ucb/source/ucp/cmis/certvalidation_handler.cxx

   1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
   2 /*
   3  * This file is part of the LibreOffice project.
   4  *
   5  * This Source Code Form is subject to the terms of the Mozilla Public
   6  * License, v. 2.0. If a copy of the MPL was not distributed with this
   7  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
   8  *
   9  * This file incorporates work covered by the following license notice:
  10  *
  11  */
  12
  13 #include <com/sun/star/security/CertificateContainer.hpp>
  14 #include <com/sun/star/security/XCertificate.hpp>
  15 #include <com/sun/star/security/XCertificateContainer.hpp>
  16 #include <com/sun/star/xml/crypto/SEInitializer.hpp>
  17 #include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp>
  18
  19 #include <rtl/ref.hxx>
  20 #include <comphelper/sequence.hxx>
  21 #include <ucbhelper/simplecertificatevalidationrequest.hxx>
  22
  23 #include "certvalidation_handler.hxx"
  24
  25 #define STD_TO_OUSTR( str ) OUString( str.c_str(), str.length( ), RTL_TEXTENCODING_UTF8 )
  26
  27 using namespace com::sun::star;
  28
  29 namespace cmis
  30 {
  31     bool CertValidationHandler::validateCertificate( std::vector< std::string > aCertificates )
  32     {
  33         bool bValidate = false;
  34         if ( !aCertificates.empty() && m_xEnv.is() )
  35         {
  36             uno::Reference< xml::crypto::XSEInitializer > xSEInitializer;
  37             try
  38             {
  39                 xSEInitializer = xml::crypto::SEInitializer::create( m_xContext );
  40             }
  41             catch ( uno::Exception const & )
  42             {
  43             }
  44
  45             if ( xSEInitializer.is() )
  46             {
  47                 uno::Reference< xml::crypto::XXMLSecurityContext > xSecurityContext(
  48                     xSEInitializer->createSecurityContext( OUString() ) );
  49
  50                 uno::Reference< xml::crypto::XSecurityEnvironment > xSecurityEnv(
  51                         xSecurityContext->getSecurityEnvironment() );
  52
  53                 std::vector< std::string >::iterator pIt = aCertificates.begin();
  54                 std::string sCert = *pIt;
  55                 // We need to get rid of the PEM header/footer lines
  56                 OUString sCleanCert = STD_TO_OUSTR( sCert );
  57                 sCleanCert = sCleanCert.replaceAll( "-----BEGIN CERTIFICATE-----", "" );
  58                 sCleanCert = sCleanCert.replaceAll( "-----END CERTIFICATE-----", "" );
  59                 uno::Reference< security::XCertificate > xCert(
  60                         xSecurityEnv->createCertificateFromAscii(
  61                             sCleanCert ) );
  62
  63                 uno::Reference< security::XCertificateContainer > xCertificateContainer;
  64                 try
  65                 {
  66                     xCertificateContainer = security::CertificateContainer::create( m_xContext );
  67                 }
  68                 catch ( uno::Exception const & )
  69                 {
  70                 }
  71
  72                 if ( xCertificateContainer.is( ) )
  73                 {
  74                     security::CertificateContainerStatus status(
  75                         xCertificateContainer->hasCertificate(
  76                             m_sHostname, xCert->getSubjectName() ) );
  77
  78                     if ( status != security::CertificateContainerStatus_NOCERT )
  79                         return status == security::CertificateContainerStatus_TRUSTED;
  80                 }
  81
  82                 // If we had no certificate, ask what to do
  83                 std::vector< uno::Reference< security::XCertificate > > vecCerts;
  84
  85                 for ( ++pIt; pIt != aCertificates.end(); ++pIt )
  86                 {
  87                     sCert = *pIt;
  88                     uno::Reference< security::XCertificate> xImCert(
  89                         xSecurityEnv->createCertificateFromAscii(
  90                             STD_TO_OUSTR( sCert ) ) );
  91                     if ( xImCert.is() )
  92                         vecCerts.push_back( xImCert );
  93                 }
  94
  95                 sal_Int64 certValidity = xSecurityEnv->verifyCertificate( xCert,
  96                     ::comphelper::containerToSequence( vecCerts ) );
  97
  98                 uno::Reference< task::XInteractionHandler > xIH(
  99                     m_xEnv->getInteractionHandler() );
 100                 if ( xIH.is() )
 101                 {
 102                     rtl::Reference< ucbhelper::SimpleCertificateValidationRequest >
 103                         xRequest( new ucbhelper::SimpleCertificateValidationRequest(
 104                                    sal_Int32( certValidity ), xCert, m_sHostname ) );
 105                     xIH->handle( xRequest );
 106                     rtl::Reference< ucbhelper::InteractionContinuation > xSelection
 107                         = xRequest->getSelection();
 108
 109                     if ( xSelection.is() )
 110                     {
 111                         uno::Reference< task::XInteractionApprove > xApprove(
 112                             xSelection.get(), uno::UNO_QUERY );
 113                         bValidate = xApprove.is();
 114
 115                         // Store the decision in the container
 116                         xCertificateContainer->addCertificate(
 117                             m_sHostname, xCert->getSubjectName(), bValidate );
 118                     }
 119                 }
 120             }
 121         }
 122         return bValidate;
 123     }
 124 }
 125
 126 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */