diff options
Diffstat (limited to 'xmlsecurity/source/xmlsec')
4 files changed, 78 insertions, 0 deletions
diff --git a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx index d44d093641c1..b5f779db3029 100644 --- a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx +++ b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx @@ -26,6 +26,7 @@ #include <cppuhelper/supportsservice.hxx> #include "x509certificate_mscryptimpl.hxx" #include <certificateextension_xmlsecimpl.hxx> +#include <biginteger.hxx> #include "sanextension_mscryptimpl.hxx" #include "oid.hxx" @@ -674,4 +675,50 @@ Sequence<OUString> SAL_CALL X509Certificate_MSCryptImpl::getSupportedServiceName return { OUString() }; } +namespace xmlsecurity { + +static bool EncodeDistinguishedName(OUString const& rName, CERT_NAME_BLOB & rBlob) +{ + LPCWSTR pszError; + if (!CertStrToNameW(X509_ASN_ENCODING, + reinterpret_cast<LPCWSTR>(rName.getStr()), CERT_X500_NAME_STR, + nullptr, nullptr, &rBlob.cbData, &pszError)) + { + SAL_INFO("xmlsecurity.xmlsec", "CertStrToNameW failed: " << WindowsErrorString(GetLastError()) << "; " << reinterpret_cast<char16_t const*>(pszError)); + return false; + } + rBlob.pbData = new BYTE[rBlob.cbData]; + if (!CertStrToNameW(X509_ASN_ENCODING, + reinterpret_cast<LPCWSTR>(rName.getStr()), CERT_X500_NAME_STR, + nullptr, rBlob.pbData, &rBlob.cbData, &pszError)) + { + SAL_INFO("xmlsecurity.xmlsec", "CertStrToNameW failed: " << WindowsErrorString(GetLastError()) << "; " << reinterpret_cast<char16_t const*>(pszError)); + return false; + } + return true; +} + +bool EqualDistinguishedNames( + OUString const& rName1, OUString const& rName2) +{ + CERT_NAME_BLOB blob1; + if (!EncodeDistinguishedName(rName1, blob1)) + { + return false; + } + CERT_NAME_BLOB blob2; + if (!EncodeDistinguishedName(rName2, blob2)) + { + delete[] blob1.pbData; + return false; + } + bool const ret(CertCompareCertificateName(X509_ASN_ENCODING, + &blob1, &blob2) == TRUE); + delete[] blob2.pbData; + delete[] blob1.pbData; + return ret; +} + +} // namespace xmlsecurity + /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx index dfa9c4ad494b..6b16efd46752 100644 --- a/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx +++ b/xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx @@ -18,6 +18,7 @@ */ #include <sal/config.h> +#include <sal/log.hxx> #include <rtl/uuid.h> #include <com/sun/star/xml/crypto/SecurityOperationStatus.hpp> @@ -250,6 +251,7 @@ SAL_CALL XMLSignature_MSCryptImpl::validate( ++nReferenceGood; } } + SAL_INFO("xmlsecurity.xmlsec", "xmlSecDSigCtxVerify status " << pDsigCtx->status << ", references good " << nReferenceGood << " of " << nReferenceCount); if (rs == 0 && nReferenceCount == nReferenceGood) { diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx index 180ef6558d38..cfa4ed65a049 100644 --- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx @@ -32,6 +32,7 @@ #include <rtl/ref.hxx> #include "x509certificate_nssimpl.hxx" +#include <biginteger.hxx> #include <certificateextension_xmlsecimpl.hxx> #include "sanextension_nssimpl.hxx" @@ -534,4 +535,28 @@ sal_Bool SAL_CALL X509Certificate_NssImpl::supportsService(const OUString& servi /* XServiceInfo */ Sequence<OUString> SAL_CALL X509Certificate_NssImpl::getSupportedServiceNames() { return { OUString() }; } +namespace xmlsecurity { + +bool EqualDistinguishedNames( + OUString const& rName1, OUString const& rName2) +{ + CERTName *const pName1(CERT_AsciiToName(OUStringToOString(rName1, RTL_TEXTENCODING_UTF8).getStr())); + if (pName1 == nullptr) + { + return false; + } + CERTName *const pName2(CERT_AsciiToName(OUStringToOString(rName2, RTL_TEXTENCODING_UTF8).getStr())); + if (pName2 == nullptr) + { + CERT_DestroyName(pName1); + return false; + } + bool const ret(CERT_CompareName(pName1, pName2) == SECEqual); + CERT_DestroyName(pName2); + CERT_DestroyName(pName1); + return ret; +} + +} // namespace xmlsecurity + /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx index 311ce6aeb69f..43267dec23e3 100644 --- a/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx @@ -28,6 +28,9 @@ #include "securityenvironment_nssimpl.hxx" #include <xmlsec-wrapper.h> + +#include <sal/log.hxx> + #include <com/sun/star/xml/crypto/XXMLSignature.hpp> #include <memory> @@ -260,6 +263,7 @@ SAL_CALL XMLSignature_NssImpl::validate( ++nReferenceGood; } } + SAL_INFO("xmlsecurity.xmlsec", "xmlSecDSigCtxVerify status " << pDsigCtx->status << ", references good " << nReferenceGood << " of " << nReferenceCount); if (rs == 0 && pDsigCtx->status == xmlSecDSigStatusSucceeded && nReferenceCount == nReferenceGood) { |