1*06b3ce53SAndrew Rist /**************************************************************
2cdf0e10cSrcweir  *
3*06b3ce53SAndrew Rist  * Licensed to the Apache Software Foundation (ASF) under one
4*06b3ce53SAndrew Rist  * or more contributor license agreements.  See the NOTICE file
5*06b3ce53SAndrew Rist  * distributed with this work for additional information
6*06b3ce53SAndrew Rist  * regarding copyright ownership.  The ASF licenses this file
7*06b3ce53SAndrew Rist  * to you under the Apache License, Version 2.0 (the
8*06b3ce53SAndrew Rist  * "License"); you may not use this file except in compliance
9*06b3ce53SAndrew Rist  * with the License.  You may obtain a copy of the License at
10*06b3ce53SAndrew Rist  *
11*06b3ce53SAndrew Rist  *   http://www.apache.org/licenses/LICENSE-2.0
12*06b3ce53SAndrew Rist  *
13*06b3ce53SAndrew Rist  * Unless required by applicable law or agreed to in writing,
14*06b3ce53SAndrew Rist  * software distributed under the License is distributed on an
15*06b3ce53SAndrew Rist  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16*06b3ce53SAndrew Rist  * KIND, either express or implied.  See the License for the
17*06b3ce53SAndrew Rist  * specific language governing permissions and limitations
18*06b3ce53SAndrew Rist  * under the License.
19*06b3ce53SAndrew Rist  *
20*06b3ce53SAndrew Rist  *************************************************************/
21*06b3ce53SAndrew Rist 
22*06b3ce53SAndrew Rist 
23cdf0e10cSrcweir 
24cdf0e10cSrcweir // MARKER(update_precomp.py): autogen include statement, do not remove
25cdf0e10cSrcweir #include "precompiled_xmlsecurity.hxx"
26cdf0e10cSrcweir 
27cdf0e10cSrcweir #include <stdio.h>
28cdf0e10cSrcweir #include "helper.hxx"
29cdf0e10cSrcweir 
30cdf0e10cSrcweir #include "libxml/tree.h"
31cdf0e10cSrcweir #include "libxml/parser.h"
32cdf0e10cSrcweir #ifndef XMLSEC_NO_XSLT
33cdf0e10cSrcweir #include "libxslt/xslt.h"
34cdf0e10cSrcweir #endif
35cdf0e10cSrcweir 
36cdf0e10cSrcweir #include "securityenvironment_nssimpl.hxx"
37cdf0e10cSrcweir 
38cdf0e10cSrcweir #include <xmlsecurity/biginteger.hxx>
39cdf0e10cSrcweir 
40cdf0e10cSrcweir 
41cdf0e10cSrcweir #include "nspr.h"
42cdf0e10cSrcweir #include "prtypes.h"
43cdf0e10cSrcweir 
44cdf0e10cSrcweir #include "pk11func.h"
45cdf0e10cSrcweir #include "cert.h"
46cdf0e10cSrcweir #include "cryptohi.h"
47cdf0e10cSrcweir #include "certdb.h"
48cdf0e10cSrcweir #include "nss.h"
49cdf0e10cSrcweir 
50cdf0e10cSrcweir #include "xmlsec/strings.h"
51cdf0e10cSrcweir #include "xmlsec/xmltree.h"
52cdf0e10cSrcweir 
53cdf0e10cSrcweir #include <rtl/ustring.hxx>
54cdf0e10cSrcweir 
55cdf0e10cSrcweir using namespace ::rtl ;
56cdf0e10cSrcweir using namespace ::cppu ;
57cdf0e10cSrcweir using namespace ::com::sun::star::uno ;
58cdf0e10cSrcweir using namespace ::com::sun::star::io ;
59cdf0e10cSrcweir using namespace ::com::sun::star::ucb ;
60cdf0e10cSrcweir using namespace ::com::sun::star::beans ;
61cdf0e10cSrcweir using namespace ::com::sun::star::document ;
62cdf0e10cSrcweir using namespace ::com::sun::star::lang ;
63cdf0e10cSrcweir using namespace ::com::sun::star::security ;
64cdf0e10cSrcweir using namespace ::com::sun::star::xml::wrapper ;
65cdf0e10cSrcweir using namespace ::com::sun::star::xml::crypto ;
66cdf0e10cSrcweir 
main(int argc,char ** argv)67cdf0e10cSrcweir int SAL_CALL main( int argc, char **argv )
68cdf0e10cSrcweir {
69cdf0e10cSrcweir 	CERTCertDBHandle*	certHandle ;
70cdf0e10cSrcweir 	PK11SlotInfo*		slot ;
71cdf0e10cSrcweir 
72cdf0e10cSrcweir 	if( argc != 3 ) {
73cdf0e10cSrcweir 		fprintf( stderr, "Usage: %s < CertDir > <rdb file>\n\n" , argv[0] ) ;
74cdf0e10cSrcweir 		return 1 ;
75cdf0e10cSrcweir 	}
76cdf0e10cSrcweir 
77cdf0e10cSrcweir 	for( ; getchar() != 'q' ; ) {
78cdf0e10cSrcweir 		slot = NULL ;
79cdf0e10cSrcweir 
80cdf0e10cSrcweir 	//Initialize NSPR and NSS
81cdf0e10cSrcweir 	PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1 ) ;
82cdf0e10cSrcweir 	PK11_SetPasswordFunc( PriPK11PasswordFunc ) ;
83cdf0e10cSrcweir 	if( NSS_Init( argv[1] ) != SECSuccess ) {
84cdf0e10cSrcweir 		fprintf( stderr , "### cannot intialize NSS!\n" ) ;
85cdf0e10cSrcweir 		goto done ;
86cdf0e10cSrcweir 	}
87cdf0e10cSrcweir 
88cdf0e10cSrcweir 	certHandle = CERT_GetDefaultCertDB() ;
89cdf0e10cSrcweir 	slot = PK11_GetInternalKeySlot() ;
90cdf0e10cSrcweir 
91cdf0e10cSrcweir 	if( PK11_NeedLogin( slot ) ) {
92cdf0e10cSrcweir 		SECStatus nRet = PK11_Authenticate( slot, PR_TRUE, NULL );
93cdf0e10cSrcweir 		if( nRet != SECSuccess ) {
94cdf0e10cSrcweir 			fprintf( stderr , "### cannot authehticate the crypto token!\n" ) ;
95cdf0e10cSrcweir 			goto done ;
96cdf0e10cSrcweir 		}
97cdf0e10cSrcweir 	}
98cdf0e10cSrcweir 
99cdf0e10cSrcweir 
100cdf0e10cSrcweir 	try {
101cdf0e10cSrcweir 		Reference< XMultiComponentFactory > xManager = NULL ;
102cdf0e10cSrcweir 		Reference< XComponentContext > xContext = NULL ;
103cdf0e10cSrcweir 
104cdf0e10cSrcweir 		xManager = serviceManager( xContext , OUString::createFromAscii( "local" ), OUString::createFromAscii( argv[2] ) ) ;
105cdf0e10cSrcweir 		OSL_ENSURE( xManager.is() ,
106cdf0e10cSrcweir 			"ServicesManager - "
107cdf0e10cSrcweir 			"Cannot get service manager" ) ;
108cdf0e10cSrcweir 
109cdf0e10cSrcweir 		//Create security environment
110cdf0e10cSrcweir 		//Build Security Environment
111cdf0e10cSrcweir 		Reference< XInterface > xsecenv =
112cdf0e10cSrcweir 			xManager->createInstanceWithContext( OUString::createFromAscii("com.sun.star.xml.security.bridge.xmlsec.SecurityEnvironment_NssImpl"), xContext ) ;
113cdf0e10cSrcweir 		OSL_ENSURE( xsecenv.is() ,
114cdf0e10cSrcweir 			"Signer - "
115cdf0e10cSrcweir 			"Cannot get service instance of \"xsec.SecurityEnvironment\"" ) ;
116cdf0e10cSrcweir 
117cdf0e10cSrcweir 		Reference< XSecurityEnvironment > xSecEnv( xsecenv , UNO_QUERY ) ;
118cdf0e10cSrcweir 		OSL_ENSURE( xSecEnv.is() ,
119cdf0e10cSrcweir 			"Signer - "
120cdf0e10cSrcweir 			"Cannot get interface of \"XSecurityEnvironment\" from service \"xsec.SecurityEnvironment\"" ) ;
121cdf0e10cSrcweir 
122cdf0e10cSrcweir 		//Setup key slot and certDb
123cdf0e10cSrcweir 		Reference< XUnoTunnel > xEnvTunnel( xsecenv , UNO_QUERY ) ;
124cdf0e10cSrcweir 		OSL_ENSURE( xEnvTunnel.is() ,
125cdf0e10cSrcweir 			"Signer - "
126cdf0e10cSrcweir 			"Cannot get interface of \"XUnoTunnel\" from service \"xsec.SecurityEnvironment\"" ) ;
127cdf0e10cSrcweir 
128cdf0e10cSrcweir 		SecurityEnvironment_NssImpl* pSecEnv = ( SecurityEnvironment_NssImpl* )xEnvTunnel->getSomething( SecurityEnvironment_NssImpl::getUnoTunnelId() ) ;
129cdf0e10cSrcweir 		OSL_ENSURE( pSecEnv != NULL ,
130cdf0e10cSrcweir 			"Signer - "
131cdf0e10cSrcweir 			"Cannot get implementation of \"xsec.SecurityEnvironment\"" ) ;
132cdf0e10cSrcweir 
133cdf0e10cSrcweir 		pSecEnv->setCryptoSlot( slot ) ;
134cdf0e10cSrcweir 		pSecEnv->setCertDb( certHandle ) ;
135cdf0e10cSrcweir 
136cdf0e10cSrcweir 		//Get personal certificate
137cdf0e10cSrcweir 		Sequence < Reference< XCertificate > > xPersonalCerts = pSecEnv->getPersonalCertificates() ;
138cdf0e10cSrcweir 		Sequence < Reference< XCertificate > > xCertPath ;
139cdf0e10cSrcweir 		for( int i = 0; i < xPersonalCerts.getLength(); i ++ ) {
140cdf0e10cSrcweir 			//Print the certificate infomation.
141cdf0e10cSrcweir 			fprintf( stdout, "\nPersonal Certificate Info\n" ) ;
142cdf0e10cSrcweir 			fprintf( stdout, "\tCertificate Issuer[%s]\n", OUStringToOString( xPersonalCerts[i]->getIssuerName(), RTL_TEXTENCODING_ASCII_US ).getStr() ) ;
143cdf0e10cSrcweir 			fprintf( stdout, "\tCertificate Serial Number[%s]\n", OUStringToOString( bigIntegerToNumericString( xPersonalCerts[i]->getSerialNumber() ), RTL_TEXTENCODING_ASCII_US ).getStr() ) ;
144cdf0e10cSrcweir 			fprintf( stdout, "\tCertificate Subject[%s]\n", OUStringToOString( xPersonalCerts[i]->getSubjectName(), RTL_TEXTENCODING_ASCII_US ).getStr() ) ;
145cdf0e10cSrcweir 
146cdf0e10cSrcweir 			//build the certificate path
147cdf0e10cSrcweir 			xCertPath = pSecEnv->buildCertificatePath( xPersonalCerts[i] ) ;
148cdf0e10cSrcweir 			//Print the certificate path.
149cdf0e10cSrcweir 			fprintf( stdout, "\tCertificate Path\n" ) ;
150cdf0e10cSrcweir 			for( int j = 0; j < xCertPath.getLength(); j ++ ) {
151cdf0e10cSrcweir 				fprintf( stdout, "\t\tCertificate Authority Subject[%s]\n", OUStringToOString( xCertPath[j]->getSubjectName(), RTL_TEXTENCODING_ASCII_US ).getStr() ) ;
152cdf0e10cSrcweir 			}
153cdf0e10cSrcweir 
154cdf0e10cSrcweir 			//Get the certificate
155cdf0e10cSrcweir 			Sequence < sal_Int8 > serial = xPersonalCerts[i]->getSerialNumber() ;
156cdf0e10cSrcweir 			Reference< XCertificate > xcert = pSecEnv->getCertificate( xPersonalCerts[i]->getIssuerName(), xPersonalCerts[i]->getSerialNumber() ) ;
157cdf0e10cSrcweir 			if( !xcert.is() ) {
158cdf0e10cSrcweir 				fprintf( stdout, "The personal certificate is not in the certificate database\n" ) ;
159cdf0e10cSrcweir 			}
160cdf0e10cSrcweir 
161cdf0e10cSrcweir 			//Get the certificate characters
162cdf0e10cSrcweir 			sal_Int32 chars = pSecEnv->getCertificateCharacters( xPersonalCerts[i] ) ;
163cdf0e10cSrcweir 			fprintf( stdout, "The certificate characters are %d\n", chars ) ;
164cdf0e10cSrcweir 
165cdf0e10cSrcweir 			//Get the certificate status
166cdf0e10cSrcweir 			sal_Int32 validity = pSecEnv->verifyCertificate( xPersonalCerts[i] ) ;
167cdf0e10cSrcweir 			fprintf( stdout, "The certificate validities are %d\n", validity ) ;
168cdf0e10cSrcweir 		}
169cdf0e10cSrcweir 	} catch( Exception& e ) {
170cdf0e10cSrcweir 		fprintf( stderr , "Error Message: %s\n" , OUStringToOString( e.Message , RTL_TEXTENCODING_ASCII_US ).getStr() ) ;
171cdf0e10cSrcweir 		goto done ;
172cdf0e10cSrcweir 	}
173cdf0e10cSrcweir 
174cdf0e10cSrcweir done:
175cdf0e10cSrcweir 	if( slot != NULL )
176cdf0e10cSrcweir 		PK11_FreeSlot( slot ) ;
177cdf0e10cSrcweir 
178cdf0e10cSrcweir 	PK11_LogoutAll() ;
179cdf0e10cSrcweir 	NSS_Shutdown() ;
180cdf0e10cSrcweir 
181cdf0e10cSrcweir 	}
182cdf0e10cSrcweir 
183cdf0e10cSrcweir 	return 0;
184cdf0e10cSrcweir }
185cdf0e10cSrcweir 
186