1*06b3ce53SAndrew Rist /**************************************************************
2cdf0e10cSrcweir *
3*06b3ce53SAndrew Rist * Licensed to the Apache Software Foundation (ASF) under one
4*06b3ce53SAndrew Rist * or more contributor license agreements. See the NOTICE file
5*06b3ce53SAndrew Rist * distributed with this work for additional information
6*06b3ce53SAndrew Rist * regarding copyright ownership. The ASF licenses this file
7*06b3ce53SAndrew Rist * to you under the Apache License, Version 2.0 (the
8*06b3ce53SAndrew Rist * "License"); you may not use this file except in compliance
9*06b3ce53SAndrew Rist * with the License. You may obtain a copy of the License at
10*06b3ce53SAndrew Rist *
11*06b3ce53SAndrew Rist * http://www.apache.org/licenses/LICENSE-2.0
12*06b3ce53SAndrew Rist *
13*06b3ce53SAndrew Rist * Unless required by applicable law or agreed to in writing,
14*06b3ce53SAndrew Rist * software distributed under the License is distributed on an
15*06b3ce53SAndrew Rist * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16*06b3ce53SAndrew Rist * KIND, either express or implied. See the License for the
17*06b3ce53SAndrew Rist * specific language governing permissions and limitations
18*06b3ce53SAndrew Rist * under the License.
19*06b3ce53SAndrew Rist *
20*06b3ce53SAndrew Rist *************************************************************/
21*06b3ce53SAndrew Rist
22*06b3ce53SAndrew Rist
23cdf0e10cSrcweir
24cdf0e10cSrcweir // MARKER(update_precomp.py): autogen include statement, do not remove
25cdf0e10cSrcweir #include "precompiled_xmlsecurity.hxx"
26cdf0e10cSrcweir #include <sal/config.h>
27cdf0e10cSrcweir #include <rtl/uuid.h>
28cdf0e10cSrcweir #include "x509certificate_mscryptimpl.hxx"
29cdf0e10cSrcweir #include "certificateextension_xmlsecimpl.hxx"
30cdf0e10cSrcweir #include "sanextension_mscryptimpl.hxx"
31cdf0e10cSrcweir
32cdf0e10cSrcweir //MM : added by MM
33cdf0e10cSrcweir #include "oid.hxx"
34cdf0e10cSrcweir //MM : end
35cdf0e10cSrcweir
36cdf0e10cSrcweir //CP : added by CP
37cdf0e10cSrcweir #include <rtl/locale.h>
38cdf0e10cSrcweir #include <osl/nlsupport.h>
39cdf0e10cSrcweir #include <osl/process.h>
40cdf0e10cSrcweir #include <utility>
41cdf0e10cSrcweir
42cdf0e10cSrcweir //CP : end
43cdf0e10cSrcweir
44cdf0e10cSrcweir using namespace ::com::sun::star::uno ;
45cdf0e10cSrcweir using namespace ::com::sun::star::security ;
46cdf0e10cSrcweir using ::rtl::OUString ;
47cdf0e10cSrcweir
48cdf0e10cSrcweir using ::com::sun::star::security::XCertificate ;
49cdf0e10cSrcweir using ::com::sun::star::util::DateTime ;
50cdf0e10cSrcweir
51cdf0e10cSrcweir #define OUSTR(x) ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM(x) )
52cdf0e10cSrcweir
53cdf0e10cSrcweir /*Resturns the index withing rRawString where sTypeName starts and where it ends.
54cdf0e10cSrcweir The starting index is pair.first. The ending index in pair.second points
55cdf0e10cSrcweir one char after the last character of the type.
56cdf0e10cSrcweir sTypeName can be
57cdf0e10cSrcweir "S" or "CN" (without ""). Do not use spaces at the beginning of the type name.
58cdf0e10cSrcweir If the type name is not found then pair.first and pair.second are -1.
59cdf0e10cSrcweir */
60cdf0e10cSrcweir std::pair< sal_Int32, sal_Int32 >
findTypeInDN(const OUString & rRawString,const OUString & sTypeName)61cdf0e10cSrcweir findTypeInDN(const OUString& rRawString, const OUString& sTypeName)
62cdf0e10cSrcweir {
63cdf0e10cSrcweir std::pair< sal_Int32, sal_Int32 > retVal;
64cdf0e10cSrcweir bool bInEscape = false;
65cdf0e10cSrcweir bool bInValue = false;
66cdf0e10cSrcweir bool bFound = false;
67cdf0e10cSrcweir sal_Int32 nTypeNameStart = 0;
68cdf0e10cSrcweir sal_Int32 length = rRawString.getLength();
69cdf0e10cSrcweir
70cdf0e10cSrcweir for (sal_Int32 i = 0; i < length; i++)
71cdf0e10cSrcweir {
72cdf0e10cSrcweir sal_Unicode c = rRawString[i];
73cdf0e10cSrcweir
74cdf0e10cSrcweir if (c == '=')
75cdf0e10cSrcweir {
76cdf0e10cSrcweir if (! bInValue)
77cdf0e10cSrcweir {
78cdf0e10cSrcweir OUString sType = rRawString.copy(nTypeNameStart, i - nTypeNameStart);
79cdf0e10cSrcweir sType = sType.trim();
80cdf0e10cSrcweir if (sType.equalsIgnoreAsciiCase(sTypeName))
81cdf0e10cSrcweir {
82cdf0e10cSrcweir bFound = true;
83cdf0e10cSrcweir break;
84cdf0e10cSrcweir }
85cdf0e10cSrcweir }
86cdf0e10cSrcweir }
87cdf0e10cSrcweir else if (c == '"')
88cdf0e10cSrcweir {
89cdf0e10cSrcweir if (!bInEscape)
90cdf0e10cSrcweir {
91cdf0e10cSrcweir //If this is the quote is the first of the couple which enclose the
92cdf0e10cSrcweir //whole value, because the value contains special characters
93cdf0e10cSrcweir //then we just drop it. That is, this character must be followed by
94cdf0e10cSrcweir //a character which is not '"'.
95cdf0e10cSrcweir if ( i + 1 < length && rRawString[i+1] == '"')
96cdf0e10cSrcweir bInEscape = true;
97cdf0e10cSrcweir else
98cdf0e10cSrcweir bInValue = !bInValue; //value is enclosed in " "
99cdf0e10cSrcweir }
100cdf0e10cSrcweir else
101cdf0e10cSrcweir {
102cdf0e10cSrcweir //This quote is escaped by a preceding quote and therefore is
103cdf0e10cSrcweir //part of the value
104cdf0e10cSrcweir bInEscape = false;
105cdf0e10cSrcweir }
106cdf0e10cSrcweir }
107cdf0e10cSrcweir else if (c == ',' || c == '+')
108cdf0e10cSrcweir {
109cdf0e10cSrcweir //The comma separate the attribute value pairs.
110cdf0e10cSrcweir //If the comma is not part of a value (the value would then be enclosed in '"'),
111cdf0e10cSrcweir //then we have reached the end of the value
112cdf0e10cSrcweir if (!bInValue)
113cdf0e10cSrcweir {
114cdf0e10cSrcweir //The next char is the start of the new type
115cdf0e10cSrcweir nTypeNameStart = i + 1;
116cdf0e10cSrcweir }
117cdf0e10cSrcweir }
118cdf0e10cSrcweir }
119cdf0e10cSrcweir
120cdf0e10cSrcweir //Found the Type Name, but there can still be spaces after the last comma
121cdf0e10cSrcweir //and the beginning of the type.
122cdf0e10cSrcweir if (bFound)
123cdf0e10cSrcweir {
124cdf0e10cSrcweir while (true)
125cdf0e10cSrcweir {
126cdf0e10cSrcweir sal_Unicode c = rRawString[nTypeNameStart];
127cdf0e10cSrcweir if (c != ' ' && c != '\t')
128cdf0e10cSrcweir //found
129cdf0e10cSrcweir break;
130cdf0e10cSrcweir nTypeNameStart ++;
131cdf0e10cSrcweir }
132cdf0e10cSrcweir // search end (one after last letter)
133cdf0e10cSrcweir sal_Int32 nTypeNameEnd = nTypeNameStart;
134cdf0e10cSrcweir nTypeNameEnd++;
135cdf0e10cSrcweir while (true)
136cdf0e10cSrcweir {
137cdf0e10cSrcweir sal_Unicode c = rRawString[nTypeNameEnd];
138cdf0e10cSrcweir if (c == ' ' || c == '\t' || c == '=')
139cdf0e10cSrcweir break;
140cdf0e10cSrcweir nTypeNameEnd++;
141cdf0e10cSrcweir }
142cdf0e10cSrcweir retVal = std::make_pair(nTypeNameStart, nTypeNameEnd);
143cdf0e10cSrcweir }
144cdf0e10cSrcweir else
145cdf0e10cSrcweir {
146cdf0e10cSrcweir retVal = std::make_pair(-1, -1);
147cdf0e10cSrcweir }
148cdf0e10cSrcweir return retVal;
149cdf0e10cSrcweir }
150cdf0e10cSrcweir
151cdf0e10cSrcweir
152cdf0e10cSrcweir /*
153cdf0e10cSrcweir MS Crypto uses the 'S' tag (equal to the 'ST' tag in NSS), but the NSS can't recognise
154cdf0e10cSrcweir it, so the 'S' tag should be changed to 'ST' tag. However I am not sure if this is necessary
155cdf0e10cSrcweir anymore, because we provide always the signers certificate when signing. So libmlsec can find
156cdf0e10cSrcweir the private key based on the provided certificate (X509Certificate element) and does not need
157cdf0e10cSrcweir the issuer name (X509IssuerName element). The issuer name in the xml signature has also no
158cdf0e10cSrcweir effect for the signature nor the certificate validation.
159cdf0e10cSrcweir In many RFCs, for example 4519, on speaks of 'ST'. However, the certificate does not contain
160cdf0e10cSrcweir strings for type names. Instead it uses OIDs.
161cdf0e10cSrcweir */
162cdf0e10cSrcweir
replaceTagSWithTagST(OUString oldDN)163cdf0e10cSrcweir OUString replaceTagSWithTagST(OUString oldDN)
164cdf0e10cSrcweir {
165cdf0e10cSrcweir std::pair<sal_Int32, sal_Int32 > pairIndex = findTypeInDN(oldDN, OUSTR("S"));
166cdf0e10cSrcweir
167cdf0e10cSrcweir if (pairIndex.first != -1)
168cdf0e10cSrcweir {
169cdf0e10cSrcweir OUString newDN = oldDN.copy(0, pairIndex.first);
170cdf0e10cSrcweir newDN += OUSTR("ST");
171cdf0e10cSrcweir newDN += oldDN.copy(pairIndex.second);
172cdf0e10cSrcweir return newDN;
173cdf0e10cSrcweir }
174cdf0e10cSrcweir return oldDN;
175cdf0e10cSrcweir }
176cdf0e10cSrcweir /* end */
177cdf0e10cSrcweir
X509Certificate_MSCryptImpl()178cdf0e10cSrcweir X509Certificate_MSCryptImpl :: X509Certificate_MSCryptImpl() :
179cdf0e10cSrcweir m_pCertContext( NULL )
180cdf0e10cSrcweir {
181cdf0e10cSrcweir }
182cdf0e10cSrcweir
~X509Certificate_MSCryptImpl()183cdf0e10cSrcweir X509Certificate_MSCryptImpl :: ~X509Certificate_MSCryptImpl() {
184cdf0e10cSrcweir if( m_pCertContext != NULL ) {
185cdf0e10cSrcweir CertFreeCertificateContext( m_pCertContext ) ;
186cdf0e10cSrcweir }
187cdf0e10cSrcweir }
188cdf0e10cSrcweir
189cdf0e10cSrcweir //Methods from XCertificate
getVersion()190cdf0e10cSrcweir sal_Int16 SAL_CALL X509Certificate_MSCryptImpl :: getVersion() throw ( ::com::sun::star::uno::RuntimeException) {
191cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) {
192cdf0e10cSrcweir return ( char )m_pCertContext->pCertInfo->dwVersion ;
193cdf0e10cSrcweir } else {
194cdf0e10cSrcweir return -1 ;
195cdf0e10cSrcweir }
196cdf0e10cSrcweir }
197cdf0e10cSrcweir
getSerialNumber()198cdf0e10cSrcweir ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl :: getSerialNumber() throw ( ::com::sun::star::uno::RuntimeException) {
199cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) {
200cdf0e10cSrcweir Sequence< sal_Int8 > serial( m_pCertContext->pCertInfo->SerialNumber.cbData ) ;
201cdf0e10cSrcweir for( unsigned int i = 0 ; i < m_pCertContext->pCertInfo->SerialNumber.cbData ; i ++ )
202cdf0e10cSrcweir serial[i] = *( m_pCertContext->pCertInfo->SerialNumber.pbData + m_pCertContext->pCertInfo->SerialNumber.cbData - i - 1 ) ;
203cdf0e10cSrcweir
204cdf0e10cSrcweir return serial ;
205cdf0e10cSrcweir } else {
206cdf0e10cSrcweir return Sequence< sal_Int8 >();
207cdf0e10cSrcweir }
208cdf0e10cSrcweir }
209cdf0e10cSrcweir
getIssuerName()210cdf0e10cSrcweir ::rtl::OUString SAL_CALL X509Certificate_MSCryptImpl :: getIssuerName() throw ( ::com::sun::star::uno::RuntimeException) {
211cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) {
212cdf0e10cSrcweir char* issuer ;
213cdf0e10cSrcweir DWORD cbIssuer ;
214cdf0e10cSrcweir
215cdf0e10cSrcweir cbIssuer = CertNameToStr(
216cdf0e10cSrcweir X509_ASN_ENCODING | PKCS_7_ASN_ENCODING ,
217cdf0e10cSrcweir &( m_pCertContext->pCertInfo->Issuer ),
218cdf0e10cSrcweir CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG ,
219cdf0e10cSrcweir NULL, 0
220cdf0e10cSrcweir ) ;
221cdf0e10cSrcweir
222cdf0e10cSrcweir // Here the cbIssuer count the last 0x00 , take care.
223cdf0e10cSrcweir if( cbIssuer != 0 ) {
224cdf0e10cSrcweir issuer = new char[ cbIssuer ] ;
225cdf0e10cSrcweir if( issuer == NULL )
226cdf0e10cSrcweir throw RuntimeException() ;
227cdf0e10cSrcweir
228cdf0e10cSrcweir cbIssuer = CertNameToStr(
229cdf0e10cSrcweir X509_ASN_ENCODING | PKCS_7_ASN_ENCODING ,
230cdf0e10cSrcweir &( m_pCertContext->pCertInfo->Issuer ),
231cdf0e10cSrcweir CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG ,
232cdf0e10cSrcweir issuer, cbIssuer
233cdf0e10cSrcweir ) ;
234cdf0e10cSrcweir
235cdf0e10cSrcweir if( cbIssuer <= 0 ) {
236cdf0e10cSrcweir delete [] issuer ;
237cdf0e10cSrcweir throw RuntimeException() ;
238cdf0e10cSrcweir }
239cdf0e10cSrcweir
240cdf0e10cSrcweir // By CP , for correct encoding
241cdf0e10cSrcweir sal_uInt16 encoding ;
242cdf0e10cSrcweir rtl_Locale *pLocale = NULL ;
243cdf0e10cSrcweir osl_getProcessLocale( &pLocale ) ;
244cdf0e10cSrcweir encoding = osl_getTextEncodingFromLocale( pLocale ) ;
245cdf0e10cSrcweir // CP end
246cdf0e10cSrcweir
247cdf0e10cSrcweir if(issuer[cbIssuer-1] == 0) cbIssuer--; //delimit the last 0x00;
248cdf0e10cSrcweir OUString xIssuer(issuer , cbIssuer ,encoding ) ; //By CP
249cdf0e10cSrcweir delete [] issuer ;
250cdf0e10cSrcweir
251cdf0e10cSrcweir return replaceTagSWithTagST(xIssuer);
252cdf0e10cSrcweir } else {
253cdf0e10cSrcweir return OUString() ;
254cdf0e10cSrcweir }
255cdf0e10cSrcweir } else {
256cdf0e10cSrcweir return OUString() ;
257cdf0e10cSrcweir }
258cdf0e10cSrcweir }
259cdf0e10cSrcweir
getSubjectName()260cdf0e10cSrcweir ::rtl::OUString SAL_CALL X509Certificate_MSCryptImpl :: getSubjectName() throw ( ::com::sun::star::uno::RuntimeException)
261cdf0e10cSrcweir {
262cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL )
263cdf0e10cSrcweir {
264cdf0e10cSrcweir wchar_t* subject ;
265cdf0e10cSrcweir DWORD cbSubject ;
266cdf0e10cSrcweir
267cdf0e10cSrcweir cbSubject = CertNameToStrW(
268cdf0e10cSrcweir X509_ASN_ENCODING | PKCS_7_ASN_ENCODING ,
269cdf0e10cSrcweir &( m_pCertContext->pCertInfo->Subject ),
270cdf0e10cSrcweir CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG ,
271cdf0e10cSrcweir NULL, 0
272cdf0e10cSrcweir ) ;
273cdf0e10cSrcweir
274cdf0e10cSrcweir if( cbSubject != 0 )
275cdf0e10cSrcweir {
276cdf0e10cSrcweir subject = new wchar_t[ cbSubject ] ;
277cdf0e10cSrcweir if( subject == NULL )
278cdf0e10cSrcweir throw RuntimeException() ;
279cdf0e10cSrcweir
280cdf0e10cSrcweir cbSubject = CertNameToStrW(
281cdf0e10cSrcweir X509_ASN_ENCODING | PKCS_7_ASN_ENCODING ,
282cdf0e10cSrcweir &( m_pCertContext->pCertInfo->Subject ),
283cdf0e10cSrcweir CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG ,
284cdf0e10cSrcweir subject, cbSubject
285cdf0e10cSrcweir ) ;
286cdf0e10cSrcweir
287cdf0e10cSrcweir if( cbSubject <= 0 ) {
288cdf0e10cSrcweir delete [] subject ;
289cdf0e10cSrcweir throw RuntimeException() ;
290cdf0e10cSrcweir }
291cdf0e10cSrcweir
292cdf0e10cSrcweir OUString xSubject(reinterpret_cast<const sal_Unicode*>(subject));
293cdf0e10cSrcweir delete [] subject ;
294cdf0e10cSrcweir
295cdf0e10cSrcweir return replaceTagSWithTagST(xSubject);
296cdf0e10cSrcweir } else
297cdf0e10cSrcweir {
298cdf0e10cSrcweir return OUString() ;
299cdf0e10cSrcweir }
300cdf0e10cSrcweir }
301cdf0e10cSrcweir else
302cdf0e10cSrcweir {
303cdf0e10cSrcweir return OUString() ;
304cdf0e10cSrcweir }
305cdf0e10cSrcweir }
306cdf0e10cSrcweir
getNotValidBefore()307cdf0e10cSrcweir ::com::sun::star::util::DateTime SAL_CALL X509Certificate_MSCryptImpl :: getNotValidBefore() throw ( ::com::sun::star::uno::RuntimeException ) {
308cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) {
309cdf0e10cSrcweir SYSTEMTIME explTime ;
310cdf0e10cSrcweir DateTime dateTime ;
311cdf0e10cSrcweir FILETIME localFileTime;
312cdf0e10cSrcweir
313cdf0e10cSrcweir if (FileTimeToLocalFileTime(&( m_pCertContext->pCertInfo->NotBefore ), &localFileTime))
314cdf0e10cSrcweir {
315cdf0e10cSrcweir if( FileTimeToSystemTime( &localFileTime, &explTime ) ) {
316cdf0e10cSrcweir //Convert the time to readable local time
317cdf0e10cSrcweir dateTime.HundredthSeconds = explTime.wMilliseconds / 100 ;
318cdf0e10cSrcweir dateTime.Seconds = explTime.wSecond ;
319cdf0e10cSrcweir dateTime.Minutes = explTime.wMinute ;
320cdf0e10cSrcweir dateTime.Hours = explTime.wHour ;
321cdf0e10cSrcweir dateTime.Day = explTime.wDay ;
322cdf0e10cSrcweir dateTime.Month = explTime.wMonth ;
323cdf0e10cSrcweir dateTime.Year = explTime.wYear ;
324cdf0e10cSrcweir }
325cdf0e10cSrcweir }
326cdf0e10cSrcweir
327cdf0e10cSrcweir return dateTime ;
328cdf0e10cSrcweir } else {
329cdf0e10cSrcweir return DateTime() ;
330cdf0e10cSrcweir }
331cdf0e10cSrcweir }
332cdf0e10cSrcweir
getNotValidAfter()333cdf0e10cSrcweir ::com::sun::star::util::DateTime SAL_CALL X509Certificate_MSCryptImpl :: getNotValidAfter() throw ( ::com::sun::star::uno::RuntimeException) {
334cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) {
335cdf0e10cSrcweir SYSTEMTIME explTime ;
336cdf0e10cSrcweir DateTime dateTime ;
337cdf0e10cSrcweir FILETIME localFileTime;
338cdf0e10cSrcweir
339cdf0e10cSrcweir if (FileTimeToLocalFileTime(&( m_pCertContext->pCertInfo->NotAfter ), &localFileTime))
340cdf0e10cSrcweir {
341cdf0e10cSrcweir if( FileTimeToSystemTime( &localFileTime, &explTime ) ) {
342cdf0e10cSrcweir //Convert the time to readable local time
343cdf0e10cSrcweir dateTime.HundredthSeconds = explTime.wMilliseconds / 100 ;
344cdf0e10cSrcweir dateTime.Seconds = explTime.wSecond ;
345cdf0e10cSrcweir dateTime.Minutes = explTime.wMinute ;
346cdf0e10cSrcweir dateTime.Hours = explTime.wHour ;
347cdf0e10cSrcweir dateTime.Day = explTime.wDay ;
348cdf0e10cSrcweir dateTime.Month = explTime.wMonth ;
349cdf0e10cSrcweir dateTime.Year = explTime.wYear ;
350cdf0e10cSrcweir }
351cdf0e10cSrcweir }
352cdf0e10cSrcweir
353cdf0e10cSrcweir return dateTime ;
354cdf0e10cSrcweir } else {
355cdf0e10cSrcweir return DateTime() ;
356cdf0e10cSrcweir }
357cdf0e10cSrcweir }
358cdf0e10cSrcweir
getIssuerUniqueID()359cdf0e10cSrcweir ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl :: getIssuerUniqueID() throw ( ::com::sun::star::uno::RuntimeException) {
360cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) {
361cdf0e10cSrcweir Sequence< sal_Int8 > issuerUid( m_pCertContext->pCertInfo->IssuerUniqueId.cbData ) ;
362cdf0e10cSrcweir for( unsigned int i = 0 ; i < m_pCertContext->pCertInfo->IssuerUniqueId.cbData; i ++ )
363cdf0e10cSrcweir issuerUid[i] = *( m_pCertContext->pCertInfo->IssuerUniqueId.pbData + i ) ;
364cdf0e10cSrcweir
365cdf0e10cSrcweir return issuerUid ;
366cdf0e10cSrcweir } else {
367cdf0e10cSrcweir return Sequence< sal_Int8 >();
368cdf0e10cSrcweir }
369cdf0e10cSrcweir }
370cdf0e10cSrcweir
getSubjectUniqueID()371cdf0e10cSrcweir ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl :: getSubjectUniqueID() throw ( ::com::sun::star::uno::RuntimeException ) {
372cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL ) {
373cdf0e10cSrcweir Sequence< sal_Int8 > subjectUid( m_pCertContext->pCertInfo->SubjectUniqueId.cbData ) ;
374cdf0e10cSrcweir for( unsigned int i = 0 ; i < m_pCertContext->pCertInfo->SubjectUniqueId.cbData; i ++ )
375cdf0e10cSrcweir subjectUid[i] = *( m_pCertContext->pCertInfo->SubjectUniqueId.pbData + i ) ;
376cdf0e10cSrcweir
377cdf0e10cSrcweir return subjectUid ;
378cdf0e10cSrcweir } else {
379cdf0e10cSrcweir return Sequence< sal_Int8 >();
380cdf0e10cSrcweir }
381cdf0e10cSrcweir }
382cdf0e10cSrcweir
getExtensions()383cdf0e10cSrcweir ::com::sun::star::uno::Sequence< ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificateExtension > > SAL_CALL X509Certificate_MSCryptImpl :: getExtensions() throw ( ::com::sun::star::uno::RuntimeException ) {
384cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL && m_pCertContext->pCertInfo->cExtension != 0 ) {
385cdf0e10cSrcweir CertificateExtension_XmlSecImpl* xExtn ;
386cdf0e10cSrcweir CERT_EXTENSION* pExtn ;
387cdf0e10cSrcweir Sequence< Reference< XCertificateExtension > > xExtns( m_pCertContext->pCertInfo->cExtension ) ;
388cdf0e10cSrcweir
389cdf0e10cSrcweir for( unsigned int i = 0; i < m_pCertContext->pCertInfo->cExtension; i++ ) {
390cdf0e10cSrcweir pExtn = &(m_pCertContext->pCertInfo->rgExtension[i]) ;
391cdf0e10cSrcweir
392cdf0e10cSrcweir
393cdf0e10cSrcweir ::rtl::OUString objId = ::rtl::OUString::createFromAscii( pExtn->pszObjId );
394cdf0e10cSrcweir
395cdf0e10cSrcweir if ( objId.equalsAscii("2.5.29.17") )
396cdf0e10cSrcweir xExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ;
397cdf0e10cSrcweir else
398cdf0e10cSrcweir xExtn = new CertificateExtension_XmlSecImpl() ;
399cdf0e10cSrcweir if( xExtn == NULL )
400cdf0e10cSrcweir throw RuntimeException() ;
401cdf0e10cSrcweir
402cdf0e10cSrcweir xExtn->setCertExtn( pExtn->Value.pbData, pExtn->Value.cbData, ( unsigned char* )pExtn->pszObjId, strlen( pExtn->pszObjId ), sal::static_int_cast<sal_Bool>(pExtn->fCritical) ) ;
403cdf0e10cSrcweir
404cdf0e10cSrcweir xExtns[i] = xExtn ;
405cdf0e10cSrcweir }
406cdf0e10cSrcweir
407cdf0e10cSrcweir return xExtns ;
408cdf0e10cSrcweir } else {
409cdf0e10cSrcweir return Sequence< Reference< XCertificateExtension > >();
410cdf0e10cSrcweir }
411cdf0e10cSrcweir }
412cdf0e10cSrcweir
findCertificateExtension(const::com::sun::star::uno::Sequence<sal_Int8> &)413cdf0e10cSrcweir ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificateExtension > SAL_CALL X509Certificate_MSCryptImpl :: findCertificateExtension( const ::com::sun::star::uno::Sequence< sal_Int8 >& /*oid*/ ) throw (::com::sun::star::uno::RuntimeException) {
414cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL && m_pCertContext->pCertInfo->cExtension != 0 ) {
415cdf0e10cSrcweir CertificateExtension_XmlSecImpl* xExtn ;
416cdf0e10cSrcweir CERT_EXTENSION* pExtn ;
417cdf0e10cSrcweir Sequence< Reference< XCertificateExtension > > xExtns( m_pCertContext->pCertInfo->cExtension ) ;
418cdf0e10cSrcweir
419cdf0e10cSrcweir xExtn = NULL ;
420cdf0e10cSrcweir for( unsigned int i = 0; i < m_pCertContext->pCertInfo->cExtension; i++ ) {
421cdf0e10cSrcweir pExtn = &( m_pCertContext->pCertInfo->rgExtension[i] ) ;
422cdf0e10cSrcweir
423cdf0e10cSrcweir //TODO: Compare the oid
424cdf0e10cSrcweir if( 0 ) {
425cdf0e10cSrcweir xExtn = new CertificateExtension_XmlSecImpl() ;
426cdf0e10cSrcweir if( xExtn == NULL )
427cdf0e10cSrcweir throw RuntimeException() ;
428cdf0e10cSrcweir
429cdf0e10cSrcweir xExtn->setCertExtn( pExtn->Value.pbData, pExtn->Value.cbData, ( unsigned char* )pExtn->pszObjId, strlen( pExtn->pszObjId ), sal::static_int_cast<sal_Bool>(pExtn->fCritical) ) ;
430cdf0e10cSrcweir }
431cdf0e10cSrcweir }
432cdf0e10cSrcweir
433cdf0e10cSrcweir return xExtn ;
434cdf0e10cSrcweir } else {
435cdf0e10cSrcweir return NULL ;
436cdf0e10cSrcweir }
437cdf0e10cSrcweir }
438cdf0e10cSrcweir
439cdf0e10cSrcweir
getEncoded()440cdf0e10cSrcweir ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl :: getEncoded() throw ( ::com::sun::star::uno::RuntimeException) {
441cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->cbCertEncoded > 0 ) {
442cdf0e10cSrcweir Sequence< sal_Int8 > rawCert( m_pCertContext->cbCertEncoded ) ;
443cdf0e10cSrcweir
444cdf0e10cSrcweir for( unsigned int i = 0 ; i < m_pCertContext->cbCertEncoded ; i ++ )
445cdf0e10cSrcweir rawCert[i] = *( m_pCertContext->pbCertEncoded + i ) ;
446cdf0e10cSrcweir
447cdf0e10cSrcweir return rawCert ;
448cdf0e10cSrcweir } else {
449cdf0e10cSrcweir return Sequence< sal_Int8 >();
450cdf0e10cSrcweir }
451cdf0e10cSrcweir }
452cdf0e10cSrcweir
453cdf0e10cSrcweir //Helper methods
setMswcryCert(const CERT_CONTEXT * cert)454cdf0e10cSrcweir void X509Certificate_MSCryptImpl :: setMswcryCert( const CERT_CONTEXT* cert ) {
455cdf0e10cSrcweir if( m_pCertContext != NULL ) {
456cdf0e10cSrcweir CertFreeCertificateContext( m_pCertContext ) ;
457cdf0e10cSrcweir m_pCertContext = NULL ;
458cdf0e10cSrcweir }
459cdf0e10cSrcweir
460cdf0e10cSrcweir if( cert != NULL ) {
461cdf0e10cSrcweir m_pCertContext = CertDuplicateCertificateContext( cert ) ;
462cdf0e10cSrcweir }
463cdf0e10cSrcweir }
464cdf0e10cSrcweir
getMswcryCert() const465cdf0e10cSrcweir const CERT_CONTEXT* X509Certificate_MSCryptImpl :: getMswcryCert() const {
466cdf0e10cSrcweir if( m_pCertContext != NULL ) {
467cdf0e10cSrcweir return m_pCertContext ;
468cdf0e10cSrcweir } else {
469cdf0e10cSrcweir return NULL ;
470cdf0e10cSrcweir }
471cdf0e10cSrcweir }
472cdf0e10cSrcweir
setRawCert(Sequence<sal_Int8> rawCert)473cdf0e10cSrcweir void X509Certificate_MSCryptImpl :: setRawCert( Sequence< sal_Int8 > rawCert ) throw ( ::com::sun::star::uno::RuntimeException) {
474cdf0e10cSrcweir if( m_pCertContext != NULL ) {
475cdf0e10cSrcweir CertFreeCertificateContext( m_pCertContext ) ;
476cdf0e10cSrcweir m_pCertContext = NULL ;
477cdf0e10cSrcweir }
478cdf0e10cSrcweir
479cdf0e10cSrcweir if( rawCert.getLength() != 0 ) {
480cdf0e10cSrcweir m_pCertContext = CertCreateCertificateContext( X509_ASN_ENCODING, ( const sal_uInt8* )&rawCert[0], rawCert.getLength() ) ;
481cdf0e10cSrcweir }
482cdf0e10cSrcweir }
483cdf0e10cSrcweir
484cdf0e10cSrcweir /* XUnoTunnel */
getSomething(const Sequence<sal_Int8> & aIdentifier)485cdf0e10cSrcweir sal_Int64 SAL_CALL X509Certificate_MSCryptImpl :: getSomething( const Sequence< sal_Int8 >& aIdentifier ) throw( RuntimeException ) {
486cdf0e10cSrcweir if( aIdentifier.getLength() == 16 && 0 == rtl_compareMemory( getUnoTunnelId().getConstArray(), aIdentifier.getConstArray(), 16 ) ) {
487cdf0e10cSrcweir return ( sal_Int64 )this ;
488cdf0e10cSrcweir }
489cdf0e10cSrcweir return 0 ;
490cdf0e10cSrcweir }
491cdf0e10cSrcweir
492cdf0e10cSrcweir /* XUnoTunnel extension */
getUnoTunnelId()493cdf0e10cSrcweir const Sequence< sal_Int8>& X509Certificate_MSCryptImpl :: getUnoTunnelId() {
494cdf0e10cSrcweir static Sequence< sal_Int8 >* pSeq = 0 ;
495cdf0e10cSrcweir if( !pSeq ) {
496cdf0e10cSrcweir ::osl::Guard< ::osl::Mutex > aGuard( ::osl::Mutex::getGlobalMutex() ) ;
497cdf0e10cSrcweir if( !pSeq ) {
498cdf0e10cSrcweir static Sequence< sal_Int8> aSeq( 16 ) ;
499cdf0e10cSrcweir rtl_createUuid( ( sal_uInt8* )aSeq.getArray() , 0 , sal_True ) ;
500cdf0e10cSrcweir pSeq = &aSeq ;
501cdf0e10cSrcweir }
502cdf0e10cSrcweir }
503cdf0e10cSrcweir return *pSeq ;
504cdf0e10cSrcweir }
505cdf0e10cSrcweir
506cdf0e10cSrcweir /* XUnoTunnel extension */
getImplementation(const Reference<XInterface> xObj)507cdf0e10cSrcweir X509Certificate_MSCryptImpl* X509Certificate_MSCryptImpl :: getImplementation( const Reference< XInterface > xObj ) {
508cdf0e10cSrcweir Reference< XUnoTunnel > xUT( xObj , UNO_QUERY ) ;
509cdf0e10cSrcweir if( xUT.is() ) {
510cdf0e10cSrcweir return ( X509Certificate_MSCryptImpl* )xUT->getSomething( getUnoTunnelId() ) ;
511cdf0e10cSrcweir } else
512cdf0e10cSrcweir return NULL ;
513cdf0e10cSrcweir }
514cdf0e10cSrcweir
515cdf0e10cSrcweir // MM : added by MM
findOIDDescription(char * oid)516cdf0e10cSrcweir ::rtl::OUString findOIDDescription(char *oid)
517cdf0e10cSrcweir {
518cdf0e10cSrcweir OUString ouOID = OUString::createFromAscii( oid );
519cdf0e10cSrcweir for (int i=0; i<nOID; i++)
520cdf0e10cSrcweir {
521cdf0e10cSrcweir OUString item = OUString::createFromAscii( OIDs[i].oid );
522cdf0e10cSrcweir if (ouOID == item)
523cdf0e10cSrcweir {
524cdf0e10cSrcweir return OUString::createFromAscii( OIDs[i].desc );
525cdf0e10cSrcweir }
526cdf0e10cSrcweir }
527cdf0e10cSrcweir
528cdf0e10cSrcweir return OUString() ;
529cdf0e10cSrcweir }
530cdf0e10cSrcweir
getThumbprint(const CERT_CONTEXT * pCertContext,DWORD dwPropId)531cdf0e10cSrcweir ::com::sun::star::uno::Sequence< sal_Int8 > getThumbprint(const CERT_CONTEXT* pCertContext, DWORD dwPropId)
532cdf0e10cSrcweir {
533cdf0e10cSrcweir if( pCertContext != NULL )
534cdf0e10cSrcweir {
535cdf0e10cSrcweir DWORD cbData = 20;
536cdf0e10cSrcweir unsigned char fingerprint[20];
537cdf0e10cSrcweir if (CertGetCertificateContextProperty(pCertContext, dwPropId, (void*)fingerprint, &cbData))
538cdf0e10cSrcweir {
539cdf0e10cSrcweir Sequence< sal_Int8 > thumbprint( cbData ) ;
540cdf0e10cSrcweir for( unsigned int i = 0 ; i < cbData ; i ++ )
541cdf0e10cSrcweir {
542cdf0e10cSrcweir thumbprint[i] = fingerprint[i];
543cdf0e10cSrcweir }
544cdf0e10cSrcweir
545cdf0e10cSrcweir return thumbprint;
546cdf0e10cSrcweir }
547cdf0e10cSrcweir else
548cdf0e10cSrcweir {
549cdf0e10cSrcweir DWORD e = GetLastError();
550cdf0e10cSrcweir cbData = e;
551cdf0e10cSrcweir }
552cdf0e10cSrcweir }
553cdf0e10cSrcweir
554cdf0e10cSrcweir return Sequence< sal_Int8 >();
555cdf0e10cSrcweir }
556cdf0e10cSrcweir
getSubjectPublicKeyAlgorithm()557cdf0e10cSrcweir ::rtl::OUString SAL_CALL X509Certificate_MSCryptImpl::getSubjectPublicKeyAlgorithm()
558cdf0e10cSrcweir throw ( ::com::sun::star::uno::RuntimeException)
559cdf0e10cSrcweir {
560cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL )
561cdf0e10cSrcweir {
562cdf0e10cSrcweir CRYPT_ALGORITHM_IDENTIFIER algorithm = m_pCertContext->pCertInfo->SubjectPublicKeyInfo.Algorithm;
563cdf0e10cSrcweir return findOIDDescription( algorithm.pszObjId ) ;
564cdf0e10cSrcweir }
565cdf0e10cSrcweir else
566cdf0e10cSrcweir {
567cdf0e10cSrcweir return OUString() ;
568cdf0e10cSrcweir }
569cdf0e10cSrcweir }
570cdf0e10cSrcweir
getSubjectPublicKeyValue()571cdf0e10cSrcweir ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl::getSubjectPublicKeyValue()
572cdf0e10cSrcweir throw ( ::com::sun::star::uno::RuntimeException)
573cdf0e10cSrcweir {
574cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL )
575cdf0e10cSrcweir {
576cdf0e10cSrcweir CRYPT_BIT_BLOB publicKey = m_pCertContext->pCertInfo->SubjectPublicKeyInfo.PublicKey;
577cdf0e10cSrcweir
578cdf0e10cSrcweir Sequence< sal_Int8 > key( publicKey.cbData ) ;
579cdf0e10cSrcweir for( unsigned int i = 0 ; i < publicKey.cbData ; i++ )
580cdf0e10cSrcweir {
581cdf0e10cSrcweir key[i] = *(publicKey.pbData + i) ;
582cdf0e10cSrcweir }
583cdf0e10cSrcweir
584cdf0e10cSrcweir return key;
585cdf0e10cSrcweir }
586cdf0e10cSrcweir else
587cdf0e10cSrcweir {
588cdf0e10cSrcweir return Sequence< sal_Int8 >();
589cdf0e10cSrcweir }
590cdf0e10cSrcweir }
591cdf0e10cSrcweir
getSignatureAlgorithm()592cdf0e10cSrcweir ::rtl::OUString SAL_CALL X509Certificate_MSCryptImpl::getSignatureAlgorithm()
593cdf0e10cSrcweir throw ( ::com::sun::star::uno::RuntimeException)
594cdf0e10cSrcweir {
595cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL )
596cdf0e10cSrcweir {
597cdf0e10cSrcweir CRYPT_ALGORITHM_IDENTIFIER algorithm = m_pCertContext->pCertInfo->SignatureAlgorithm;
598cdf0e10cSrcweir return findOIDDescription( algorithm.pszObjId ) ;
599cdf0e10cSrcweir }
600cdf0e10cSrcweir else
601cdf0e10cSrcweir {
602cdf0e10cSrcweir return OUString() ;
603cdf0e10cSrcweir }
604cdf0e10cSrcweir }
605cdf0e10cSrcweir
getSHA1Thumbprint()606cdf0e10cSrcweir ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl::getSHA1Thumbprint()
607cdf0e10cSrcweir throw ( ::com::sun::star::uno::RuntimeException)
608cdf0e10cSrcweir {
609cdf0e10cSrcweir return getThumbprint(m_pCertContext, CERT_SHA1_HASH_PROP_ID);
610cdf0e10cSrcweir }
611cdf0e10cSrcweir
getMD5Thumbprint()612cdf0e10cSrcweir ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_MSCryptImpl::getMD5Thumbprint()
613cdf0e10cSrcweir throw ( ::com::sun::star::uno::RuntimeException)
614cdf0e10cSrcweir {
615cdf0e10cSrcweir return getThumbprint(m_pCertContext, CERT_MD5_HASH_PROP_ID);
616cdf0e10cSrcweir }
617cdf0e10cSrcweir
getCertificateUsage()618cdf0e10cSrcweir sal_Int32 SAL_CALL X509Certificate_MSCryptImpl::getCertificateUsage( )
619cdf0e10cSrcweir throw ( ::com::sun::star::uno::RuntimeException)
620cdf0e10cSrcweir {
621cdf0e10cSrcweir sal_Int32 usage =
622cdf0e10cSrcweir CERT_DATA_ENCIPHERMENT_KEY_USAGE |
623cdf0e10cSrcweir CERT_DIGITAL_SIGNATURE_KEY_USAGE |
624cdf0e10cSrcweir CERT_KEY_AGREEMENT_KEY_USAGE |
625cdf0e10cSrcweir CERT_KEY_CERT_SIGN_KEY_USAGE |
626cdf0e10cSrcweir CERT_KEY_ENCIPHERMENT_KEY_USAGE |
627cdf0e10cSrcweir CERT_NON_REPUDIATION_KEY_USAGE |
628cdf0e10cSrcweir CERT_OFFLINE_CRL_SIGN_KEY_USAGE;
629cdf0e10cSrcweir
630cdf0e10cSrcweir if( m_pCertContext != NULL && m_pCertContext->pCertInfo != NULL && m_pCertContext->pCertInfo->cExtension != 0 )
631cdf0e10cSrcweir {
632cdf0e10cSrcweir CERT_EXTENSION* pExtn = CertFindExtension(
633cdf0e10cSrcweir szOID_KEY_USAGE,
634cdf0e10cSrcweir m_pCertContext->pCertInfo->cExtension,
635cdf0e10cSrcweir m_pCertContext->pCertInfo->rgExtension);
636cdf0e10cSrcweir
637cdf0e10cSrcweir if (pExtn != NULL)
638cdf0e10cSrcweir {
639cdf0e10cSrcweir CERT_KEY_USAGE_RESTRICTION_INFO keyUsage;
640cdf0e10cSrcweir DWORD length = sizeof(CERT_KEY_USAGE_RESTRICTION_INFO);
641cdf0e10cSrcweir
642cdf0e10cSrcweir bool rc = CryptDecodeObject(
643cdf0e10cSrcweir X509_ASN_ENCODING,
644cdf0e10cSrcweir X509_KEY_USAGE,
645cdf0e10cSrcweir pExtn->Value.pbData,
646cdf0e10cSrcweir pExtn->Value.cbData,
647cdf0e10cSrcweir CRYPT_DECODE_NOCOPY_FLAG,
648cdf0e10cSrcweir (void *)&keyUsage,
649cdf0e10cSrcweir &length);
650cdf0e10cSrcweir
651cdf0e10cSrcweir if (rc && keyUsage.RestrictedKeyUsage.cbData!=0)
652cdf0e10cSrcweir {
653cdf0e10cSrcweir usage = (sal_Int32)keyUsage.RestrictedKeyUsage.pbData;
654cdf0e10cSrcweir }
655cdf0e10cSrcweir }
656cdf0e10cSrcweir }
657cdf0e10cSrcweir
658cdf0e10cSrcweir return usage;
659cdf0e10cSrcweir }
660cdf0e10cSrcweir
661cdf0e10cSrcweir // MM : end
662cdf0e10cSrcweir
663