search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
merged tag ooo/OOO330_m14
[LibreOffice.git] / xmlsecurity / source / xmlsec / nss / securityenvironment_nssimpl.cxx
blob9458424afa7c929b98fccce5065d6b0fc3d56550
1 /*************************************************************************
2 *
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * Copyright 2000, 2010 Oracle and/or its affiliates.
6 *
7 * OpenOffice.org - a multi-platform office productivity suite
8 *
9 * This file is part of OpenOffice.org.
10 *
11 * OpenOffice.org is free software: you can redistribute it and/or modify
12 * it under the terms of the GNU Lesser General Public License version 3
13 * only, as published by the Free Software Foundation.
14 *
15 * OpenOffice.org is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU Lesser General Public License version 3 for more details
19 * (a copy is included in the LICENSE file that accompanied this code).
20 *
21 * You should have received a copy of the GNU Lesser General Public License
22 * version 3 along with OpenOffice.org. If not, see
23 * <http://www.openoffice.org/license.html>
24 * for a copy of the LGPLv3 License.
25 *
26 ************************************************************************/
27
28
29 // MARKER(update_precomp.py): autogen include statement, do not remove
30 #include "precompiled_xmlsecurity.hxx"
31
32 //todo before commit: nssrenam.h is not delivered!!!
33 #include "nssrenam.h"
34 #include "cert.h"
35 #include "secerr.h"
36 #include "ocsp.h"
37
38 #include <sal/config.h>
39 #include "securityenvironment_nssimpl.hxx"
40 #include "x509certificate_nssimpl.hxx"
41 #include <rtl/uuid.h>
42 #include "../diagnose.hxx"
43
44 #include <sal/types.h>
45 //For reasons that escape me, this is what xmlsec does when size_t is not 4
46 #if SAL_TYPES_SIZEOFPOINTER != 4
47 # define XMLSEC_NO_SIZE_T
48 #endif
49 #include <xmlsec/xmlsec.h>
50 #include <xmlsec/keysmngr.h>
51 #include <xmlsec/crypto.h>
52 #include <xmlsec/base64.h>
53 #include <xmlsec/strings.h>
54
55 #include <tools/string.hxx>
56 #include <rtl/ustrbuf.hxx>
57 #include <comphelper/processfactory.hxx>
58 #include <cppuhelper/servicefactory.hxx>
59 #include <comphelper/docpasswordrequest.hxx>
60 #include <xmlsecurity/biginteger.hxx>
61 #include <rtl/logfile.h>
62 #include <com/sun/star/task/XInteractionHandler.hpp>
63 #include <vector>
64 #include "boost/scoped_array.hpp"
65
66 #include "secerror.hxx"
67
68 // MM : added for password exception
69 #include <com/sun/star/security/NoPasswordException.hpp>
70 namespace csss = ::com::sun::star::security;
71 using namespace xmlsecurity;
72 using namespace ::com::sun::star::security;
73 using namespace com::sun::star;
74 using namespace ::com::sun::star::uno ;
75 using namespace ::com::sun::star::lang ;
76 using ::com::sun::star::lang::XMultiServiceFactory ;
77 using ::com::sun::star::lang::XSingleServiceFactory ;
78 using ::rtl::OUString ;
79
80 using ::com::sun::star::xml::crypto::XSecurityEnvironment ;
81 using ::com::sun::star::security::XCertificate ;
82
83 extern X509Certificate_NssImpl* NssCertToXCert( CERTCertificate* cert ) ;
84 extern X509Certificate_NssImpl* NssPrivKeyToXCert( SECKEYPrivateKey* ) ;
85
86
87 struct UsageDescription
88 {
89 SECCertificateUsage usage;
90 char const * const description;
91 };
92
93
94
95 char* GetPasswordFunction( PK11SlotInfo* pSlot, PRBool bRetry, void* /*arg*/ )
96 {
97 uno::Reference< lang::XMultiServiceFactory > xMSF( ::comphelper::getProcessServiceFactory() );
98 if ( xMSF.is() )
99 {
100 uno::Reference < task::XInteractionHandler > xInteractionHandler(
101 xMSF->createInstance( rtl::OUString::createFromAscii("com.sun.star.task.InteractionHandler") ), uno::UNO_QUERY );
102
103 if ( xInteractionHandler.is() )
104 {
105 task::PasswordRequestMode eMode = bRetry ? task::PasswordRequestMode_PASSWORD_REENTER : task::PasswordRequestMode_PASSWORD_ENTER;
106 ::comphelper::DocPasswordRequest* pPasswordRequest = new ::comphelper::DocPasswordRequest(
107 ::comphelper::DocPasswordRequestType_STANDARD, eMode, ::rtl::OUString::createFromAscii(PK11_GetTokenName(pSlot)) );
108
109 uno::Reference< task::XInteractionRequest > xRequest( pPasswordRequest );
110 xInteractionHandler->handle( xRequest );
111
112 if ( pPasswordRequest->isPassword() )
113 {
114 ByteString aPassword = ByteString( String( pPasswordRequest->getPassword() ), gsl_getSystemTextEncoding() );
115 USHORT nLen = aPassword.Len();
116 char* pPassword = (char*) PORT_Alloc( nLen+1 ) ;
117 pPassword[nLen] = 0;
118 memcpy( pPassword, aPassword.GetBuffer(), nLen );
119 return pPassword;
120 }
121 }
122 }
123 return NULL;
124 }
125
126 SecurityEnvironment_NssImpl :: SecurityEnvironment_NssImpl( const Reference< XMultiServiceFactory >& ) :
127 m_pHandler( NULL ) , m_tSymKeyList() , m_tPubKeyList() , m_tPriKeyList() {
128
129 PK11_SetPasswordFunc( GetPasswordFunction ) ;
130 }
131
132 SecurityEnvironment_NssImpl :: ~SecurityEnvironment_NssImpl() {
133
134 PK11_SetPasswordFunc( NULL ) ;
135
136 for (CIT_SLOTS i = m_Slots.begin(); i != m_Slots.end(); i++)
137 {
138 PK11_FreeSlot(*i);
139 }
140
141 if( !m_tSymKeyList.empty() ) {
142 std::list< PK11SymKey* >::iterator symKeyIt ;
143
144 for( symKeyIt = m_tSymKeyList.begin() ; symKeyIt != m_tSymKeyList.end() ; symKeyIt ++ )
145 PK11_FreeSymKey( *symKeyIt ) ;
146 }
147
148 if( !m_tPubKeyList.empty() ) {
149 std::list< SECKEYPublicKey* >::iterator pubKeyIt ;
150
151 for( pubKeyIt = m_tPubKeyList.begin() ; pubKeyIt != m_tPubKeyList.end() ; pubKeyIt ++ )
152 SECKEY_DestroyPublicKey( *pubKeyIt ) ;
153 }
154
155 if( !m_tPriKeyList.empty() ) {
156 std::list< SECKEYPrivateKey* >::iterator priKeyIt ;
157
158 for( priKeyIt = m_tPriKeyList.begin() ; priKeyIt != m_tPriKeyList.end() ; priKeyIt ++ )
159 SECKEY_DestroyPrivateKey( *priKeyIt ) ;
160 }
161 }
162
163 /* XInitialization */
164 void SAL_CALL SecurityEnvironment_NssImpl :: initialize( const Sequence< Any >& ) throw( Exception, RuntimeException ) {
165 // TBD
166 } ;
167
168 /* XServiceInfo */
169 OUString SAL_CALL SecurityEnvironment_NssImpl :: getImplementationName() throw( RuntimeException ) {
170 return impl_getImplementationName() ;
171 }
172
173 /* XServiceInfo */
174 sal_Bool SAL_CALL SecurityEnvironment_NssImpl :: supportsService( const OUString& serviceName) throw( RuntimeException ) {
175 Sequence< OUString > seqServiceNames = getSupportedServiceNames() ;
176 const OUString* pArray = seqServiceNames.getConstArray() ;
177 for( sal_Int32 i = 0 ; i < seqServiceNames.getLength() ; i ++ ) {
178 if( *( pArray + i ) == serviceName )
179 return sal_True ;
180 }
181 return sal_False ;
182 }
183
184 /* XServiceInfo */
185 Sequence< OUString > SAL_CALL SecurityEnvironment_NssImpl :: getSupportedServiceNames() throw( RuntimeException ) {
186 return impl_getSupportedServiceNames() ;
187 }
188
189 //Helper for XServiceInfo
190 Sequence< OUString > SecurityEnvironment_NssImpl :: impl_getSupportedServiceNames() {
191 ::osl::Guard< ::osl::Mutex > aGuard( ::osl::Mutex::getGlobalMutex() ) ;
192 Sequence< OUString > seqServiceNames( 1 ) ;
193 seqServiceNames.getArray()[0] = OUString::createFromAscii( "com.sun.star.xml.crypto.SecurityEnvironment" ) ;
194 return seqServiceNames ;
195 }
196
197 OUString SecurityEnvironment_NssImpl :: impl_getImplementationName() throw( RuntimeException ) {
198 return OUString::createFromAscii( "com.sun.star.xml.security.bridge.xmlsec.SecurityEnvironment_NssImpl" ) ;
199 }
200
201 //Helper for registry
202 Reference< XInterface > SAL_CALL SecurityEnvironment_NssImpl :: impl_createInstance( const Reference< XMultiServiceFactory >& aServiceManager ) throw( RuntimeException ) {
203 return Reference< XInterface >( *new SecurityEnvironment_NssImpl( aServiceManager ) ) ;
204 }
205
206 Reference< XSingleServiceFactory > SecurityEnvironment_NssImpl :: impl_createFactory( const Reference< XMultiServiceFactory >& aServiceManager ) {
207 //Reference< XSingleServiceFactory > xFactory ;
208 //xFactory = ::cppu::createSingleFactory( aServiceManager , impl_getImplementationName , impl_createInstance , impl_getSupportedServiceNames ) ;
209 //return xFactory ;
210 return ::cppu::createSingleFactory( aServiceManager , impl_getImplementationName() , impl_createInstance , impl_getSupportedServiceNames() ) ;
211 }
212
213 /* XUnoTunnel */
214 sal_Int64 SAL_CALL SecurityEnvironment_NssImpl :: getSomething( const Sequence< sal_Int8 >& aIdentifier )
215 throw( RuntimeException )
216 {
217 if( aIdentifier.getLength() == 16 && 0 == rtl_compareMemory( getUnoTunnelId().getConstArray(), aIdentifier.getConstArray(), 16 ) ) {
218 return sal::static_int_cast<sal_Int64>(reinterpret_cast<sal_uIntPtr>(this));
219 }
220 return 0 ;
221 }
222
223 /* XUnoTunnel extension */
224 const Sequence< sal_Int8>& SecurityEnvironment_NssImpl :: getUnoTunnelId() {
225 static Sequence< sal_Int8 >* pSeq = 0 ;
226 if( !pSeq ) {
227 ::osl::Guard< ::osl::Mutex > aGuard( ::osl::Mutex::getGlobalMutex() ) ;
228 if( !pSeq ) {
229 static Sequence< sal_Int8> aSeq( 16 ) ;
230 rtl_createUuid( ( sal_uInt8* )aSeq.getArray() , 0 , sal_True ) ;
231 pSeq = &aSeq ;
232 }
233 }
234 return *pSeq ;
235 }
236
237 /* XUnoTunnel extension */
238 SecurityEnvironment_NssImpl* SecurityEnvironment_NssImpl :: getImplementation( const Reference< XInterface > xObj ) {
239 Reference< XUnoTunnel > xUT( xObj , UNO_QUERY ) ;
240 if( xUT.is() ) {
241 return reinterpret_cast<SecurityEnvironment_NssImpl*>(
242 sal::static_int_cast<sal_uIntPtr>(xUT->getSomething( getUnoTunnelId() ))) ;
243 } else
244 return NULL ;
245 }
246
247
248 ::rtl::OUString SecurityEnvironment_NssImpl::getSecurityEnvironmentInformation() throw( ::com::sun::star::uno::RuntimeException )
249 {
250 rtl::OUString result;
251 ::rtl::OUStringBuffer buff;
252 for (CIT_SLOTS is = m_Slots.begin(); is != m_Slots.end(); is++)
253 {
254 buff.append(rtl::OUString::createFromAscii(PK11_GetTokenName(*is)));
255 buff.appendAscii("\n");
256 }
257 return buff.makeStringAndClear();
258 }
259
260 void SecurityEnvironment_NssImpl::addCryptoSlot( PK11SlotInfo* aSlot) throw( Exception , RuntimeException )
261 {
262 PK11_ReferenceSlot(aSlot);
263 m_Slots.push_back(aSlot);
264 }
265
266 CERTCertDBHandle* SecurityEnvironment_NssImpl :: getCertDb() throw( Exception , RuntimeException ) {
267 return m_pHandler ;
268 }
269
270 //Could we have multiple cert dbs?
271 void SecurityEnvironment_NssImpl :: setCertDb( CERTCertDBHandle* aCertDb ) throw( Exception , RuntimeException ) {
272 m_pHandler = aCertDb ;
273 }
274
275 void SecurityEnvironment_NssImpl :: adoptSymKey( PK11SymKey* aSymKey ) throw( Exception , RuntimeException ) {
276 PK11SymKey* symkey ;
277 std::list< PK11SymKey* >::iterator keyIt ;
278
279 if( aSymKey != NULL ) {
280 //First try to find the key in the list
281 for( keyIt = m_tSymKeyList.begin() ; keyIt != m_tSymKeyList.end() ; keyIt ++ ) {
282 if( *keyIt == aSymKey )
283 return ;
284 }
285
286 //If we do not find the key in the list, add a new node
287 symkey = PK11_ReferenceSymKey( aSymKey ) ;
288 if( symkey == NULL )
289 throw RuntimeException() ;
290
291 try {
292 m_tSymKeyList.push_back( symkey ) ;
293 } catch ( Exception& ) {
294 PK11_FreeSymKey( symkey ) ;
295 }
296 }
297 }
298
299 void SecurityEnvironment_NssImpl :: rejectSymKey( PK11SymKey* aSymKey ) throw( Exception , RuntimeException ) {
300 PK11SymKey* symkey ;
301 std::list< PK11SymKey* >::iterator keyIt ;
302
303 if( aSymKey != NULL ) {
304 for( keyIt = m_tSymKeyList.begin() ; keyIt != m_tSymKeyList.end() ; keyIt ++ ) {
305 if( *keyIt == aSymKey ) {
306 symkey = *keyIt ;
307 PK11_FreeSymKey( symkey ) ;
308 m_tSymKeyList.erase( keyIt ) ;
309 break ;
310 }
311 }
312 }
313 }
314
315 PK11SymKey* SecurityEnvironment_NssImpl :: getSymKey( unsigned int position ) throw( Exception , RuntimeException ) {
316 PK11SymKey* symkey ;
317 std::list< PK11SymKey* >::iterator keyIt ;
318 unsigned int pos ;
319
320 symkey = NULL ;
321 for( pos = 0, keyIt = m_tSymKeyList.begin() ; pos < position && keyIt != m_tSymKeyList.end() ; pos ++ , keyIt ++ ) ;
322
323 if( pos == position && keyIt != m_tSymKeyList.end() )
324 symkey = *keyIt ;
325
326 return symkey ;
327 }
328
329 void SecurityEnvironment_NssImpl :: adoptPubKey( SECKEYPublicKey* aPubKey ) throw( Exception , RuntimeException ) {
330 SECKEYPublicKey* pubkey ;
331 std::list< SECKEYPublicKey* >::iterator keyIt ;
332
333 if( aPubKey != NULL ) {
334 //First try to find the key in the list
335 for( keyIt = m_tPubKeyList.begin() ; keyIt != m_tPubKeyList.end() ; keyIt ++ ) {
336 if( *keyIt == aPubKey )
337 return ;
338 }
339
340 //If we do not find the key in the list, add a new node
341 pubkey = SECKEY_CopyPublicKey( aPubKey ) ;
342 if( pubkey == NULL )
343 throw RuntimeException() ;
344
345 try {
346 m_tPubKeyList.push_back( pubkey ) ;
347 } catch ( Exception& ) {
348 SECKEY_DestroyPublicKey( pubkey ) ;
349 }
350 }
351 }
352
353 void SecurityEnvironment_NssImpl :: rejectPubKey( SECKEYPublicKey* aPubKey ) throw( Exception , RuntimeException ) {
354 SECKEYPublicKey* pubkey ;
355 std::list< SECKEYPublicKey* >::iterator keyIt ;
356
357 if( aPubKey != NULL ) {
358 for( keyIt = m_tPubKeyList.begin() ; keyIt != m_tPubKeyList.end() ; keyIt ++ ) {
359 if( *keyIt == aPubKey ) {
360 pubkey = *keyIt ;
361 SECKEY_DestroyPublicKey( pubkey ) ;
362 m_tPubKeyList.erase( keyIt ) ;
363 break ;
364 }
365 }
366 }
367 }
368
369 SECKEYPublicKey* SecurityEnvironment_NssImpl :: getPubKey( unsigned int position ) throw( Exception , RuntimeException ) {
370 SECKEYPublicKey* pubkey ;
371 std::list< SECKEYPublicKey* >::iterator keyIt ;
372 unsigned int pos ;
373
374 pubkey = NULL ;
375 for( pos = 0, keyIt = m_tPubKeyList.begin() ; pos < position && keyIt != m_tPubKeyList.end() ; pos ++ , keyIt ++ ) ;
376
377 if( pos == position && keyIt != m_tPubKeyList.end() )
378 pubkey = *keyIt ;
379
380 return pubkey ;
381 }
382
383 void SecurityEnvironment_NssImpl :: adoptPriKey( SECKEYPrivateKey* aPriKey ) throw( Exception , RuntimeException ) {
384 SECKEYPrivateKey* prikey ;
385 std::list< SECKEYPrivateKey* >::iterator keyIt ;
386
387 if( aPriKey != NULL ) {
388 //First try to find the key in the list
389 for( keyIt = m_tPriKeyList.begin() ; keyIt != m_tPriKeyList.end() ; keyIt ++ ) {
390 if( *keyIt == aPriKey )
391 return ;
392 }
393
394 //If we do not find the key in the list, add a new node
395 prikey = SECKEY_CopyPrivateKey( aPriKey ) ;
396 if( prikey == NULL )
397 throw RuntimeException() ;
398
399 try {
400 m_tPriKeyList.push_back( prikey ) ;
401 } catch ( Exception& ) {
402 SECKEY_DestroyPrivateKey( prikey ) ;
403 }
404 }
405 }
406
407 void SecurityEnvironment_NssImpl :: rejectPriKey( SECKEYPrivateKey* aPriKey ) throw( Exception , RuntimeException ) {
408 SECKEYPrivateKey* prikey ;
409 std::list< SECKEYPrivateKey* >::iterator keyIt ;
410
411 if( aPriKey != NULL ) {
412 for( keyIt = m_tPriKeyList.begin() ; keyIt != m_tPriKeyList.end() ; keyIt ++ ) {
413 if( *keyIt == aPriKey ) {
414 prikey = *keyIt ;
415 SECKEY_DestroyPrivateKey( prikey ) ;
416 m_tPriKeyList.erase( keyIt ) ;
417 break ;
418 }
419 }
420 }
421 }
422
423 SECKEYPrivateKey* SecurityEnvironment_NssImpl :: getPriKey( unsigned int position ) throw( ::com::sun::star::uno::Exception , ::com::sun::star::uno::RuntimeException ) {
424 SECKEYPrivateKey* prikey ;
425 std::list< SECKEYPrivateKey* >::iterator keyIt ;
426 unsigned int pos ;
427
428 prikey = NULL ;
429 for( pos = 0, keyIt = m_tPriKeyList.begin() ; pos < position && keyIt != m_tPriKeyList.end() ; pos ++ , keyIt ++ ) ;
430
431 if( pos == position && keyIt != m_tPriKeyList.end() )
432 prikey = *keyIt ;
433
434 return prikey ;
435 }
436
437 void SecurityEnvironment_NssImpl::updateSlots()
438 {
439 //In case new tokens are present then we can obtain the corresponding slot
440 PK11SlotList * soltList = NULL;
441 PK11SlotListElement * soltEle = NULL;
442 PK11SlotInfo * pSlot = NULL;
443 PK11SymKey * pSymKey = NULL;
444
445 osl::MutexGuard guard(m_mutex);
446
447 m_Slots.clear();
448 m_tSymKeyList.clear();
449
450 soltList = PK11_GetAllTokens( CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, NULL ) ;
451 if( soltList != NULL )
452 {
453 for( soltEle = soltList->head ; soltEle != NULL; soltEle = soltEle->next )
454 {
455 pSlot = soltEle->slot ;
456
457 if(pSlot != NULL)
458 {
459 RTL_LOGFILE_TRACE2( "XMLSEC: Found a slot: SlotName=%s, TokenName=%s", PK11_GetSlotName(pSlot), PK11_GetTokenName(pSlot) );
460
461 //The following code which is commented out checks if a slot, that is a smart card for example, is
462 // able to generate a symmetric key of type CKM_DES3_CBC. If this fails then this token
463 // will not be used. This key is possibly used for the encryption service. However, all
464 // interfaces and services used for public key signature and encryption are not published
465 // and the encryption is not used in OOo. Therefore it does not do any harm to remove
466 // this code, hence allowing smart cards which cannot generate this type of key.
467 //
468 // By doing this, the encryption may fail if a smart card is being used which does not
469 // support this key generation.
470 //
471 pSymKey = PK11_KeyGen( pSlot , CKM_DES3_CBC, NULL, 128, NULL ) ;
472 // if( pSymKey == NULL )
473 // {
474 // PK11_FreeSlot( pSlot ) ;
475 // RTL_LOGFILE_TRACE( "XMLSEC: Error - pSymKey is NULL" );
476 // continue;
477 // }
478 addCryptoSlot(pSlot);
479 PK11_FreeSlot( pSlot ) ;
480 pSlot = NULL;
481
482 if (pSymKey != NULL)
483 {
484 adoptSymKey( pSymKey ) ;
485 PK11_FreeSymKey( pSymKey ) ;
486 pSymKey = NULL;
487 }
488
489 }// end of if(pSlot != NULL)
490 }// end of for
491 }// end of if( soltList != NULL )
492
493 }
494
495
496 Sequence< Reference < XCertificate > >
497 SecurityEnvironment_NssImpl::getPersonalCertificates() throw( SecurityException , RuntimeException )
498 {
499 sal_Int32 length ;
500 X509Certificate_NssImpl* xcert ;
501 std::list< X509Certificate_NssImpl* > certsList ;
502
503 updateSlots();
504 //firstly, we try to find private keys in slot
505 for (CIT_SLOTS is = m_Slots.begin(); is != m_Slots.end(); is++)
506 {
507 PK11SlotInfo *slot = *is;
508 SECKEYPrivateKeyList* priKeyList ;
509 SECKEYPrivateKeyListNode* curPri ;
510
511 if( PK11_NeedLogin(slot ) ) {
512 SECStatus nRet = PK11_Authenticate(slot, PR_TRUE, NULL);
513 //PK11_Authenticate may fail in case the a slot has not been initialized.
514 //this is the case if the user has a new profile, so that they have never
515 //added a personal certificate.
516 if( nRet != SECSuccess && PORT_GetError() != SEC_ERROR_IO) {
517 throw NoPasswordException();
518 }
519 }
520
521 priKeyList = PK11_ListPrivateKeysInSlot(slot) ;
522 if( priKeyList != NULL ) {
523 for( curPri = PRIVKEY_LIST_HEAD( priKeyList );
524 !PRIVKEY_LIST_END( curPri, priKeyList ) && curPri != NULL ;
525 curPri = PRIVKEY_LIST_NEXT( curPri ) ) {
526 xcert = NssPrivKeyToXCert( curPri->key ) ;
527 if( xcert != NULL )
528 certsList.push_back( xcert ) ;
529 }
530 }
531
532 SECKEY_DestroyPrivateKeyList( priKeyList ) ;
533 }
534
535 //secondly, we try to find certificate from registered private keys.
536 if( !m_tPriKeyList.empty() ) {
537 std::list< SECKEYPrivateKey* >::iterator priKeyIt ;
538
539 for( priKeyIt = m_tPriKeyList.begin() ; priKeyIt != m_tPriKeyList.end() ; priKeyIt ++ ) {
540 xcert = NssPrivKeyToXCert( *priKeyIt ) ;
541 if( xcert != NULL )
542 certsList.push_back( xcert ) ;
543 }
544 }
545
546 length = certsList.size() ;
547 if( length != 0 ) {
548 int i ;
549 std::list< X509Certificate_NssImpl* >::iterator xcertIt ;
550 Sequence< Reference< XCertificate > > certSeq( length ) ;
551
552 for( i = 0, xcertIt = certsList.begin(); xcertIt != certsList.end(); xcertIt ++, i++ ) {
553 certSeq[i] = *xcertIt ;
554 }
555
556 return certSeq ;
557 }
558
559 return Sequence< Reference < XCertificate > > ();
560 }
561
562 Reference< XCertificate > SecurityEnvironment_NssImpl :: getCertificate( const OUString& issuerName, const Sequence< sal_Int8 >& serialNumber ) throw( SecurityException , RuntimeException )
563 {
564 X509Certificate_NssImpl* xcert = NULL;
565
566 if( m_pHandler != NULL ) {
567 CERTIssuerAndSN issuerAndSN ;
568 CERTCertificate* cert ;
569 CERTName* nmIssuer ;
570 char* chIssuer ;
571 SECItem* derIssuer ;
572 PRArenaPool* arena ;
573
574 arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE ) ;
575 if( arena == NULL )
576 throw RuntimeException() ;
577
578 /*
579 * mmi : because MS Crypto use the 'S' tag (equal to the 'ST' tag in NSS), but the NSS can't recognise
580 * it, so the 'S' tag should be changed to 'ST' tag
581 *
582 * PS : it can work, but inside libxmlsec, the 'S' tag is till used to find cert in NSS engine, so it
583 * is not useful at all. (comment out now)
584 */
585
586 /*
587 sal_Int32 nIndex = 0;
588 OUString newIssuerName;
589 do
590 {
591 OUString aToken = issuerName.getToken( 0, ',', nIndex ).trim();
592 if (aToken.compareToAscii("S=",2) == 0)
593 {
594 newIssuerName+=OUString::createFromAscii("ST=");
595 newIssuerName+=aToken.copy(2);
596 }
597 else
598 {
599 newIssuerName+=aToken;
600 }
601
602 if (nIndex >= 0)
603 {
604 newIssuerName+=OUString::createFromAscii(",");
605 }
606 } while ( nIndex >= 0 );
607 */
608
609 /* end */
610
611 //Create cert info from issue and serial
612 rtl::OString ostr = rtl::OUStringToOString( issuerName , RTL_TEXTENCODING_UTF8 ) ;
613 chIssuer = PL_strndup( ( char* )ostr.getStr(), ( int )ostr.getLength() ) ;
614 nmIssuer = CERT_AsciiToName( chIssuer ) ;
615 if( nmIssuer == NULL ) {
616 PL_strfree( chIssuer ) ;
617 PORT_FreeArena( arena, PR_FALSE ) ;
618
619 /*
620 * i40394
621 *
622 * mmi : no need to throw exception
623 * just return "no found"
624 */
625 //throw RuntimeException() ;
626 return NULL;
627 }
628
629 derIssuer = SEC_ASN1EncodeItem( arena, NULL, ( void* )nmIssuer, SEC_ASN1_GET( CERT_NameTemplate ) ) ;
630 if( derIssuer == NULL ) {
631 PL_strfree( chIssuer ) ;
632 CERT_DestroyName( nmIssuer ) ;
633 PORT_FreeArena( arena, PR_FALSE ) ;
634 throw RuntimeException() ;
635 }
636
637 memset( &issuerAndSN, 0, sizeof( issuerAndSN ) ) ;
638
639 issuerAndSN.derIssuer.data = derIssuer->data ;
640 issuerAndSN.derIssuer.len = derIssuer->len ;
641
642 issuerAndSN.serialNumber.data = ( unsigned char* )&serialNumber[0] ;
643 issuerAndSN.serialNumber.len = serialNumber.getLength() ;
644
645 cert = CERT_FindCertByIssuerAndSN( m_pHandler, &issuerAndSN ) ;
646 if( cert != NULL ) {
647 xcert = NssCertToXCert( cert ) ;
648 } else {
649 xcert = NULL ;
650 }
651
652 PL_strfree( chIssuer ) ;
653 CERT_DestroyName( nmIssuer ) ;
654 //SECITEM_FreeItem( derIssuer, PR_FALSE ) ;
655 CERT_DestroyCertificate( cert ) ;
656 PORT_FreeArena( arena, PR_FALSE ) ;
657 } else {
658 xcert = NULL ;
659 }
660
661 return xcert ;
662 }
663
664 Reference< XCertificate > SecurityEnvironment_NssImpl :: getCertificate( const OUString& issuerName, const OUString& serialNumber ) throw( SecurityException , RuntimeException ) {
665 Sequence< sal_Int8 > serial = numericStringToBigInteger( serialNumber ) ;
666 return getCertificate( issuerName, serial ) ;
667 }
668
669 Sequence< Reference < XCertificate > > SecurityEnvironment_NssImpl :: buildCertificatePath( const Reference< XCertificate >& begin ) throw( SecurityException , RuntimeException ) {
670 const X509Certificate_NssImpl* xcert ;
671 const CERTCertificate* cert ;
672 CERTCertList* certChain ;
673
674 Reference< XUnoTunnel > xCertTunnel( begin, UNO_QUERY ) ;
675 if( !xCertTunnel.is() ) {
676 throw RuntimeException() ;
677 }
678
679 xcert = reinterpret_cast<X509Certificate_NssImpl*>(
680 sal::static_int_cast<sal_uIntPtr>(xCertTunnel->getSomething( X509Certificate_NssImpl::getUnoTunnelId() ))) ;
681 if( xcert == NULL ) {
682 throw RuntimeException() ;
683 }
684
685 cert = xcert->getNssCert() ;
686 if( cert != NULL ) {
687 int64 timeboundary ;
688
689 //Get the system clock time
690 timeboundary = PR_Now() ;
691
692 certChain = CERT_GetCertChainFromCert( ( CERTCertificate* )cert, timeboundary, certUsageAnyCA ) ;
693 } else {
694 certChain = NULL ;
695 }
696
697 if( certChain != NULL ) {
698 X509Certificate_NssImpl* pCert ;
699 CERTCertListNode* node ;
700 int len ;
701
702 for( len = 0, node = CERT_LIST_HEAD( certChain ); !CERT_LIST_END( node, certChain ); node = CERT_LIST_NEXT( node ), len ++ ) ;
703 Sequence< Reference< XCertificate > > xCertChain( len ) ;
704
705 for( len = 0, node = CERT_LIST_HEAD( certChain ); !CERT_LIST_END( node, certChain ); node = CERT_LIST_NEXT( node ), len ++ ) {
706 pCert = new X509Certificate_NssImpl() ;
707 if( pCert == NULL ) {
708 CERT_DestroyCertList( certChain ) ;
709 throw RuntimeException() ;
710 }
711
712 pCert->setCert( node->cert ) ;
713
714 xCertChain[len] = pCert ;
715 }
716
717 CERT_DestroyCertList( certChain ) ;
718
719 return xCertChain ;
720 }
721
722 return Sequence< Reference < XCertificate > >();
723 }
724
725 Reference< XCertificate > SecurityEnvironment_NssImpl :: createCertificateFromRaw( const Sequence< sal_Int8 >& rawCertificate ) throw( SecurityException , RuntimeException ) {
726 X509Certificate_NssImpl* xcert ;
727
728 if( rawCertificate.getLength() > 0 ) {
729 xcert = new X509Certificate_NssImpl() ;
730 if( xcert == NULL )
731 throw RuntimeException() ;
732
733 xcert->setRawCert( rawCertificate ) ;
734 } else {
735 xcert = NULL ;
736 }
737
738 return xcert ;
739 }
740
741 Reference< XCertificate > SecurityEnvironment_NssImpl :: createCertificateFromAscii( const OUString& asciiCertificate ) throw( SecurityException , RuntimeException ) {
742 xmlChar* chCert ;
743 xmlSecSize certSize ;
744
745 rtl::OString oscert = rtl::OUStringToOString( asciiCertificate , RTL_TEXTENCODING_ASCII_US ) ;
746
747 chCert = xmlStrndup( ( const xmlChar* )oscert.getStr(), ( int )oscert.getLength() ) ;
748
749 certSize = xmlSecBase64Decode( chCert, ( xmlSecByte* )chCert, xmlStrlen( chCert ) ) ;
750
751 Sequence< sal_Int8 > rawCert( certSize ) ;
752 for( unsigned int i = 0 ; i < certSize ; i ++ )
753 rawCert[i] = *( chCert + i ) ;
754
755 xmlFree( chCert ) ;
756
757 return createCertificateFromRaw( rawCert ) ;
758 }
759
760 sal_Int32 SecurityEnvironment_NssImpl ::
761 verifyCertificate( const Reference< csss::XCertificate >& aCert,
762 const Sequence< Reference< csss::XCertificate > >& intermediateCerts )
763 throw( ::com::sun::star::uno::SecurityException, ::com::sun::star::uno::RuntimeException )
764 {
765 sal_Int32 validity = csss::CertificateValidity::INVALID;
766 const X509Certificate_NssImpl* xcert ;
767 const CERTCertificate* cert ;
768 ::std::vector<CERTCertificate*> vecTmpNSSCertificates;
769 Reference< XUnoTunnel > xCertTunnel( aCert, UNO_QUERY ) ;
770 if( !xCertTunnel.is() ) {
771 throw RuntimeException() ;
772 }
773
774 xmlsec_trace("Start verification of certificate: \n %s \n",
775 OUStringToOString(
776 aCert->getSubjectName(), osl_getThreadTextEncoding()).getStr());
777
778 xcert = reinterpret_cast<X509Certificate_NssImpl*>(
779 sal::static_int_cast<sal_uIntPtr>(xCertTunnel->getSomething( X509Certificate_NssImpl::getUnoTunnelId() ))) ;
780 if( xcert == NULL ) {
781 throw RuntimeException() ;
782 }
783
784 //CERT_PKIXVerifyCert does not take a db as argument. It will therefore
785 //internally use CERT_GetDefaultCertDB
786 //Make sure m_pHandler is the default DB
787 OSL_ASSERT(m_pHandler == CERT_GetDefaultCertDB());
788 CERTCertDBHandle * certDb = m_pHandler != NULL ? m_pHandler : CERT_GetDefaultCertDB();
789 cert = xcert->getNssCert() ;
790 if( cert != NULL )
791 {
792
793 //prepare the intermediate certificates
794 for (sal_Int32 i = 0; i < intermediateCerts.getLength(); i++)
795 {
796 Sequence<sal_Int8> der = intermediateCerts[i]->getEncoded();
797 SECItem item;
798 item.type = siBuffer;
799 item.data = (unsigned char*)der.getArray();
800 item.len = der.getLength();
801
802 CERTCertificate* certTmp = CERT_NewTempCertificate(certDb, &item,
803 NULL /* nickname */,
804 PR_FALSE /* isPerm */,
805 PR_TRUE /* copyDER */);
806 if (!certTmp)
807 {
808 xmlsec_trace("Failed to add a temporary certificate: %s",
809 OUStringToOString(intermediateCerts[i]->getIssuerName(),
810 osl_getThreadTextEncoding()).getStr());
811
812 }
813 else
814 {
815 xmlsec_trace("Added temporary certificate: %s",
816 certTmp->subjectName ? certTmp->subjectName : "");
817 vecTmpNSSCertificates.push_back(certTmp);
818 }
819 }
820
821
822 SECStatus status ;
823
824 CERTVerifyLog log;
825 log.arena = PORT_NewArena(512);
826 log.head = log.tail = NULL;
827 log.count = 0;
828
829 CERT_EnableOCSPChecking(certDb);
830 CERT_DisableOCSPDefaultResponder(certDb);
831 CERTValOutParam cvout[5];
832 CERTValInParam cvin[3];
833
834 cvin[0].type = cert_pi_useAIACertFetch;
835 cvin[0].value.scalar.b = PR_TRUE;
836
837 PRUint64 revFlagsLeaf[2];
838 PRUint64 revFlagsChain[2];
839 CERTRevocationFlags rev;
840 rev.leafTests.number_of_defined_methods = 2;
841 rev.leafTests.cert_rev_flags_per_method = revFlagsLeaf;
842 //the flags are defined in cert.h
843 //We check both leaf and chain.
844 //It is enough if one revocation method has fresh info,
845 //but at least one must have some. Otherwise validation fails.
846 //!!! using leaf test and CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE
847 // when validating a root certificate will result in "revoked". Usually
848 //there is no revocation information available for the root cert because
849 //it must be trusted anyway and it does itself issue revocation information.
850 //When we use the flag here and OOo shows the certification path then the root
851 //cert is invalid while all other can be valid. It would probably best if
852 //this interface method returned the whole chain.
853 //Otherwise we need to check if the certificate is self-signed and if it is
854 //then not use the flag when doing the leaf-test.
855 rev.leafTests.cert_rev_flags_per_method[cert_revocation_method_crl] =
856 CERT_REV_M_TEST_USING_THIS_METHOD
857 | CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE;
858 rev.leafTests.cert_rev_flags_per_method[cert_revocation_method_ocsp] =
859 CERT_REV_M_TEST_USING_THIS_METHOD
860 | CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE;
861 rev.leafTests.number_of_preferred_methods = 0;
862 rev.leafTests.preferred_methods = NULL;
863 rev.leafTests.cert_rev_method_independent_flags =
864 CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST;
865 // | CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE;
866
867 rev.chainTests.number_of_defined_methods = 2;
868 rev.chainTests.cert_rev_flags_per_method = revFlagsChain;
869 rev.chainTests.cert_rev_flags_per_method[cert_revocation_method_crl] =
870 CERT_REV_M_TEST_USING_THIS_METHOD
871 | CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE;
872 rev.chainTests.cert_rev_flags_per_method[cert_revocation_method_ocsp] =
873 CERT_REV_M_TEST_USING_THIS_METHOD
874 | CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE;
875 rev.chainTests.number_of_preferred_methods = 0;
876 rev.chainTests.preferred_methods = NULL;
877 rev.chainTests.cert_rev_method_independent_flags =
878 CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST;
879 // | CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE;
880
881
882 cvin[1].type = cert_pi_revocationFlags;
883 cvin[1].value.pointer.revocation = &rev;
884 // does not work, not implemented yet in 3.12.4
885 // cvin[2].type = cert_pi_keyusage;
886 // cvin[2].value.scalar.ui = KU_DIGITAL_SIGNATURE;
887 cvin[2].type = cert_pi_end;
888
889 cvout[0].type = cert_po_trustAnchor;
890 cvout[0].value.pointer.cert = NULL;
891 cvout[1].type = cert_po_errorLog;
892 cvout[1].value.pointer.log = &log;
893 cvout[2].type = cert_po_end;
894
895 // We check SSL server certificates, CA certificates and signing sertificates.
896 //
897 // ToDo check keyusage, looking at CERT_KeyUsageAndTypeForCertUsage (
898 // mozilla/security/nss/lib/certdb/certdb.c indicates that
899 // certificateUsageSSLClient, certificateUsageSSLServer and certificateUsageSSLCA
900 // are sufficient. They cover the key usages for digital signature, key agreement
901 // and encipherment and certificate signature
902
903 //never use the following usages because they are not checked properly
904 // certificateUsageUserCertImport
905 // certificateUsageVerifyCA
906 // certificateUsageAnyCA
907 // certificateUsageProtectedObjectSigner
908
909 UsageDescription arUsages[] =
910 {
911 {certificateUsageSSLClient, "certificateUsageSSLClient" },
912 {certificateUsageSSLServer, "certificateUsageSSLServer" },
913 {certificateUsageSSLCA, "certificateUsageSSLCA" },
914 {certificateUsageEmailSigner, "certificateUsageEmailSigner"}, //only usable for end certs
915 {certificateUsageEmailRecipient, "certificateUsageEmailRecipient"}
916 };
917
918 int numUsages = sizeof(arUsages) / sizeof(UsageDescription);
919 for (int i = 0; i < numUsages; i++)
920 {
921 xmlsec_trace("Testing usage %d of %d: %s (0x%x)", i + 1,
922 numUsages, arUsages[i].description, (int) arUsages[i].usage);
923
924 status = CERT_PKIXVerifyCert(const_cast<CERTCertificate *>(cert), arUsages[i].usage,
925 cvin, cvout, NULL);
926 if( status == SECSuccess )
927 {
928 xmlsec_trace("CERT_PKIXVerifyCert returned SECSuccess.");
929 //When an intermediate or root certificate is checked then we expect the usage
930 //certificateUsageSSLCA. This, however, will be only set when in the trust settings dialog
931 //the button "This certificate can identify websites" is checked. If for example only
932 //"This certificate can identify mail users" is set then the end certificate can
933 //be validated and the returned usage will conain certificateUsageEmailRecipient.
934 //But checking directly the root or intermediate certificate will fail. In the
935 //certificate path view the end certificate will be shown as valid but the others
936 //will be displayed as invalid.
937
938 validity = csss::CertificateValidity::VALID;
939 xmlsec_trace("Certificate is valid.\n");
940 CERTCertificate * issuerCert = cvout[0].value.pointer.cert;
941 if (issuerCert)
942 {
943 xmlsec_trace("Root certificate: %s", issuerCert->subjectName);
944 CERT_DestroyCertificate(issuerCert);
945 };
946
947 break;
948 }
949 else
950 {
951 PRIntn err = PR_GetError();
952 xmlsec_trace("Error: , %d = %s", err, getCertError(err));
953
954 /* Display validation results */
955 if ( log.count > 0)
956 {
957 CERTVerifyLogNode *node = NULL;
958 printChainFailure(&log);
959
960 for (node = log.head; node; node = node->next) {
961 if (node->cert)
962 CERT_DestroyCertificate(node->cert);
963 }
964 log.head = log.tail = NULL;
965 log.count = 0;
966 }
967 xmlsec_trace("Certificate is invalid.\n");
968 }
969 }
970
971 }
972 else
973 {
974 validity = ::com::sun::star::security::CertificateValidity::INVALID ;
975 }
976
977 //Destroying the temporary certificates
978 std::vector<CERTCertificate*>::const_iterator cert_i;
979 for (cert_i = vecTmpNSSCertificates.begin(); cert_i != vecTmpNSSCertificates.end(); cert_i++)
980 {
981 xmlsec_trace("Destroying temporary certificate");
982 CERT_DestroyCertificate(*cert_i);
983 }
984 return validity ;
985 }
986
987 sal_Int32 SecurityEnvironment_NssImpl::getCertificateCharacters(
988 const ::com::sun::star::uno::Reference< ::com::sun::star::security::XCertificate >& aCert ) throw( ::com::sun::star::uno::SecurityException, ::com::sun::star::uno::RuntimeException ) {
989 sal_Int32 characters ;
990 const X509Certificate_NssImpl* xcert ;
991 const CERTCertificate* cert ;
992
993 Reference< XUnoTunnel > xCertTunnel( aCert, UNO_QUERY ) ;
994 if( !xCertTunnel.is() ) {
995 throw RuntimeException() ;
996 }
997
998 xcert = reinterpret_cast<X509Certificate_NssImpl*>(
999 sal::static_int_cast<sal_uIntPtr>(xCertTunnel->getSomething( X509Certificate_NssImpl::getUnoTunnelId() ))) ;
1000 if( xcert == NULL ) {
1001 throw RuntimeException() ;
1002 }
1003
1004 cert = xcert->getNssCert() ;
1005
1006 characters = 0x00000000 ;
1007
1008 //Firstly, find out whether or not the cert is self-signed.
1009 if( SECITEM_CompareItem( &(cert->derIssuer), &(cert->derSubject) ) == SECEqual ) {
1010 characters |= ::com::sun::star::security::CertificateCharacters::SELF_SIGNED ;
1011 } else {
1012 characters &= ~ ::com::sun::star::security::CertificateCharacters::SELF_SIGNED ;
1013 }
1014
1015 //Secondly, find out whether or not the cert has a private key.
1016
1017 /*
1018 * i40394
1019 *
1020 * mmi : need to check whether the cert's slot is valid first
1021 */
1022 SECKEYPrivateKey* priKey = NULL;
1023
1024 if (cert->slot != NULL)
1025 {
1026 priKey = PK11_FindPrivateKeyFromCert( cert->slot, ( CERTCertificate* )cert, NULL ) ;
1027 }
1028 if(priKey == NULL)
1029 {
1030 for (CIT_SLOTS is = m_Slots.begin(); is != m_Slots.end(); is++)
1031 {
1032 priKey = PK11_FindPrivateKeyFromCert(*is, (CERTCertificate*)cert, NULL);
1033 if (priKey)
1034 break;
1035 }
1036 }
1037 if( priKey != NULL ) {
1038 characters |= ::com::sun::star::security::CertificateCharacters::HAS_PRIVATE_KEY ;
1039
1040 SECKEY_DestroyPrivateKey( priKey ) ;
1041 } else {
1042 characters &= ~ ::com::sun::star::security::CertificateCharacters::HAS_PRIVATE_KEY ;
1043 }
1044
1045 return characters ;
1046 }
1047
1048 X509Certificate_NssImpl* NssCertToXCert( CERTCertificate* cert )
1049 {
1050 X509Certificate_NssImpl* xcert ;
1051
1052 if( cert != NULL ) {
1053 xcert = new X509Certificate_NssImpl() ;
1054 if( xcert == NULL ) {
1055 xcert = NULL ;
1056 } else {
1057 xcert->setCert( cert ) ;
1058 }
1059 } else {
1060 xcert = NULL ;
1061 }
1062
1063 return xcert ;
1064 }
1065
1066 X509Certificate_NssImpl* NssPrivKeyToXCert( SECKEYPrivateKey* priKey )
1067 {
1068 CERTCertificate* cert ;
1069 X509Certificate_NssImpl* xcert ;
1070
1071 if( priKey != NULL ) {
1072 cert = PK11_GetCertFromPrivateKey( priKey ) ;
1073
1074 if( cert != NULL ) {
1075 xcert = NssCertToXCert( cert ) ;
1076 } else {
1077 xcert = NULL ;
1078 }
1079
1080 CERT_DestroyCertificate( cert ) ;
1081 } else {
1082 xcert = NULL ;
1083 }
1084
1085 return xcert ;
1086 }
1087
1088
1089 /* Native methods */
1090 xmlSecKeysMngrPtr SecurityEnvironment_NssImpl::createKeysManager() throw( Exception, RuntimeException ) {
1091
1092 unsigned int i ;
1093 CERTCertDBHandle* handler = NULL ;
1094 PK11SymKey* symKey = NULL ;
1095 SECKEYPublicKey* pubKey = NULL ;
1096 SECKEYPrivateKey* priKey = NULL ;
1097 xmlSecKeysMngrPtr pKeysMngr = NULL ;
1098
1099 handler = this->getCertDb() ;
1100
1101 /*-
1102 * The following lines is based on the private version of xmlSec-NSS
1103 * crypto engine
1104 */
1105 int cSlots = m_Slots.size();
1106 boost::scoped_array<PK11SlotInfo*> sarSlots(new PK11SlotInfo*[cSlots]);
1107 PK11SlotInfo** slots = sarSlots.get();
1108 int count = 0;
1109 for (CIT_SLOTS islots = m_Slots.begin();islots != m_Slots.end(); islots++, count++)
1110 slots[count] = *islots;
1111
1112 pKeysMngr = xmlSecNssAppliedKeysMngrCreate(slots, cSlots, handler ) ;
1113 if( pKeysMngr == NULL )
1114 throw RuntimeException() ;
1115
1116 /*-
1117 * Adopt symmetric key into keys manager
1118 */
1119 for( i = 0 ; ( symKey = this->getSymKey( i ) ) != NULL ; i ++ ) {
1120 if( xmlSecNssAppliedKeysMngrSymKeyLoad( pKeysMngr, symKey ) < 0 ) {
1121 throw RuntimeException() ;
1122 }
1123 }
1124
1125 /*-
1126 * Adopt asymmetric public key into keys manager
1127 */
1128 for( i = 0 ; ( pubKey = this->getPubKey( i ) ) != NULL ; i ++ ) {
1129 if( xmlSecNssAppliedKeysMngrPubKeyLoad( pKeysMngr, pubKey ) < 0 ) {
1130 throw RuntimeException() ;
1131 }
1132 }
1133
1134 /*-
1135 * Adopt asymmetric private key into keys manager
1136 */
1137 for( i = 0 ; ( priKey = this->getPriKey( i ) ) != NULL ; i ++ ) {
1138 if( xmlSecNssAppliedKeysMngrPriKeyLoad( pKeysMngr, priKey ) < 0 ) {
1139 throw RuntimeException() ;
1140 }
1141 }
1142 return pKeysMngr ;
1143 }
1144 void SecurityEnvironment_NssImpl::destroyKeysManager(xmlSecKeysMngrPtr pKeysMngr) throw( Exception, RuntimeException ) {
1145 if( pKeysMngr != NULL ) {
1146 xmlSecKeysMngrDestroy( pKeysMngr ) ;
1147 }
1148 }
FREE OFFICE SUITE