xmlsecurity/source/gpg/SecurityEnvironment.cxx

   1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
   2 /*
   3  * This file is part of the LibreOffice project.
   4  *
   5  * This Source Code Form is subject to the terms of the Mozilla Public
   6  * License, v. 2.0. If a copy of the MPL was not distributed with this
   7  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
   8  */
   9
  10 #include <config_gpgme.h>
  11
  12 #include "SecurityEnvironment.hxx"
  13 #include "CertificateImpl.hxx"
  14
  15 #include <cppuhelper/supportsservice.hxx>
  16 #include <comphelper/servicehelper.hxx>
  17 #include <list>
  18
  19 #include <key.h>
  20 #include <keylistresult.h>
  21 #include <xmlsec-wrapper.h>
  22
  23 using namespace css;
  24 using namespace css::security;
  25 using namespace css::uno;
  26 using namespace css::lang;
  27
  28 SecurityEnvironmentGpg::SecurityEnvironmentGpg()
  29 {
  30     GpgME::Error err = GpgME::checkEngine(GpgME::OpenPGP);
  31     if (err)
  32         throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
  33
  34     m_ctx.reset( GpgME::Context::createForProtocol(GpgME::OpenPGP) );
  35     if (m_ctx == nullptr)
  36         throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
  37     m_ctx->setArmor(false);
  38 }
  39
  40 SecurityEnvironmentGpg::~SecurityEnvironmentGpg()
  41 {
  42 }
  43
  44 /* XUnoTunnel */
  45 sal_Int64 SAL_CALL SecurityEnvironmentGpg::getSomething( const Sequence< sal_Int8 >& aIdentifier )
  46 {
  47     if( aIdentifier.getLength() == 16 && 0 == memcmp( getUnoTunnelId().getConstArray(), aIdentifier.getConstArray(), 16 ) ) {
  48         return sal::static_int_cast<sal_Int64>(reinterpret_cast<sal_uIntPtr>(this));
  49     }
  50     return 0 ;
  51 }
  52
  53 /* XUnoTunnel extension */
  54
  55 namespace
  56 {
  57     class theSecurityEnvironmentUnoTunnelId  : public rtl::Static< UnoTunnelIdInit, theSecurityEnvironmentUnoTunnelId > {};
  58 }
  59
  60 const Sequence< sal_Int8>& SecurityEnvironmentGpg::getUnoTunnelId() {
  61     return theSecurityEnvironmentUnoTunnelId::get().getSeq();
  62 }
  63
  64 OUString SecurityEnvironmentGpg::getSecurityEnvironmentInformation()
  65 {
  66     return OUString();
  67 }
  68
  69 Sequence< Reference < XCertificate > > SecurityEnvironmentGpg::getCertificatesImpl( bool bPrivateOnly )
  70 {
  71     CertificateImpl* xCert;
  72     std::list< GpgME::Key > keyList;
  73     std::list< CertificateImpl* > certsList;
  74
  75     m_ctx->setKeyListMode(GPGME_KEYLIST_MODE_LOCAL);
  76     GpgME::Error err = m_ctx->startKeyListing("", bPrivateOnly );
  77     while (!err) {
  78         GpgME::Key k = m_ctx->nextKey(err);
  79         if (err)
  80             break;
  81         if (!k.isRevoked() && !k.isExpired() && !k.isDisabled() && !k.isInvalid()) {
  82             // We can't create CertificateImpl here as CertificateImpl::setCertificate uses GpgME API
  83             // which interrupts our key listing here. So first get the keys from GpgME, then create the CertificateImpls
  84             keyList.push_back(k);
  85         }
  86     }
  87     m_ctx->endKeyListing();
  88
  89     for (auto const& key : keyList) {
  90         xCert = new CertificateImpl();
  91         xCert->setCertificate(m_ctx.get(),key);
  92         certsList.push_back(xCert);
  93     }
  94
  95     Sequence< Reference< XCertificate > > xCertificateSequence(certsList.size());
  96     int i = 0;
  97     for (auto const& cert : certsList) {
  98         xCertificateSequence[i++] = cert;
  99     }
 100
 101     return xCertificateSequence;
 102 }
 103
 104 Sequence< Reference < XCertificate > > SecurityEnvironmentGpg::getPersonalCertificates()
 105 {
 106     return getCertificatesImpl( true );
 107 }
 108
 109 Sequence< Reference < XCertificate > > SecurityEnvironmentGpg::getAllCertificates()
 110 {
 111     return getCertificatesImpl( false );
 112 }
 113
 114 Reference< XCertificate > SecurityEnvironmentGpg::getCertificate( const OUString& keyId, const Sequence< sal_Int8 >& /*serialNumber*/ )
 115 {
 116     CertificateImpl* xCert=nullptr;
 117
 118     //xmlChar* pSignatureValue=xmlNodeGetContent(cur);
 119     OString ostr = OUStringToOString( keyId , RTL_TEXTENCODING_UTF8 );
 120     const xmlChar* strKeyId = reinterpret_cast<const xmlChar*>(ostr.getStr());
 121     if(xmlSecBase64Decode(strKeyId, const_cast<xmlSecByte*>(strKeyId), xmlStrlen(strKeyId)) < 0)
 122         throw RuntimeException("Base64 decode failed");
 123
 124     m_ctx->setKeyListMode(GPGME_KEYLIST_MODE_LOCAL);
 125     GpgME::Error err = m_ctx->startKeyListing("", false);
 126     while (!err) {
 127         GpgME::Key k = m_ctx->nextKey(err);
 128         if (err)
 129             break;
 130         if (!k.isInvalid() && strcmp(k.primaryFingerprint(), reinterpret_cast<const char*>(strKeyId)) == 0) {
 131             xCert = new CertificateImpl();
 132             xCert->setCertificate(m_ctx.get(), k);
 133             m_ctx->endKeyListing();
 134             return xCert;
 135         }
 136     }
 137     m_ctx->endKeyListing();
 138
 139     return nullptr;
 140 }
 141
 142 Sequence< Reference < XCertificate > > SecurityEnvironmentGpg::buildCertificatePath( const Reference< XCertificate >& /*begin*/ )
 143 {
 144     return Sequence< Reference < XCertificate > >();
 145 }
 146
 147 Reference< XCertificate > SecurityEnvironmentGpg::createCertificateFromRaw( const Sequence< sal_Int8 >& /*rawCertificate*/ )
 148 {
 149     return nullptr;
 150 }
 151
 152 Reference< XCertificate > SecurityEnvironmentGpg::createCertificateFromAscii( const OUString& /*asciiCertificate*/ )
 153 {
 154     return nullptr;
 155 }
 156
 157 sal_Int32 SecurityEnvironmentGpg::verifyCertificate( const Reference< XCertificate >& aCert,
 158                                                   const Sequence< Reference< XCertificate > >&  /*intermediateCerts*/ )
 159 {
 160     const CertificateImpl* xCert = dynamic_cast<CertificateImpl*>(aCert.get());
 161     if (xCert == nullptr) {
 162          // Can't find the key locally -> unknown owner
 163         return security::CertificateValidity::ISSUER_UNKNOWN;
 164     }
 165
 166     const GpgME::Key* key = xCert->getCertificate();
 167     if (key->ownerTrust() == GpgME::Key::OwnerTrust::Marginal ||
 168         key->ownerTrust() == GpgME::Key::OwnerTrust::Full ||
 169         key->ownerTrust() == GpgME::Key::OwnerTrust::Ultimate)
 170     {
 171         return security::CertificateValidity::VALID;
 172     }
 173
 174     return security::CertificateValidity::ISSUER_UNTRUSTED;
 175 }
 176
 177 sal_Int32 SecurityEnvironmentGpg::getCertificateCharacters(
 178     const Reference< XCertificate >& aCert)
 179 {
 180     const CertificateImpl* xCert;
 181     Reference< XUnoTunnel > xCertTunnel(aCert, UNO_QUERY_THROW) ;
 182     xCert = reinterpret_cast<CertificateImpl*>(sal::static_int_cast<sal_uIntPtr>(xCertTunnel->getSomething(CertificateImpl::getUnoTunnelId()))) ;
 183     if (xCert == nullptr)
 184         throw RuntimeException();
 185
 186     // we only listed private keys anyway, up in
 187     // SecurityEnvironmentGpg::getPersonalCertificates
 188     return CertificateCharacters::HAS_PRIVATE_KEY;
 189 }
 190
 191 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */