search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Version 6.4.0.0.beta1, tag libreoffice-6.4.0.0.beta1
[LibreOffice.git] / xmlsecurity / source / xmlsec / nss / x509certificate_nssimpl.cxx
blob1a323d33f32fb0fcf71ebe2794810f2a1f0533f2
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3 * This file is part of the LibreOffice project.
4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 *
9 * This file incorporates work covered by the following license notice:
10 *
11 * Licensed to the Apache Software Foundation (ASF) under one or more
12 * contributor license agreements. See the NOTICE file distributed
13 * with this work for additional information regarding copyright
14 * ownership. The ASF licenses this file to you under the Apache
15 * License, Version 2.0 (the "License"); you may not use this file
16 * except in compliance with the License. You may obtain a copy of
17 * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18 */
19
20 #include "nssrenam.h"
21 #include <secder.h>
22
23 #include <cert.h>
24 #include <hasht.h>
25 #include <secoid.h>
26 #include <pk11pub.h>
27
28 #include <sal/config.h>
29 #include <comphelper/servicehelper.hxx>
30 #include <cppuhelper/supportsservice.hxx>
31 #include <rtl/ref.hxx>
32 #include "x509certificate_nssimpl.hxx"
33
34 #include <certificateextension_xmlsecimpl.hxx>
35
36 #include "sanextension_nssimpl.hxx"
37 #include <tools/time.hxx>
38 #include <svl/sigstruct.hxx>
39
40 using namespace ::com::sun::star;
41 using namespace ::com::sun::star::uno ;
42 using namespace ::com::sun::star::security ;
43
44 using ::com::sun::star::security::XCertificate ;
45 using ::com::sun::star::util::DateTime ;
46
47 X509Certificate_NssImpl::X509Certificate_NssImpl() :
48 m_pCert(nullptr)
49 {
50 }
51
52 X509Certificate_NssImpl::~X509Certificate_NssImpl() {
53 if( m_pCert != nullptr ) {
54 CERT_DestroyCertificate( m_pCert ) ;
55 }
56 }
57
58 //Methods from XCertificate
59 sal_Int16 SAL_CALL X509Certificate_NssImpl::getVersion() {
60 if( m_pCert != nullptr ) {
61 if( m_pCert->version.len > 0 ) {
62 return static_cast<char>(*( m_pCert->version.data )) ;
63 } else
64 return 0 ;
65 } else {
66 return -1 ;
67 }
68 }
69
70 css::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getSerialNumber() {
71 if( m_pCert != nullptr && m_pCert->serialNumber.len > 0 ) {
72 Sequence< sal_Int8 > serial( m_pCert->serialNumber.len ) ;
73 for( unsigned int i = 0 ; i < m_pCert->serialNumber.len ; i ++ )
74 serial[i] = *( m_pCert->serialNumber.data + i ) ;
75
76 return serial ;
77 } else {
78 return css::uno::Sequence< sal_Int8 >();
79 }
80 }
81
82 OUString SAL_CALL X509Certificate_NssImpl::getIssuerName() {
83 if( m_pCert != nullptr ) {
84 return OUString(m_pCert->issuerName , PL_strlen(m_pCert->issuerName) , RTL_TEXTENCODING_UTF8) ;
85 } else {
86 return OUString() ;
87 }
88 }
89
90 OUString SAL_CALL X509Certificate_NssImpl::getSubjectName() {
91 if( m_pCert != nullptr ) {
92 return OUString(m_pCert->subjectName , PL_strlen(m_pCert->subjectName) , RTL_TEXTENCODING_UTF8);
93 } else {
94 return OUString() ;
95 }
96 }
97
98 css::util::DateTime SAL_CALL X509Certificate_NssImpl::getNotValidBefore() {
99 if( m_pCert != nullptr ) {
100 SECStatus rv ;
101 PRTime notBefore ;
102 PRExplodedTime explTime ;
103 DateTime dateTime ;
104
105 rv = DER_DecodeTimeChoice( &notBefore, &m_pCert->validity.notBefore ) ;
106 if( rv ) {
107 return DateTime() ;
108 }
109
110 //Convert the time to readable local time
111 PR_ExplodeTime( notBefore, PR_LocalTimeParameters, &explTime ) ;
112
113 dateTime.NanoSeconds = static_cast< sal_Int32 >( explTime.tm_usec * ::tools::Time::nanoPerMicro );
114 dateTime.Seconds = static_cast< sal_Int16 >( explTime.tm_sec );
115 dateTime.Minutes = static_cast< sal_Int16 >( explTime.tm_min );
116 dateTime.Hours = static_cast< sal_Int16 >( explTime.tm_hour );
117 dateTime.Day = static_cast< sal_Int16 >( explTime.tm_mday );
118 dateTime.Month = static_cast< sal_Int16 >( explTime.tm_month+1 );
119 dateTime.Year = static_cast< sal_Int16 >( explTime.tm_year );
120
121 return dateTime ;
122 } else {
123 return DateTime() ;
124 }
125 }
126
127 css::util::DateTime SAL_CALL X509Certificate_NssImpl::getNotValidAfter() {
128 if( m_pCert != nullptr ) {
129 SECStatus rv ;
130 PRTime notAfter ;
131 PRExplodedTime explTime ;
132 DateTime dateTime ;
133
134 rv = DER_DecodeTimeChoice( &notAfter, &m_pCert->validity.notAfter ) ;
135 if( rv ) {
136 return DateTime() ;
137 }
138
139 //Convert the time to readable local time
140 PR_ExplodeTime( notAfter, PR_LocalTimeParameters, &explTime ) ;
141
142 dateTime.NanoSeconds = static_cast< sal_Int16 >( explTime.tm_usec * ::tools::Time::nanoPerMicro );
143 dateTime.Seconds = static_cast< sal_Int16 >( explTime.tm_sec );
144 dateTime.Minutes = static_cast< sal_Int16 >( explTime.tm_min );
145 dateTime.Hours = static_cast< sal_Int16 >( explTime.tm_hour );
146 dateTime.Day = static_cast< sal_Int16 >( explTime.tm_mday );
147 dateTime.Month = static_cast< sal_Int16 >( explTime.tm_month+1 );
148 dateTime.Year = static_cast< sal_Int16 >( explTime.tm_year );
149
150 return dateTime ;
151 } else {
152 return DateTime() ;
153 }
154 }
155
156 css::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getIssuerUniqueID() {
157 if( m_pCert != nullptr && m_pCert->issuerID.len > 0 ) {
158 Sequence< sal_Int8 > issuerUid( m_pCert->issuerID.len ) ;
159 for( unsigned int i = 0 ; i < m_pCert->issuerID.len ; i ++ )
160 issuerUid[i] = *( m_pCert->issuerID.data + i ) ;
161
162 return issuerUid ;
163 } else {
164 return css::uno::Sequence< sal_Int8 >();
165 }
166 }
167
168 css::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getSubjectUniqueID() {
169 if( m_pCert != nullptr && m_pCert->subjectID.len > 0 ) {
170 Sequence< sal_Int8 > subjectUid( m_pCert->subjectID.len ) ;
171 for( unsigned int i = 0 ; i < m_pCert->subjectID.len ; i ++ )
172 subjectUid[i] = *( m_pCert->subjectID.data + i ) ;
173
174 return subjectUid ;
175 } else {
176 return css::uno::Sequence< sal_Int8 >();
177 }
178 }
179
180 css::uno::Sequence< css::uno::Reference< css::security::XCertificateExtension > > SAL_CALL X509Certificate_NssImpl::getExtensions() {
181 if( m_pCert != nullptr && m_pCert->extensions != nullptr ) {
182 CERTCertExtension** extns ;
183 int len ;
184
185 for( len = 0, extns = m_pCert->extensions; *extns != nullptr; len ++, extns ++ ) ;
186 Sequence< Reference< XCertificateExtension > > xExtns( len ) ;
187
188 for( extns = m_pCert->extensions, len = 0; *extns != nullptr; extns ++, len ++ ) {
189 const SECItem id = (*extns)->id;
190 OString oidString(CERT_GetOidString(&id));
191
192 bool crit;
193 if( (*extns)->critical.data == nullptr )
194 crit = false ;
195 else
196 crit = (*extns)->critical.data[0] == 0xFF;
197
198 // remove "OID." prefix if existing
199 OString objID;
200 OString oid("OID.");
201 if (oidString.match(oid))
202 objID = oidString.copy(oid.getLength());
203 else
204 objID = oidString;
205
206 unsigned char* value = (*extns)->value.data;
207 unsigned int vlen = (*extns)->value.len;
208 unsigned char* objid = reinterpret_cast<unsigned char *>(const_cast<char *>(objID.getStr()));
209 unsigned int objidlen = objID.getLength();
210
211 if (objID == "2.5.29.17")
212 {
213 SanExtensionImpl* pExtn = new SanExtensionImpl;
214 pExtn->setCertExtn(value, vlen, objid, objidlen, crit);
215 xExtns[len] = pExtn ;
216 }
217 else
218 {
219 CertificateExtension_XmlSecImpl* pExtn = new CertificateExtension_XmlSecImpl;
220 pExtn->setCertExtn(value, vlen, objid, objidlen, crit);
221 xExtns[len] = pExtn;
222 }
223 }
224
225 return xExtns ;
226 } else {
227 return css::uno::Sequence< css::uno::Reference< css::security::XCertificateExtension > > ();
228 }
229 }
230
231 css::uno::Reference< css::security::XCertificateExtension > SAL_CALL X509Certificate_NssImpl::findCertificateExtension( const css::uno::Sequence< sal_Int8 >& oid ) {
232 if( m_pCert != nullptr && m_pCert->extensions != nullptr ) {
233 CERTCertExtension** extns ;
234 SECItem idItem ;
235
236 idItem.data = reinterpret_cast<unsigned char *>(const_cast<sal_Int8 *>(oid.getConstArray()));
237 idItem.len = oid.getLength() ;
238
239 css::uno::Reference<css::security::XCertificateExtension> xExtn;
240 for( extns = m_pCert->extensions; *extns != nullptr; extns ++ ) {
241 if( SECITEM_CompareItem( &idItem, &(*extns)->id ) == SECEqual ) {
242 const SECItem id = (*extns)->id;
243 OString objId(CERT_GetOidString(&id));
244
245 bool crit;
246 if( (*extns)->critical.data == nullptr )
247 crit = false ;
248 else
249 crit = (*extns)->critical.data[0] == 0xFF;
250
251 unsigned char* value = (*extns)->value.data;
252 unsigned int vlen = (*extns)->value.len;
253 unsigned char* objid = (*extns)->id.data;
254 unsigned int objidlen = (*extns)->id.len;
255
256 if ( objId == "OID.2.5.29.17" )
257 {
258 rtl::Reference<SanExtensionImpl> xSanImpl(
259 new SanExtensionImpl);
260 xSanImpl->setCertExtn(value, vlen, objid, objidlen, crit);
261 xExtn = xSanImpl.get();
262 }
263 else
264 {
265 rtl::Reference<CertificateExtension_XmlSecImpl> xSecImpl(
266 new CertificateExtension_XmlSecImpl);
267 xSecImpl->setCertExtn(value, vlen, objid, objidlen, crit);
268 xExtn = xSecImpl.get();
269 }
270 break;
271 }
272 }
273
274 return xExtn;
275 } else {
276 return nullptr ;
277 }
278 }
279
280
281 css::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getEncoded() {
282 if( m_pCert != nullptr && m_pCert->derCert.len > 0 ) {
283 Sequence< sal_Int8 > rawCert( m_pCert->derCert.len ) ;
284
285 for( unsigned int i = 0 ; i < m_pCert->derCert.len ; i ++ )
286 rawCert[i] = *( m_pCert->derCert.data + i ) ;
287
288 return rawCert ;
289 } else {
290 return css::uno::Sequence< sal_Int8 >();
291 }
292 }
293
294 //Helper methods
295 void X509Certificate_NssImpl::setCert( CERTCertificate* cert ) {
296 if( m_pCert != nullptr ) {
297 CERT_DestroyCertificate( m_pCert ) ;
298 m_pCert = nullptr ;
299 }
300
301 if( cert != nullptr ) {
302 m_pCert = CERT_DupCertificate( cert ) ;
303 }
304 }
305
306 const CERTCertificate* X509Certificate_NssImpl::getNssCert() const {
307 if( m_pCert != nullptr ) {
308 return m_pCert ;
309 } else {
310 return nullptr ;
311 }
312 }
313
314 void X509Certificate_NssImpl::setRawCert( const Sequence< sal_Int8 >& rawCert ) {
315 CERTCertificate* cert ;
316 SECItem certItem ;
317
318 certItem.data = reinterpret_cast<unsigned char *>(const_cast<sal_Int8 *>(rawCert.getConstArray()));
319 certItem.len = rawCert.getLength() ;
320
321 cert = CERT_DecodeDERCertificate( &certItem, PR_TRUE, nullptr ) ;
322 if( cert == nullptr )
323 throw RuntimeException() ;
324
325 if( m_pCert != nullptr ) {
326 CERT_DestroyCertificate( m_pCert ) ;
327 m_pCert = nullptr ;
328 }
329
330 m_pCert = cert ;
331 }
332
333 SECKEYPrivateKey* X509Certificate_NssImpl::getPrivateKey()
334 {
335 if (m_pCert && m_pCert->slot)
336 {
337 SECKEYPrivateKey* pPrivateKey = PK11_FindPrivateKeyFromCert(m_pCert->slot, m_pCert, nullptr);
338 if (pPrivateKey)
339 return pPrivateKey;
340 }
341 return nullptr;
342 }
343
344 /* XUnoTunnel */
345 sal_Int64 SAL_CALL X509Certificate_NssImpl::getSomething( const Sequence< sal_Int8 >& aIdentifier ) {
346 if( isUnoTunnelId<X509Certificate_NssImpl>(aIdentifier) ) {
347 return sal::static_int_cast<sal_Int64>(reinterpret_cast<sal_uIntPtr>(this));
348 }
349 return 0 ;
350 }
351
352 /* XUnoTunnel extension */
353
354 namespace
355 {
356 class theX509Certificate_NssImplUnoTunnelId : public rtl::Static< UnoTunnelIdInit, theX509Certificate_NssImplUnoTunnelId > {};
357 }
358
359 const Sequence< sal_Int8>& X509Certificate_NssImpl::getUnoTunnelId() {
360 return theX509Certificate_NssImplUnoTunnelId::get().getSeq();
361 }
362
363 static OUString getAlgorithmDescription(SECAlgorithmID const *aid)
364 {
365 SECOidTag tag;
366 tag = SECOID_GetAlgorithmTag(aid);
367
368 const char *pDesc = SECOID_FindOIDTagDescription(tag);
369
370 return OUString::createFromAscii( pDesc ) ;
371 }
372
373 static css::uno::Sequence< sal_Int8 > getThumbprint(CERTCertificate const *pCert, SECOidTag id)
374 {
375 if( pCert != nullptr )
376 {
377 SECStatus rv;
378 unsigned char fingerprint[32];
379 int length = 0;
380 switch (id)
381 {
382 case SEC_OID_MD5:
383 length = MD5_LENGTH;
384 break;
385 case SEC_OID_SHA1:
386 length = SHA1_LENGTH;
387 break;
388 case SEC_OID_SHA256:
389 length = SHA256_LENGTH;
390 break;
391 default:
392 break;
393 }
394
395 memset(fingerprint, 0, sizeof fingerprint);
396 rv = PK11_HashBuf(id, fingerprint, pCert->derCert.data, pCert->derCert.len);
397 if(rv == SECSuccess)
398 {
399 Sequence< sal_Int8 > thumbprint( length ) ;
400 for( int i = 0 ; i < length ; i ++ )
401 thumbprint[i] = fingerprint[i];
402
403 return thumbprint;
404 }
405 }
406 return css::uno::Sequence< sal_Int8 >();
407 }
408
409 OUString SAL_CALL X509Certificate_NssImpl::getSubjectPublicKeyAlgorithm()
410 {
411 if( m_pCert != nullptr )
412 {
413 return getAlgorithmDescription(&(m_pCert->subjectPublicKeyInfo.algorithm));
414 }
415 else
416 {
417 return OUString() ;
418 }
419 }
420
421 css::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getSubjectPublicKeyValue()
422 {
423 if( m_pCert != nullptr )
424 {
425 SECItem spk = m_pCert->subjectPublicKeyInfo.subjectPublicKey;
426 DER_ConvertBitString(&spk);
427
428 if ( spk.len>0)
429 {
430 Sequence< sal_Int8 > key( spk.len ) ;
431 for( unsigned int i = 0 ; i < spk.len ; i ++ )
432 {
433 key[i] = *( spk.data + i ) ;
434 }
435
436 return key ;
437 }
438 }
439
440 return css::uno::Sequence< sal_Int8 >();
441 }
442
443 OUString SAL_CALL X509Certificate_NssImpl::getSignatureAlgorithm()
444 {
445 if( m_pCert != nullptr )
446 {
447 return getAlgorithmDescription(&(m_pCert->signature));
448 }
449 else
450 {
451 return OUString() ;
452 }
453 }
454
455 svl::crypto::SignatureMethodAlgorithm X509Certificate_NssImpl::getSignatureMethodAlgorithm()
456 {
457 svl::crypto::SignatureMethodAlgorithm nRet = svl::crypto::SignatureMethodAlgorithm::RSA;
458
459 if (!m_pCert)
460 return nRet;
461
462 SECOidTag eTag = SECOID_GetAlgorithmTag(&m_pCert->subjectPublicKeyInfo.algorithm);
463 if (eTag == SEC_OID_ANSIX962_EC_PUBLIC_KEY)
464 nRet = svl::crypto::SignatureMethodAlgorithm::ECDSA;
465
466 return nRet;
467 }
468
469 css::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getSHA1Thumbprint()
470 {
471 return getThumbprint(m_pCert, SEC_OID_SHA1);
472 }
473
474 uno::Sequence<sal_Int8> X509Certificate_NssImpl::getSHA256Thumbprint()
475 {
476 return getThumbprint(m_pCert, SEC_OID_SHA256);
477 }
478
479 css::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getMD5Thumbprint()
480 {
481 return getThumbprint(m_pCert, SEC_OID_MD5);
482 }
483
484 CertificateKind SAL_CALL X509Certificate_NssImpl::getCertificateKind()
485 {
486 return CertificateKind_X509;
487 }
488
489 sal_Int32 SAL_CALL X509Certificate_NssImpl::getCertificateUsage( )
490 {
491 SECStatus rv;
492 SECItem tmpitem;
493 sal_Int32 usage;
494
495 rv = CERT_FindKeyUsageExtension(m_pCert, &tmpitem);
496 if ( rv == SECSuccess )
497 {
498 usage = tmpitem.data[0];
499 PORT_Free(tmpitem.data);
500 tmpitem.data = nullptr;
501 }
502 else
503 {
504 usage = KU_ALL;
505 }
506
507 /*
508 * to make the nss implementation compatible with MSCrypto,
509 * the following usage is ignored
510 *
511 *
512 if ( CERT_GovtApprovedBitSet(m_pCert) )
513 {
514 usage |= KU_NS_GOVT_APPROVED;
515 }
516 */
517
518 return usage;
519 }
520
521 /* XServiceInfo */
522 OUString SAL_CALL X509Certificate_NssImpl::getImplementationName()
523 {
524 return "com.sun.star.xml.security.gpg.XCertificate_NssImpl";
525 }
526
527 /* XServiceInfo */
528 sal_Bool SAL_CALL X509Certificate_NssImpl::supportsService(const OUString& serviceName)
529 {
530 return cppu::supportsService(this, serviceName);
531 }
532
533 /* XServiceInfo */
534 Sequence<OUString> SAL_CALL X509Certificate_NssImpl::getSupportedServiceNames() { return { OUString() }; }
535
536 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
FREE OFFICE SUITE