aData.getLength() ); + if ( PK11_CipherOp( m_pContext, reinterpret_cast< unsigned char* >( aResult.getArray() ), &nResultLen, aResult.getLength(), const_cast< unsigned char* >( reinterpret_cast< const unsigned char* >( aData.getConstArray() ) ), aData.getLength() ) != SECSuccess ) + { + m_bBroken = true; + Dispose(); + throw uno::RuntimeException(); + } + + aResult.realloc( nResultLen ); + return aResult; +} + +uno::Sequence< ::sal_Int8 > SAL_CALL OCipherContext::finalizeCipherContextAndDispose() + throw (lang::DisposedException, uno::RuntimeException) +{ + ::osl::MutexGuard aGuard( m_aMutex ); + + if ( m_bBroken ) + throw uno::RuntimeException(); + + if ( m_bDisposed ) + throw lang::DisposedException(); + + unsigned nResultLen = 0; + uno::Sequence< sal_Int8 > aResult( m_nBlockSize ); + if ( PK11_DigestFinal( m_pContext, reinterpret_cast< unsigned char* >( aResult.getArray() ), &nResultLen, aResult.getLength() ) != SECSuccess ) + { + m_bBroken = true; + Dispose(); + throw uno::RuntimeException(); + } + + aResult.realloc( nResultLen ); + return aResult; + +} + diff --git a/xmlsecurity/source/xmlsec/nss/ciphercontext.hxx b/xmlsecurity/source/xmlsec/nss/ciphercontext.hxx new file mode 100644 index 000000000000..2ad8fc4ba62d --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/ciphercontext.hxx @@ -0,0 +1,80 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +#ifndef _CIPHERCONTEXT_HXX +#define _CIPHERCONTEXT_HXX + +#include <com/sun/star/xml/crypto/XCipherContext.hpp> + +#include <cppuhelper/implbase1.hxx> +#include <osl/mutex.hxx> +#include <pk11pub.h> + +class OCipherContext : public cppu::WeakImplHelper1< ::com::sun::star::xml::crypto::XCipherContext > +{ +private: + ::osl::Mutex m_aMutex; + + PK11SlotInfo* m_pSlot; + PK11SymKey* m_pSymKey; + SECItem* m_pSecParam; + PK11Context* m_pContext; + sal_Int32 m_nBlockSize; + bool m_bPadding; + + bool m_bDisposed; + bool m_bBroken; + + void Dispose(); + + OCipherContext() + : m_pSlot( NULL ) + , m_pSymKey( NULL ) + , m_pSecParam( NULL ) + , m_pContext( NULL ) + , m_bPadding( false ) + , m_nBlockSize( 0 ) + , m_bDisposed( false ) + , m_bBroken( false ) + {} + +public: + + virtual ~OCipherContext() + { + Dispose(); + } + + static ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XCipherContext > Create( CK_MECHANISM_TYPE nNSSCipherID, const ::com::sun::star::uno::Sequence< ::sal_Int8 >& aKey, const ::com::sun::star::uno::Sequence< ::sal_Int8 >& aInitializationVector, bool bEncryption ); + + // XCipherContext + virtual ::com::sun::star::uno::Sequence< ::sal_Int8 > SAL_CALL convertWithCipherContext( const ::com::sun::star::uno::Sequence< ::sal_Int8 >& aData ) throw (::com::sun::star::lang::IllegalArgumentException, ::com::sun::star::lang::DisposedException, ::com::sun::star::uno::RuntimeException); + virtual ::com::sun::star::uno::Sequence< ::sal_Int8 > SAL_CALL finalizeCipherContextAndDispose( ) throw (::com::sun::star::lang::DisposedException, ::com::sun::star::uno::RuntimeException); +}; + +#endif + diff --git a/xmlsecurity/source/xmlsec/nss/digestcontext.cxx b/xmlsecurity/source/xmlsec/nss/digestcontext.cxx new file mode 100644 index 000000000000..17b700f1fd63 --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/digestcontext.cxx @@ -0,0 +1,92 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +#include <precompiled_xmlsecurity.hxx> + +#include <pk11pub.h> +#include "digestcontext.hxx" + +using namespace ::com::sun::star; + +ODigestContext::~ODigestContext() +{ + if ( m_pContext ) + { + PK11_DestroyContext( m_pContext, PR_TRUE ); + m_pContext = NULL; + } +} + +void SAL_CALL ODigestContext::updateDigest( const uno::Sequence< ::sal_Int8 >& aData ) + throw (lang::DisposedException, uno::RuntimeException) +{ + ::osl::MutexGuard aGuard( m_aMutex ); + + if ( m_bBroken ) + throw uno::RuntimeException(); + + if ( m_bDisposed ) + throw lang::DisposedException(); + + if ( PK11_DigestOp( m_pContext, reinterpret_cast< const unsigned char* >( aData.getConstArray() ), aData.getLength() ) != SECSuccess ) + { + PK11_DestroyContext( m_pContext, PR_TRUE ); + m_pContext = NULL; + m_bBroken = true; + throw uno::RuntimeException(); + } +} + +uno::Sequence< ::sal_Int8 > SAL_CALL ODigestContext::finalizeDigestAndDispose() + throw (lang::DisposedException, uno::RuntimeException) +{ + ::osl::MutexGuard aGuard( m_aMutex ); + + if ( m_bBroken ) + throw uno::RuntimeException(); + + if ( m_bDisposed ) + throw lang::DisposedException(); + + uno::Sequence< sal_Int8 > aResult( m_nDigestLength ); + unsigned int nResultLen = 0; + if ( PK11_DigestFinal( m_pContext, reinterpret_cast< unsigned char* >( aResult.getArray() ), &nResultLen, aResult.getLength() ) != SECSuccess ) + { + PK11_DestroyContext( m_pContext, PR_TRUE ); + m_pContext = NULL; + m_bBroken = true; + throw uno::RuntimeException(); + } + + PK11_DestroyContext( m_pContext, PR_TRUE ); + m_pContext = NULL; + m_bDisposed = true; + + aResult.realloc( nResultLen ); + return aResult; +} + diff --git a/xmlsecurity/source/xmlsec/nss/digestcontext.hxx b/xmlsecurity/source/xmlsec/nss/digestcontext.hxx new file mode 100644 index 000000000000..88b2063a84dc --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/digestcontext.hxx @@ -0,0 +1,63 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +#ifndef _DIGESTCONTEXT_HXX +#define _DIGESTCONTEXT_HXX + +#include <com/sun/star/xml/crypto/XDigestContext.hpp> + +#include <cppuhelper/implbase1.hxx> +#include <osl/mutex.hxx> + +class ODigestContext : public cppu::WeakImplHelper1< ::com::sun::star::xml::crypto::XDigestContext > +{ +private: + ::osl::Mutex m_aMutex; + + PK11Context* m_pContext; + sal_Int32 m_nDigestLength; + bool m_bDisposed; + bool m_bBroken; + +public: + ODigestContext( PK11Context* pContext, sal_Int32 nDigestLength ) + : m_pContext( pContext ) + , m_nDigestLength( nDigestLength ) + , m_bDisposed( false ) + , m_bBroken( false ) + {} + + virtual ~ODigestContext(); + + + // XDigestContext + virtual void SAL_CALL updateDigest( const ::com::sun::star::uno::Sequence< ::sal_Int8 >& aData ) throw (::com::sun::star::lang::DisposedException, ::com::sun::star::uno::RuntimeException); + virtual ::com::sun::star::uno::Sequence< ::sal_Int8 > SAL_CALL finalizeDigestAndDispose() throw (::com::sun::star::lang::DisposedException, ::com::sun::star::uno::RuntimeException); +}; + +#endif + diff --git a/xmlsecurity/source/xmlsec/nss/makefile.mk b/xmlsecurity/source/xmlsec/nss/makefile.mk index 227b6de88477..8a5fad14ce5d 100644 --- a/xmlsecurity/source/xmlsec/nss/makefile.mk +++ b/xmlsecurity/source/xmlsec/nss/makefile.mk @@ -130,6 +130,8 @@ SLOFILES = \ $(SLO)$/xmlsignature_nssimpl.obj \ $(SLO)$/x509certificate_nssimpl.obj \ $(SLO)$/seinitializer_nssimpl.obj \ + $(SLO)$/digestcontext.obj \ + $(SLO)$/ciphercontext.obj \ $(SLO)$/xsec_nss.obj \ $(SLO)$/secerror.obj diff --git a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx index 127d7fa43fe6..99415a5a8521 100644 --- a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx @@ -50,13 +50,17 @@ #endif +#include <com/sun/star/mozilla/XMozillaBootstrap.hpp> +#include <com/sun/star/xml/crypto/DigestID.hpp> +#include <com/sun/star/xml/crypto/CipherID.hpp> + #include <sal/types.h> -#include "rtl/instance.hxx" -#include "rtl/bootstrap.hxx" -#include "rtl/string.hxx" -#include "rtl/strbuf.hxx" -#include "osl/file.hxx" -#include "osl/thread.h" +#include <rtl/instance.hxx> +#include <rtl/bootstrap.hxx> +#include <rtl/string.hxx> +#include <rtl/strbuf.hxx> +#include <osl/file.hxx> +#include <osl/thread.h> #include <tools/debug.hxx> #include <rtl/logfile.hxx> @@ -64,18 +68,21 @@ #include "../diagnose.hxx" #include "securityenvironment_nssimpl.hxx" -#include <com/sun/star/mozilla/XMozillaBootstrap.hpp> +#include "digestcontext.hxx" +#include "ciphercontext.hxx" -#include "nspr.h" -#include "cert.h" -#include "nss.h" -#include "secmod.h" -#include "nssckbi.h" +#include <nspr.h> +#include <cert.h> +#include <nss.h> +#include <pk11pub.h> +#include <secmod.h> +#include <nssckbi.h> -namespace cssu = com::sun::star::uno; -namespace cssl = com::sun::star::lang; -namespace cssxc = com::sun::star::xml::crypto; +namespace css = ::com::sun::star; +namespace cssu = css::uno; +namespace cssl = css::lang; +namespace cssxc = css::xml::crypto; using namespace xmlsecurity; using namespace com::sun::star; @@ -97,30 +104,33 @@ extern "C" void nsscrypto_finalize(); namespace { -bool nsscrypto_initialize( const char * sProfile, bool & out_nss_init); +bool nsscrypto_initialize( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF, bool & out_nss_init ); struct InitNSSInitialize { - //path to the database folder - const OString m_sProfile; - InitNSSInitialize(const OString & sProfile): m_sProfile(sProfile) {}; + css::uno::Reference< css::lang::XMultiServiceFactory > mxMSF; + + InitNSSInitialize( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF ) + : mxMSF( xMSF ) + { + } + bool * operator()() { static bool bInitialized = false; bool bNSSInit = false; - bInitialized = nsscrypto_initialize(m_sProfile.getStr(), bNSSInit); + bInitialized = nsscrypto_initialize( mxMSF, bNSSInit ); if (bNSSInit) atexit(nsscrypto_finalize ); return & bInitialized; - } }; -bool * initNSS(const OString & sProfile) +bool * initNSS( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF ) { return rtl_Instance< bool, InitNSSInitialize, ::osl::MutexGuard, ::osl::GetGlobalMutex >::create( - InitNSSInitialize(sProfile), ::osl::GetGlobalMutex()); + InitNSSInitialize( xMSF ), ::osl::GetGlobalMutex()); } void deleteRootsModule() @@ -171,6 +181,54 @@ void deleteRootsModule() } } +::rtl::OString getMozillaCurrentProfile( const css::uno::Reference< css::lang::XMultiServiceFactory > &rxMSF ) +{ + ::rtl::OString sResult; + // first, try to get the profile from "MOZILLA_CERTIFICATE_FOLDER" + char* pEnv = getenv( "MOZILLA_CERTIFICATE_FOLDER" ); + if ( pEnv ) + { + sResult = ::rtl::OString( pEnv ); + RTL_LOGFILE_PRODUCT_TRACE1( "XMLSEC: Using env MOZILLA_CERTIFICATE_FOLDER: %s", sResult.getStr() ); + } + else + { + mozilla::MozillaProductType productTypes[4] = { + mozilla::MozillaProductType_Thunderbird, + mozilla::MozillaProductType_Mozilla, + mozilla::MozillaProductType_Firefox, + mozilla::MozillaProductType_Default }; + int nProduct = 4; + + uno::Reference<uno::XInterface> xInstance = rxMSF->createInstance( + ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM("com.sun.star.mozilla.MozillaBootstrap")) ); + OSL_ENSURE( xInstance.is(), "failed to create instance" ); + + uno::Reference<mozilla::XMozillaBootstrap> xMozillaBootstrap + = uno::Reference<mozilla::XMozillaBootstrap>(xInstance,uno::UNO_QUERY); + OSL_ENSURE( xMozillaBootstrap.is(), "failed to create instance" ); + + if (xMozillaBootstrap.is()) + { + for (int i=0; i<nProduct; i++) + { + ::rtl::OUString profile = xMozillaBootstrap->getDefaultProfile(productTypes[i]); + + if (profile != NULL && profile.getLength()>0) + { + ::rtl::OUString sProfilePath = xMozillaBootstrap->getProfilePath( productTypes[i], profile ); + sResult = ::rtl::OUStringToOString( sProfilePath, osl_getThreadTextEncoding() ); + RTL_LOGFILE_PRODUCT_TRACE1( "XMLSEC: Using Mozilla Profile: %s", sResult.getStr() ); + } + } + } + + RTL_LOGFILE_PRODUCT_TRACE( "XMLSEC: No Mozilla Profile found!" ); + } + + return sResult; +} + //Older versions of Firefox (FF), for example FF2, and Thunderbird (TB) 2 write //the roots certificate module (libnssckbi.so), which they use, into the //profile. This module will then already be loaded during NSS_Init (and the @@ -192,18 +250,23 @@ void deleteRootsModule() //return true - whole initialization was successful //param out_nss_init = true: at least the NSS initialization (NSS_InitReadWrite //was successful and therefor NSS_Shutdown should be called when terminating. -bool nsscrypto_initialize( const char* token, bool & out_nss_init ) +bool nsscrypto_initialize( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF, bool & out_nss_init ) { bool return_value = true; - xmlsec_trace("Using profile: %s", token); + // this method must be called only once, no need for additional lock + rtl::OString sCertDir; + if ( xMSF.is() ) + sCertDir = getMozillaCurrentProfile( xMSF ); + + xmlsec_trace( "Using profile: %s", sCertDir.getStr() ); PR_Init( PR_USER_THREAD, PR_PRIORITY_NORMAL, 1 ) ; - //token may be an empty string - if (token != NULL && strlen(token) > 0) + // there might be no profile + if ( sCertDir.getLength() > 0 ) { - if( NSS_InitReadWrite( token ) != SECSuccess ) + if( NSS_InitReadWrite( sCertDir.getStr() ) != SECSuccess ) { xmlsec_trace("Initializing NSS with profile failed."); char * error = NULL; @@ -323,63 +386,10 @@ extern "C" void nsscrypto_finalize() PK11_LogoutAll(); NSS_Shutdown(); } - - -bool getMozillaCurrentProfile( - const com::sun::star::uno::Reference< com::sun::star::lang::XMultiServiceFactory > &rxMSF, - rtl::OUString& profilePath) -{ - /* - * first, try to get the profile from "MOZILLA_CERTIFICATE_FOLDER" - */ - char * env = getenv("MOZILLA_CERTIFICATE_FOLDER"); - if (env) - { - profilePath = rtl::OUString::createFromAscii( env ); - RTL_LOGFILE_PRODUCT_TRACE1( "XMLSEC: Using env MOZILLA_CERTIFICATE_FOLDER: %s", rtl::OUStringToOString( profilePath, RTL_TEXTENCODING_ASCII_US ).getStr() ); - return true; - } - else - { - mozilla::MozillaProductType productTypes[4] = { - mozilla::MozillaProductType_Thunderbird, - mozilla::MozillaProductType_Mozilla, - mozilla::MozillaProductType_Firefox, - mozilla::MozillaProductType_Default }; - int nProduct = 4; - - uno::Reference<uno::XInterface> xInstance = rxMSF->createInstance( - ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM("com.sun.star.mozilla.MozillaBootstrap")) ); - OSL_ENSURE( xInstance.is(), "failed to create instance" ); - - uno::Reference<mozilla::XMozillaBootstrap> xMozillaBootstrap - = uno::Reference<mozilla::XMozillaBootstrap>(xInstance,uno::UNO_QUERY); - OSL_ENSURE( xMozillaBootstrap.is(), "failed to create instance" ); - - if (xMozillaBootstrap.is()) - { - for (int i=0; i<nProduct; i++) - { - ::rtl::OUString profile = xMozillaBootstrap->getDefaultProfile(productTypes[i]); - - if (profile != NULL && profile.getLength()>0) - { - profilePath = xMozillaBootstrap->getProfilePath(productTypes[i],profile); - RTL_LOGFILE_PRODUCT_TRACE1( "XMLSEC: Using Mozilla Profile: %s", rtl::OUStringToOString( profilePath, RTL_TEXTENCODING_ASCII_US ).getStr() ); - return true; - } - } - } - - RTL_LOGFILE_PRODUCT_TRACE( "XMLSEC: No Mozilla Profile found!" ); - return false; - } -} - } // namespace SEInitializer_NssImpl::SEInitializer_NssImpl( - const com::sun::star::uno::Reference< com::sun::star::lang::XMultiServiceFactory > &rxMSF) + const css::uno::Reference< css::lang::XMultiServiceFactory > &rxMSF) :mxMSF( rxMSF ) { } @@ -390,38 +400,13 @@ SEInitializer_NssImpl::~SEInitializer_NssImpl() /* XSEInitializer */ cssu::Reference< cssxc::XXMLSecurityContext > SAL_CALL - SEInitializer_NssImpl::createSecurityContext( - const rtl::OUString& sCertDB ) + SEInitializer_NssImpl::createSecurityContext() throw (cssu::RuntimeException) { CERTCertDBHandle *pCertHandle = NULL ; - rtl::OString sCertDir; - if( sCertDB.getLength() ) - { - sCertDir = rtl::OString(sCertDB, sCertDB.getLength(), RTL_TEXTENCODING_ASCII_US); - } - else - { - static rtl::OString* pDefaultCertDir = NULL; - if ( !pDefaultCertDir ) - { - pDefaultCertDir = new rtl::OString; - rtl::OUString ouCertDir; - - - - if ( getMozillaCurrentProfile(mxMSF, ouCertDir) ) - *pDefaultCertDir = rtl::OString(ouCertDir, ouCertDir.getLength(), RTL_TEXTENCODING_ASCII_US); - } - sCertDir = *pDefaultCertDir; - - } - - if( ! *initNSS( sCertDir.getStr() ) ) - { + if( ! *initNSS( mxMSF ) ) return NULL; - } pCertHandle = CERT_GetDefaultCertDB() ; @@ -456,16 +441,64 @@ cssu::Reference< cssxc::XXMLSecurityContext > SAL_CALL } } -void SAL_CALL SEInitializer_NssImpl::freeSecurityContext( const cssu::Reference< cssxc::XXMLSecurityContext >& ) - throw (cssu::RuntimeException) +css::uno::Reference< css::xml::crypto::XDigestContext > SAL_CALL SEInitializer_NssImpl::getDigestContext( ::sal_Int32 nDigestID, const css::uno::Any& aParams ) + throw (css::lang::IllegalArgumentException, css::uno::RuntimeException) +{ + SECOidTag nNSSDigestID = SEC_OID_UNKNOWN; + sal_Int32 nDigestLength = 0; + if ( nDigestID == css::xml::crypto::DigestID::SHA256 ) + { + nNSSDigestID = SEC_OID_SHA256; + nDigestLength = 32; + } + else if ( nDigestID != css::xml::crypto::DigestID::SHA1 ) + { + nNSSDigestID = SEC_OID_SHA1; + nDigestLength = 16; + } + else + throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected digest requested." ) ), css::uno::Reference< css::uno::XInterface >(), 1 ); + + if ( aParams.hasValue() ) + throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected arguments provided for digest creation." ) ), css::uno::Reference< css::uno::XInterface >(), 2 ); + + css::uno::Reference< css::xml::crypto::XDigestContext > xResult; + if( *initNSS( mxMSF ) ) + { + PK11Context* pContext = PK11_CreateDigestContext( nNSSDigestID ); + if ( pContext && PK11_DigestBegin( pContext ) == SECSuccess ) + xResult = new ODigestContext( pContext, nDigestLength ); + } + + return xResult; +} + +css::uno::Reference< css::xml::crypto::XCipherContext > SAL_CALL SEInitializer_NssImpl::getCipherContext( ::sal_Int32 nCipherID, const css::uno::Sequence< ::sal_Int8 >& aKey, const css::uno::Sequence< ::sal_Int8 >& aInitializationVector, ::sal_Bool bEncryption, const css::uno::Any& aParams ) + throw (css::lang::IllegalArgumentException, css::uno::RuntimeException) { - /* - * because the security context will free all its content when it - * is destructed, so here no free process for the security context - * is needed. - */ - //PK11_LogoutAll(); - //NSS_Shutdown(); + CK_MECHANISM_TYPE nNSSCipherID = -1; + if ( nCipherID == css::xml::crypto::CipherID::AES_CBC ) + { + nNSSCipherID = CKM_AES_CBC; + if ( aKey.getLength() != 16 && aKey.getLength() != 24 && aKey.getLength() != 32 ) + throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected key length." ) ), css::uno::Reference< css::uno::XInterface >(), 2 ); + + if ( aParams.hasValue() ) + throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected arguments provided for cipher creation." ) ), css::uno::Reference< css::uno::XInterface >(), 5 ); + } + else + throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected cipher requested." ) ), css::uno::Reference< css::uno::XInterface >(), 1 ); + + css::uno::Reference< css::xml::crypto::XCipherContext > xResult; + if( *initNSS( mxMSF ) ) + { + if ( aInitializationVector.getLength() != PK11_GetIVLength( nNSSCipherID ) ) + throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected length of initialization vector." ) ), css::uno::Reference< css::uno::XInterface >(), 3 ); + + xResult = OCipherContext::Create( nNSSCipherID, aKey, aInitializationVector, bEncryption ); + } + + return xResult; } rtl::OUString SEInitializer_NssImpl_getImplementationName () diff --git a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx index 70075adc84e3..c7a130981e37 100644 --- a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx +++ b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx @@ -29,80 +29,78 @@ #define _SEINITIALIZERIMPL_HXX #include <com/sun/star/xml/crypto/XXMLSecurityContext.hpp> -#ifndef _COM_SUN_STAR_XML_CRYPTO_SEINITIALIZER_HPP_ #include <com/sun/star/xml/crypto/XSEInitializer.hpp> -#endif +#include <com/sun/star/xml/crypto/XDigestContextSupplier.hpp> +#include <com/sun/star/xml/crypto/XCipherContextSupplier.hpp> #include <com/sun/star/lang/XUnoTunnel.hpp> #include <com/sun/star/lang/XServiceInfo.hpp> #include <com/sun/star/lang/XMultiServiceFactory.hpp> -#include <cppuhelper/implbase2.hxx> + +#include <cppuhelper/implbase4.hxx> #include <libxml/tree.h> -class SEInitializer_NssImpl : public cppu::WeakImplHelper2 +class SEInitializer_NssImpl : public cppu::WeakImplHelper4 < - com::sun::star::xml::crypto::XSEInitializer, - com::sun::star::lang::XServiceInfo + ::com::sun::star::xml::crypto::XSEInitializer, + ::com::sun::star::xml::crypto::XDigestContextSupplier, + ::com::sun::star::xml::crypto::XCipherContextSupplier, + ::com::sun::star::lang::XServiceInfo > /****** SEInitializer_NssImpl.hxx/CLASS SEInitializer_NssImpl *********** * * NAME - * SEInitializer_NssImpl -- Class to initialize a Security Context - * instance + * SEInitializer_NssImpl -- Class to initialize a Security Context + * instance * * FUNCTION - * Use this class to initialize a XmlSec based Security Context - * instance. After this instance is used up, use this class to free this - * instance. - * - * HISTORY - * 05.01.2004 - Interface supported: XSEInitializer, XSEInitializer - * - * AUTHOR - * Michael Mi - * Email: michael.mi@sun.com + * Use this class to initialize a XmlSec based Security Context + * instance. After this instance is used up, use this class to free this + * instance. ******************************************************************************/ { private: - com::sun::star::uno::Reference< com::sun::star::lang::XMultiServiceFactory > mxMSF; + ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory > mxMSF; public: - SEInitializer_NssImpl(const com::sun::star::uno::Reference< com::sun::star::lang::XMultiServiceFactory > &rxMSF); + SEInitializer_NssImpl(const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory > &rxMSF); virtual ~SEInitializer_NssImpl(); /* XSEInitializer */ - virtual com::sun::star::uno::Reference< - com::sun::star::xml::crypto::XXMLSecurityContext > - SAL_CALL createSecurityContext( const rtl::OUString& certDB ) - throw (com::sun::star::uno::RuntimeException); + virtual ::com::sun::star::uno::Reference< + ::com::sun::star::xml::crypto::XXMLSecurityContext > + SAL_CALL createSecurityContext() + throw (::com::sun::star::uno::RuntimeException); + + /* XDigestContextSupplier */ + virtual ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XDigestContext > SAL_CALL getDigestContext( ::sal_Int32 nDigestID, const ::com::sun::star::uno::Any& aParams ) throw (::com::sun::star::lang::IllegalArgumentException, ::com::sun::star::uno::RuntimeException); - virtual void SAL_CALL freeSecurityContext( const com::sun::star::uno::Reference< - com::sun::star::xml::crypto::XXMLSecurityContext >& securityContext ) - throw (com::sun::star::uno::RuntimeException); + /* XCipherContextSupplier */ + virtual ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XCipherContext > SAL_CALL getCipherContext( ::sal_Int32 nCipherID, const ::com::sun::star::uno::Sequence< ::sal_Int8 >& aKey, const ::com::sun::star::uno::Sequence< ::sal_Int8 >& aInitializationVector, ::sal_Bool bEncryption, const ::com::sun::star::uno::Any& aParams ) throw (::com::sun::star::lang::IllegalArgumentException, ::com::sun::star::uno::RuntimeException); /* XServiceInfo */ virtual rtl::OUString SAL_CALL getImplementationName( ) - throw (com::sun::star::uno::RuntimeException); + throw (::com::sun::star::uno::RuntimeException); virtual sal_Bool SAL_CALL supportsService( const rtl::OUString& ServiceName ) - throw (com::sun::star::uno::RuntimeException); + throw (::com::sun::star::uno::RuntimeException); - virtual com::sun::star::uno::Sequence< rtl::OUString > SAL_CALL getSupportedServiceNames( ) - throw (com::sun::star::uno::RuntimeException); + virtual ::com::sun::star::uno::Sequence< rtl::OUString > SAL_CALL getSupportedServiceNames( ) + throw (::com::sun::star::uno::RuntimeException); }; rtl::OUString SEInitializer_NssImpl_getImplementationName() - throw ( com::sun::star::uno::RuntimeException ); + throw ( ::com::sun::star::uno::RuntimeException ); sal_Bool SAL_CALL SEInitializer_NssImpl_supportsService( const rtl::OUString& ServiceName ) - throw ( com::sun::star::uno::RuntimeException ); + throw ( ::com::sun::star::uno::RuntimeException ); com::sun::star::uno::Sequence< rtl::OUString > SAL_CALL SEInitializer_NssImpl_getSupportedServiceNames( ) - throw ( com::sun::star::uno::RuntimeException ); + throw ( ::com::sun::star::uno::RuntimeException ); -com::sun::star::uno::Reference< com::sun::star::uno::XInterface > -SAL_CALL SEInitializer_NssImpl_createInstance( const com::sun::star::uno::Reference< com::sun::star::lang::XMultiServiceFactory > & rSMgr) - throw ( com::sun::star::uno::Exception ); +com::sun::star::uno::Reference< ::com::sun::star::uno::XInterface > +SAL_CALL SEInitializer_NssImpl_createInstance( const ::com::sun::star::uno::Reference< ::com::sun::star::lang::XMultiServiceFactory > & rSMgr) + throw ( ::com::sun::star::uno::Exception ); #endif |