summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--xmlsecurity/prj/build.lst3
-rw-r--r--xmlsecurity/qa/certext/SanCertExt.cxx281
-rw-r--r--xmlsecurity/qa/certext/User_35_Root_11.crt64
-rw-r--r--xmlsecurity/qa/certext/export.map34
-rw-r--r--xmlsecurity/qa/certext/makefile.mk71
-rw-r--r--xmlsecurity/source/xmlsec/mscrypt/makefile.mk3
-rw-r--r--xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx182
-rw-r--r--xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.hxx84
-rw-r--r--xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.hxx3
-rw-r--r--xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx9
-rw-r--r--xmlsecurity/source/xmlsec/nss/makefile.mk3
-rw-r--r--xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.cxx244
-rw-r--r--xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.hxx77
-rw-r--r--xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx28
-rw-r--r--xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx29
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt1
-rw-r--r--xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1022.pem64
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/demoCA/serial2
-rwxr-xr-xxmlsecurity/test_docs/CAs/Root_11/openssl.cfg17
-rw-r--r--xmlsecurity/test_docs/certs/end_certs/User_35_Root_11.crt64
20 files changed, 1235 insertions, 28 deletions
diff --git a/xmlsecurity/prj/build.lst b/xmlsecurity/prj/build.lst
index 54326d4fe..f480685a7 100644
--- a/xmlsecurity/prj/build.lst
+++ b/xmlsecurity/prj/build.lst
@@ -1,4 +1,4 @@
-xs xmlsecurity : L10N:l10n xmloff unotools offapi unoil svx MOZ:moz SO:moz_prebuilt LIBXMLSEC:libxmlsec NSS:nss LIBXSLT:libxslt NULL
+xs xmlsecurity : L10N:l10n xmloff unotools offapi unoil svx MOZ:moz SO:moz_prebuilt LIBXMLSEC:libxmlsec NSS:nss LIBXSLT:libxslt NEON:neon NULL
xs xmlsecurity usr1 - all xs_mkout NULL
xs xmlsecurity\inc nmake - all xs_inc NULL
xs xmlsecurity\source\framework nmake - all xs_fw xs_inc NULL
@@ -9,3 +9,4 @@ xs xmlsecurity\source\helper nmake - al
xs xmlsecurity\source\dialogs nmake - all xs_dialogs xs_inc NULL
xs xmlsecurity\source\component nmake - all xs_component xs_inc NULL
xs xmlsecurity\util nmake - all xs_util xs_fw xs_xmlsec xs_nss xs_mscrypt xs_helper xs_dialogs xs_component NULL
+xs xmlsecurity\qa\certext nmake - all xs_certext xs_util NULL
diff --git a/xmlsecurity/qa/certext/SanCertExt.cxx b/xmlsecurity/qa/certext/SanCertExt.cxx
new file mode 100644
index 000000000..43b342006
--- /dev/null
+++ b/xmlsecurity/qa/certext/SanCertExt.cxx
@@ -0,0 +1,281 @@
+/*************************************************************************
+*
+* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+*
+* Copyright 2000, 2010 Oracle and/or its affiliates.
+*
+* OpenOffice.org - a multi-platform office productivity suite
+*
+* This file is part of OpenOffice.org.
+*
+* OpenOffice.org is free software: you can redistribute it and/or modify
+* it under the terms of the GNU Lesser General Public License version 3
+* only, as published by the Free Software Foundation.
+*
+* OpenOffice.org is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU Lesser General Public License version 3 for more details
+* (a copy is included in the LICENSE file that accompanied this code).
+*
+* You should have received a copy of the GNU Lesser General Public License
+* version 3 along with OpenOffice.org. If not, see
+* <http://www.openoffice.org/license.html>
+* for a copy of the LGPLv3 License.
+*
+************************************************************************/
+
+#include "precompiled_xmlsecurity.hxx"
+#include "sal/config.h"
+#include "test/officeconnection.hxx"
+
+#include <com/sun/star/security/XSanExtension.hpp>
+#include <com/sun/star/security/ExtAltNameType.hpp>
+#include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp>
+#include <com/sun/star/xml/crypto/XSEInitializer.hpp>
+#include <com/sun/star/xml/crypto/XXMLSecurityContext.hpp>
+#include <com/sun/star/security/XCertificate.hpp>
+#include <com/sun/star/lang/XMultiServiceFactory.hpp>
+#include <com/sun/star/beans/NamedValue.hpp>
+#include "com/sun/star/uno/XComponentContext.hpp"
+#include "com/sun/star/uno/Reference.hxx"
+
+#include "cppuhelper/bootstrap.hxx"
+#include "cppunit/TestAssert.h"
+#include "cppunit/TestFixture.h"
+#include "cppunit/extensions/HelperMacros.h"
+#include "cppunit/plugin/TestPlugIn.h"
+#include "sal/types.h"
+#include "comphelper/sequence.hxx"
+#include <rtl/ustring.hxx>
+
+#include <neon/ne_ssl.h>
+
+using namespace com::sun::star;
+
+#define OID_SUBJECT_ALTERNATIVE_NAME "2.5.29.17"
+#define SEINITIALIZER_COMPONENT "com.sun.star.xml.crypto.SEInitializer"
+
+
+namespace {
+
+ class Test: public CppUnit::TestFixture {
+
+ private:
+ static uno::Sequence< security::CertAltNameEntry > altNames;
+ static bool runOnce;
+
+ uno::Reference< xml::crypto::XSecurityEnvironment > initUno();
+ void init();
+ rtl::OString getB64CertFromFile(const char filename[]);
+ test::OfficeConnection connection_;
+
+ public:
+
+ Test();
+
+ ~Test();
+
+ virtual void setUp();
+
+ virtual void tearDown();
+
+ void test_Others();
+
+ void test_RFC822();
+
+ void test_DNS();
+
+ void test_Direcory();
+
+ void test_URI();
+
+ void test_IP();
+
+ void test_RID();
+
+ void test_EDI();
+
+ void test_X400();
+
+ CPPUNIT_TEST_SUITE(Test);
+ CPPUNIT_TEST(test_Others);
+ CPPUNIT_TEST(test_RFC822);
+ CPPUNIT_TEST(test_DNS);
+ CPPUNIT_TEST(test_Direcory);
+ CPPUNIT_TEST(test_URI);
+ CPPUNIT_TEST(test_IP);
+ CPPUNIT_TEST(test_RID);
+ CPPUNIT_TEST(test_EDI);
+ CPPUNIT_TEST(test_X400);
+ CPPUNIT_TEST_SUITE_END();
+ };
+
+ uno::Sequence< security::CertAltNameEntry > Test::altNames;
+ bool Test::runOnce = false;
+
+ CPPUNIT_TEST_SUITE_REGISTRATION(Test);
+
+ Test::Test()
+ {
+ if (runOnce)
+ return;
+ runOnce = true;
+ connection_.setUp();
+ init();
+ }
+
+ Test::~Test()
+ {
+ if (runOnce)
+ {
+ connection_.tearDown();
+ runOnce = false;
+ }
+ }
+
+
+ uno::Reference< xml::crypto::XSecurityEnvironment > Test::initUno()
+ {
+ uno::Reference< uno::XComponentContext > context(connection_.getComponentContext(), uno::UNO_QUERY_THROW);
+ uno::Reference< lang::XMultiServiceFactory > factory(context->getServiceManager(), uno::UNO_QUERY_THROW);
+ uno::Reference< xml::crypto::XSEInitializer > xSEInitializer(factory->createInstance(
+ rtl::OUString::createFromAscii( SEINITIALIZER_COMPONENT )), uno::UNO_QUERY_THROW);
+ uno::Reference< xml::crypto::XXMLSecurityContext > xSecurityContext(
+ xSEInitializer->createSecurityContext(rtl::OUString()));
+ return xSecurityContext->getSecurityEnvironment();
+ }
+
+
+ void Test::init()
+ {
+ uno::Reference< xml::crypto::XSecurityEnvironment > xSecurityEnv = initUno();
+ rtl::OString b64Cert(getB64CertFromFile("User_35_Root_11.crt"));
+ uno::Reference< security::XCertificate > xCert = xSecurityEnv->createCertificateFromAscii(
+ rtl::OStringToOUString( b64Cert, RTL_TEXTENCODING_ASCII_US ) );
+ uno::Sequence< uno::Reference< security::XCertificateExtension > > extensions = xCert->getExtensions();
+ for (sal_Int32 i = 0 ; i < extensions.getLength(); i++)
+ {
+ uno::Reference< security::XCertificateExtension >element = extensions[i];
+ rtl::OString aId ( (const sal_Char *)element->getExtensionId().getArray(), element->getExtensionId().getLength());
+ if (aId.equals(OID_SUBJECT_ALTERNATIVE_NAME))
+ {
+ uno::Reference< security::XSanExtension > sanExtension ( element, uno::UNO_QUERY );
+ altNames = sanExtension->getAlternativeNames();
+ break;
+ }
+ }
+ }
+
+ rtl::OString Test::getB64CertFromFile(const char filename[])
+ {
+ ne_ssl_certificate* cert = ne_ssl_cert_read(filename);
+ char* certExportB64 = ne_ssl_cert_export(cert);
+ rtl::OString certB64( certExportB64 );
+ return certB64;
+ }
+
+
+ void Test::setUp() {
+ }
+
+ void Test::tearDown() {
+ }
+
+ void Test::test_Others() {
+ CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( altNames.getLength() > 0 ) );
+ for(int n = 1; n < altNames.getLength(); n++)
+ {
+ if (altNames[n].Type == security::ExtAltNameType_OTHER_NAME)
+ {
+ ::com::sun::star::beans::NamedValue otherNameProp;
+ if (altNames[n].Value >>= otherNameProp)
+ {
+ CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("1.2.3.4"), otherNameProp.Name);
+ uno::Sequence< sal_Int8 > ipAddress;
+ otherNameProp.Value >>= ipAddress;
+ CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( ipAddress.getLength() > 0 ) );
+ }
+ }
+ }
+ }
+
+ void Test::test_RFC822() {
+ CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( altNames.getLength() > 0 ) );
+ for(int n = 1; n < altNames.getLength(); n++)
+ {
+ if (altNames[n].Type == security::ExtAltNameType_RFC822_NAME)
+ {
+ rtl::OUString value;
+ altNames[n].Value >>= value;
+ CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("my@other.address"), value);
+ }
+ }
+ }
+
+ void Test::test_DNS() {
+ CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( altNames.getLength() > 0 ) );
+ for(int n = 1; n < altNames.getLength(); n++)
+ {
+ if (altNames[n].Type == security::ExtAltNameType_DNS_NAME)
+ {
+ rtl::OUString value;
+ altNames[n].Value >>= value;
+ CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("alt.openoffice.org"), value);
+ }
+ }
+ }
+
+ void Test::test_Direcory() {
+ // Not implemented
+ }
+
+ void Test::test_URI() {
+ CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( altNames.getLength() > 0 ) );
+ for(int n = 1; n < altNames.getLength(); n++)
+ {
+ if (altNames[n].Type == security::ExtAltNameType_URL)
+ {
+ rtl::OUString value;
+ altNames[n].Value >>= value;
+ CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("http://my.url.here/"), value);
+ }
+ }
+ }
+
+ void Test::test_IP() {
+ CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( altNames.getLength() > 0 ) );
+ for(int n = 1; n < altNames.getLength(); n++)
+ {
+ if (altNames[n].Type == security::ExtAltNameType_IP_ADDRESS)
+ {
+ uno::Sequence< sal_Int8 > ipAddress;
+ altNames[n].Value >>= ipAddress;
+ CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( ipAddress.getLength() > 0 ) );
+ }
+ }
+
+ }
+
+ void Test::test_RID() {
+ CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( altNames.getLength() > 0 ) );
+ for(int n = 1; n < altNames.getLength(); n++)
+ {
+ if (altNames[n].Type == security::ExtAltNameType_REGISTERED_ID)
+ {
+ rtl::OUString value;
+ altNames[n].Value >>= value;
+ CPPUNIT_ASSERT( rtl::OUString::createFromAscii("1.2.3.4").equals(value));
+ }
+ }
+ }
+
+ void Test::test_EDI() {
+ // Not implemented
+ }
+
+ void Test::test_X400() {
+ // Not implemented
+ }
+}
+CPPUNIT_PLUGIN_IMPLEMENT();
diff --git a/xmlsecurity/qa/certext/User_35_Root_11.crt b/xmlsecurity/qa/certext/User_35_Root_11.crt
new file mode 100644
index 000000000..690260575
--- /dev/null
+++ b/xmlsecurity/qa/certext/User_35_Root_11.crt
@@ -0,0 +1,64 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4130 (0x1022)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Nov 8 10:51:39 2010 GMT
+ Not After : Nov 8 10:51:39 2011 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=User 35
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:9b:36:00:64:f3:ce:93:97:62:19:fa:78:d9:6f:
+ 92:6a:b9:d2:9a:4e:06:2c:02:52:cd:93:50:84:28:
+ 19:42:a2:4a:34:e2:cd:e6:b0:39:7a:c8:4d:84:bc:
+ 71:51:ed:5d:6c:7e:f9:cc:01:5a:4b:73:50:a9:3b:
+ 5d:ad:cc:89:f7:dc:e0:dd:0a:ff:48:01:a9:34:19:
+ c0:6a:ee:4b:20:f4:cf:3c:94:c1:ae:88:0f:c9:42:
+ 1a:a6:47:31:fe:37:04:00:bb:ec:07:5f:cb:ee:70:
+ c4:c7:7c:6f:ee:03:19:76:de:0b:df:d0:48:91:67:
+ 55:9b:90:91:f4:ce:56:04:d5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 91:47:AC:29:95:5D:EF:72:14:8F:82:45:07:E2:94:49:75:C6:7D:73
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DNS:alt.openoffice.org, IP Address:192.168.7.1, IP Address:13:0:0:0:0:0:0:17, email:my@other.address, Registered ID:1.2.3.4, othername:<unsupported>, DirName:/C=DE/O=OpenOffice.org/OU=Development/CN=User 32 Root 11, URI:http://my.url.here/
+ Signature Algorithm: sha1WithRSAEncryption
+ 6e:80:e6:1e:86:3d:d2:65:a6:17:fa:80:2d:2e:dc:85:32:05:
+ a1:69:82:e1:79:d1:dc:de:69:cd:9e:f0:cc:90:75:a9:45:ee:
+ 73:46:fe:29:69:c0:99:bb:fc:3a:db:c0:5f:69:c6:b7:ea:9a:
+ 63:b2:8e:29:2c:a5:5a:88:88:94:75:4b:ab:0a:72:f6:3a:aa:
+ 5d:6b:3a:5c:b6:9b:57:f5:c1:51:af:df:3c:a6:8a:a3:da:70:
+ 66:61:49:12:06:78:98:9f:bc:78:3c:43:6d:08:94:aa:32:b6:
+ f3:cc:af:0d:29:fe:96:47:7d:fe:4a:61:48:90:11:0b:bd:0f:
+ a0:fd
+-----BEGIN CERTIFICATE-----
+MIIDajCCAtOgAwIBAgICECIwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDExMDgxMDUx
+MzlaFw0xMTExMDgxMDUxMzlaMGAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxEDAOBgNVBAMTB1VzZXIgMzUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+AJs2AGTzzpOXYhn6eNlvkmq50ppOBiwCUs2TUIQoGUKiSjTizeawOXrITYS8cVHt
+XWx++cwBWktzUKk7Xa3Miffc4N0K/0gBqTQZwGruSyD0zzyUwa6ID8lCGqZHMf43
+BAC77Adfy+5wxMd8b+4DGXbeC9/QSJFnVZuQkfTOVgTVAgMBAAGjggExMIIBLTAL
+BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJFHrCmVXe9yFI+CRQfilEl1xn1zMB8GA1Ud
+IwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMIHdBgNVHREEgdUwgdKCEmFsdC5v
+cGVub2ZmaWNlLm9yZ4cEwKgHAYcQABMAAAAAAAAAAAAAAAAAF4EQbXlAb3RoZXIu
+YWRkcmVzc4gDKgMEoB4GAyoDBKAXDBVzb21lIG90aGVyIGlkZW50aWZpZXKkWDBW
+MQswCQYDVQQGEwJERTEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT
+C0RldmVsb3BtZW50MRgwFgYDVQQDEw9Vc2VyIDMyIFJvb3QgMTGGE2h0dHA6Ly9t
+eS51cmwuaGVyZS8wDQYJKoZIhvcNAQEFBQADgYEAboDmHoY90mWmF/qALS7chTIF
+oWmC4XnR3N5pzZ7wzJB1qUXuc0b+KWnAmbv8OtvAX2nGt+qaY7KOKSylWoiIlHVL
+qwpy9jqqXWs6XLabV/XBUa/fPKaKo9pwZmFJEgZ4mJ+8eDxDbQiUqjK288yvDSn+
+lkd9/kphSJARC70PoP0=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/qa/certext/export.map b/xmlsecurity/qa/certext/export.map
new file mode 100644
index 000000000..0dbbcc5a7
--- /dev/null
+++ b/xmlsecurity/qa/certext/export.map
@@ -0,0 +1,34 @@
+#*************************************************************************
+#
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# Copyright 2000, 2010 Oracle and/or its affiliates.
+#
+# OpenOffice.org - a multi-platform office productivity suite
+#
+# This file is part of OpenOffice.org.
+#
+# OpenOffice.org is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License version 3
+# only, as published by the Free Software Foundation.
+#
+# OpenOffice.org is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Lesser General Public License version 3 for more details
+# (a copy is included in the LICENSE file that accompanied this code).
+#
+# You should have received a copy of the GNU Lesser General Public License
+# version 3 along with OpenOffice.org. If not, see
+# <http://www.openoffice.org/license.html>
+# for a copy of the LGPLv3 License.
+#
+#*************************************************************************
+
+UDK_3_0_0 {
+ global:
+ cppunitTestPlugIn;
+
+ local:
+ *;
+};
diff --git a/xmlsecurity/qa/certext/makefile.mk b/xmlsecurity/qa/certext/makefile.mk
new file mode 100644
index 000000000..8cf90b4b4
--- /dev/null
+++ b/xmlsecurity/qa/certext/makefile.mk
@@ -0,0 +1,71 @@
+#*************************************************************************
+#
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# Copyright 2000, 2010 Oracle and/or its affiliates.
+#
+# OpenOffice.org - a multi-platform office productivity suite
+#
+# This file is part of OpenOffice.org.
+#
+# OpenOffice.org is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License version 3
+# only, as published by the Free Software Foundation.
+#
+# OpenOffice.org is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Lesser General Public License version 3 for more details
+# (a copy is included in the LICENSE file that accompanied this code).
+#
+# You should have received a copy of the GNU Lesser General Public License
+# version 3 along with OpenOffice.org. If not, see
+# <http://www.openoffice.org/license.html>
+# for a copy of the LGPLv3 License.
+#
+#***********************************************************************/
+.IF "$(OOO_SUBSEQUENT_TESTS)" == ""
+nothing .PHONY:
+.ELSE
+
+PRJ = ../..
+PRJNAME = xmlsecurity
+TARGET = qa_certext
+
+ENABLE_EXCEPTIONS = TRUE
+
+.INCLUDE: settings.mk
+.INCLUDE : $(PRJ)$/util$/target.pmk
+
+CFLAGSCXX += $(CPPUNIT_CFLAGS)
+
+SHL1IMPLIB = i$(SHL1TARGET)
+SHL1OBJS = $(SLOFILES)
+SHL1RPATH = NONE
+SHL1STDLIBS = $(CPPUNITLIB) \
+ $(SALLIB) \
+ $(NEON3RDLIB) \
+ $(CPPULIB) \
+ $(XMLOFFLIB) \
+ $(CPPUHELPERLIB) \
+ $(SVLLIB) \
+ $(TOOLSLIB) \
+ $(COMPHELPERLIB) \
+ $(TESTLIB)
+
+SHL1TARGET = qa_CertExt
+SHL1VERSIONMAP = $(PRJ)/qa/certext/export.map
+DEF1NAME = $(SHL1TARGET)
+
+SLOFILES = $(SLO)/SanCertExt.obj
+
+.INCLUDE: target.mk
+.INCLUDE: installationtest.mk
+
+ALLTAR : cpptest
+
+cpptest : $(SHL1TARGETN)
+
+CPPTEST_LIBRARY = $(SHL1TARGETN)
+
+.END \ No newline at end of file
diff --git a/xmlsecurity/source/xmlsec/mscrypt/makefile.mk b/xmlsecurity/source/xmlsec/mscrypt/makefile.mk
index 20153edf1..2287266de 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/makefile.mk
+++ b/xmlsecurity/source/xmlsec/mscrypt/makefile.mk
@@ -63,7 +63,8 @@ SLOFILES = \
$(SLO)$/xmlsignature_mscryptimpl.obj \
$(SLO)$/x509certificate_mscryptimpl.obj \
$(SLO)$/seinitializer_mscryptimpl.obj \
- $(SLO)$/xsec_mscrypt.obj
+ $(SLO)$/xsec_mscrypt.obj \
+ $(SLO)$/sanextension_mscryptimpl.obj
.ENDIF
diff --git a/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx
new file mode 100644
index 000000000..0a447280d
--- /dev/null
+++ b/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx
@@ -0,0 +1,182 @@
+/*************************************************************************
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * Copyright 2000, 2010 Oracle and/or its affiliates.
+ *
+ * OpenOffice.org - a multi-platform office productivity suite
+ *
+ * This file is part of OpenOffice.org.
+ *
+ * OpenOffice.org is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 3
+ * only, as published by the Free Software Foundation.
+ *
+ * OpenOffice.org is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License version 3 for more details
+ * (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * version 3 along with OpenOffice.org. If not, see
+ * <http://www.openoffice.org/license.html>
+ * for a copy of the LGPLv3 License.
+ *
+ ************************************************************************/
+
+// MARKER(update_precomp.py): autogen include statement, do not remove
+#include "precompiled_xmlsecurity.hxx"
+#include <sal/config.h>
+#include <rtl/uuid.h>
+#include <rtl/ustring.hxx>
+#include <com/sun/star/security/ExtAltNameType.hpp>
+#include <com/sun/star/security/CertAltNameEntry.hpp>
+#include <com/sun/star/beans/NamedValue.hpp>
+#include <com/sun/star/uno/Reference.hxx>
+#include <comphelper/sequence.hxx>
+
+
+#ifndef _SANEXTENSION_MSCRYPTIMPL_HXX_
+#include "sanextension_mscryptimpl.hxx"
+#endif
+
+using namespace ::com::sun::star;
+using namespace ::com::sun::star::uno ;
+using namespace ::com::sun::star::security ;
+using ::rtl::OUString ;
+
+using ::com::sun::star::security::XCertificateExtension ;
+
+
+SanExtensionImpl :: SanExtensionImpl() :
+ m_critical( sal_False )
+{
+}
+
+SanExtensionImpl :: ~SanExtensionImpl() {
+}
+
+
+//Methods from XCertificateExtension
+sal_Bool SAL_CALL SanExtensionImpl :: isCritical() throw( ::com::sun::star::uno::RuntimeException ) {
+ return m_critical ;
+}
+
+::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL SanExtensionImpl :: getExtensionId() throw( ::com::sun::star::uno::RuntimeException ) {
+ return m_xExtnId ;
+}
+
+::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL SanExtensionImpl :: getExtensionValue() throw( ::com::sun::star::uno::RuntimeException ) {
+ return m_xExtnValue ;
+}
+
+//Methods from XSanExtension
+::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > SAL_CALL SanExtensionImpl :: getAlternativeNames() throw( ::com::sun::star::uno::RuntimeException ){
+
+ if (!m_Entries.hasElements())
+ {
+ CERT_ALT_NAME_INFO *subjectName;
+ DWORD size;
+ CryptDecodeObjectEx(X509_ASN_ENCODING, X509_ALTERNATE_NAME, (unsigned char*) m_xExtnValue.getArray(), m_xExtnValue.getLength(), CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,&subjectName, &size);
+
+ CertAltNameEntry* arrCertAltNameEntry = new CertAltNameEntry[subjectName->cAltEntry];
+
+ for (unsigned int i = 0; i < (unsigned int)subjectName->cAltEntry; i++){
+ PCERT_ALT_NAME_ENTRY pEntry = &subjectName->rgAltEntry[i];
+
+ switch(pEntry->dwAltNameChoice) {
+ case CERT_ALT_NAME_OTHER_NAME :
+ {
+ arrCertAltNameEntry[i].Type = ExtAltNameType_OTHER_NAME;
+ PCERT_OTHER_NAME pOtherName = pEntry->pOtherName;
+
+ ::com::sun::star::beans::NamedValue otherNameProp;
+ otherNameProp.Name = ::rtl::OUString::createFromAscii(pOtherName->pszObjId);
+
+ Sequence< sal_Int8 > otherName( pOtherName->Value.cbData ) ;
+ for( unsigned int n = 0; n < (unsigned int) pOtherName->Value.cbData ; n ++ )
+ otherName[n] = *( pOtherName->Value.pbData + n ) ;
+
+ otherNameProp.Value <<= otherName;
+
+ arrCertAltNameEntry[i].Value <<= otherNameProp;
+ break;
+ }
+ case CERT_ALT_NAME_RFC822_NAME :
+ arrCertAltNameEntry[i].Type = ExtAltNameType_RFC822_NAME;
+ arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Unicode*)pEntry->pwszRfc822Name);
+ break;
+ case CERT_ALT_NAME_DNS_NAME :
+ arrCertAltNameEntry[i].Type = ExtAltNameType_DNS_NAME;
+ arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Unicode*)pEntry->pwszDNSName);
+ break;
+ case CERT_ALT_NAME_DIRECTORY_NAME :
+ {
+ arrCertAltNameEntry[i].Type = ExtAltNameType_DIRECTORY_NAME;
+ break;
+ }
+ case CERT_ALT_NAME_URL :
+ arrCertAltNameEntry[i].Type = ExtAltNameType_URL;
+ arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Unicode*)pEntry->pwszURL);
+ break;
+ case CERT_ALT_NAME_IP_ADDRESS :
+ {
+ arrCertAltNameEntry[i].Type = ExtAltNameType_IP_ADDRESS;
+
+ Sequence< sal_Int8 > ipAddress( pEntry->IPAddress.cbData ) ;
+ for( unsigned int n = 0; n < pEntry->IPAddress.cbData ; n ++ )
+ ipAddress[n] = *( pEntry->IPAddress.pbData + n ) ;
+
+ arrCertAltNameEntry[i].Value <<= ipAddress;
+ break;
+ }
+ case CERT_ALT_NAME_REGISTERED_ID :
+ arrCertAltNameEntry[i].Type = ExtAltNameType_REGISTERED_ID;
+ arrCertAltNameEntry[i].Value <<= ::rtl::OUString::createFromAscii(pEntry->pszRegisteredID);
+ break;
+ }
+ }
+ m_Entries = ::comphelper::arrayToSequence< com::sun::star::security::CertAltNameEntry >(arrCertAltNameEntry, subjectName->cAltEntry);
+
+ delete [] arrCertAltNameEntry;
+ }
+
+ return m_Entries;
+}
+
+//Helper method
+void SanExtensionImpl :: setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) {
+ m_critical = critical ;
+ m_xExtnId = extnId ;
+ m_xExtnValue = extnValue ;
+}
+
+void SanExtensionImpl :: setCertExtn( unsigned char* value, unsigned int vlen, unsigned char* id, unsigned int idlen, sal_Bool critical ) {
+ unsigned int i ;
+ if( value != NULL && vlen != 0 ) {
+ Sequence< sal_Int8 > extnv( vlen ) ;
+ for( i = 0; i < vlen ; i ++ )
+ extnv[i] = *( value + i ) ;
+
+ m_xExtnValue = extnv ;
+ } else {
+ m_xExtnValue = Sequence<sal_Int8>();
+ }
+
+ if( id != NULL && idlen != 0 ) {
+ Sequence< sal_Int8 > extnId( idlen ) ;
+ for( i = 0; i < idlen ; i ++ )
+ extnId[i] = *( id + i ) ;
+
+ m_xExtnId = extnId ;
+ } else {
+ m_xExtnId = Sequence<sal_Int8>();
+ }
+
+ m_critical = critical ;
+}
+
+void SanExtensionImpl :: extractCertExt () {
+}
+
diff --git a/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.hxx b/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.hxx
new file mode 100644
index 000000000..7b4a3f602
--- /dev/null
+++ b/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.hxx
@@ -0,0 +1,84 @@
+/*************************************************************************
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * Copyright 2000, 2010 Oracle and/or its affiliates.
+ *
+ * OpenOffice.org - a multi-platform office productivity suite
+ *
+ * This file is part of OpenOffice.org.
+ *
+ * OpenOffice.org is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 3
+ * only, as published by the Free Software Foundation.
+ *
+ * OpenOffice.org is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License version 3 for more details
+ * (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * version 3 along with OpenOffice.org. If not, see
+ * <http://www.openoffice.org/license.html>
+ * for a copy of the LGPLv3 License.
+ *
+ ************************************************************************/
+
+#ifndef _SANEXTENSION_MSCRYPTIMPL_HXX_
+#define _SANEXTENSION_MSCRYPTIMPL_HXX_
+
+#ifdef _MSC_VER
+#pragma warning(push,1)
+#endif
+#include "Windows.h"
+#include "WinCrypt.h"
+#ifdef _MSC_VER
+#pragma warning(pop)
+#endif
+#include <sal/config.h>
+#include <rtl/ustring.hxx>
+#include <cppuhelper/factory.hxx>
+#include <cppuhelper/implbase1.hxx>
+#include <com/sun/star/uno/Exception.hpp>
+#include "com/sun/star/uno/SecurityException.hpp"
+#include <com/sun/star/uno/Exception.hpp>
+#include <com/sun/star/security/XCertificateExtension.hpp>
+#include <com/sun/star/security/XSanExtension.hpp>
+#include <com/sun/star/security/CertAltNameEntry.hpp>
+
+class SanExtensionImpl : public ::cppu::WeakImplHelper1<
+ ::com::sun::star::security::XSanExtension >
+{
+ private :
+ sal_Bool m_critical ;
+ ::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnId ;
+ ::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnValue ;
+
+ ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > m_Entries;
+
+ public :
+ SanExtensionImpl() ;
+ virtual ~SanExtensionImpl() ;
+
+ //Methods from XCertificateExtension
+ virtual sal_Bool SAL_CALL isCritical() throw( ::com::sun::star::uno::RuntimeException ) ;
+
+ virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getExtensionId() throw( ::com::sun::star::uno::RuntimeException ) ;
+
+ virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getExtensionValue() throw( ::com::sun::star::uno::RuntimeException ) ;
+
+ //Methods from XSanExtension
+
+ virtual ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > SAL_CALL getAlternativeNames() throw( ::com::sun::star::uno::RuntimeException ) ;
+
+ //Helper method
+ void setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) ;
+
+ void setCertExtn( unsigned char* value, unsigned int vlen, unsigned char* id, unsigned int idlen, sal_Bool critical ) ;
+
+ void extractCertExt() ;
+} ;
+
+#endif // _CERTIFICATEEXTENSION_XMLSECIMPL_HXX_
+
diff --git a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.hxx b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.hxx
index 5893840e6..091ff94a9 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.hxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.hxx
@@ -60,6 +60,9 @@
#include <list>
#include "xmlsec/xmlsec.h"
+#include "sal/types.h"
+
+
class SecurityEnvironment_MSCryptImpl : public ::cppu::WeakImplHelper4<
::com::sun::star::xml::crypto::XSecurityEnvironment ,
::com::sun::star::lang::XInitialization ,
diff --git a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx
index 91b27744f..61e689782 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx
@@ -31,6 +31,7 @@
#include <rtl/uuid.h>
#include "x509certificate_mscryptimpl.hxx"
#include "certificateextension_xmlsecimpl.hxx"
+#include "sanextension_mscryptimpl.hxx"
//MM : added by MM
#include "oid.hxx"
@@ -392,7 +393,13 @@ sal_Int16 SAL_CALL X509Certificate_MSCryptImpl :: getVersion() throw ( ::com::su
for( unsigned int i = 0; i < m_pCertContext->pCertInfo->cExtension; i++ ) {
pExtn = &(m_pCertContext->pCertInfo->rgExtension[i]) ;
- xExtn = new CertificateExtension_XmlSecImpl() ;
+
+ ::rtl::OUString objId = ::rtl::OUString::createFromAscii( pExtn->pszObjId );
+
+ if ( objId.equalsAscii("2.5.29.17") )
+ xExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ;
+ else
+ xExtn = new CertificateExtension_XmlSecImpl() ;
if( xExtn == NULL )
throw RuntimeException() ;
diff --git a/xmlsecurity/source/xmlsec/nss/makefile.mk b/xmlsecurity/source/xmlsec/nss/makefile.mk
index 227b6de88..f4ba0bde7 100644
--- a/xmlsecurity/source/xmlsec/nss/makefile.mk
+++ b/xmlsecurity/source/xmlsec/nss/makefile.mk
@@ -131,7 +131,8 @@ SLOFILES = \
$(SLO)$/x509certificate_nssimpl.obj \
$(SLO)$/seinitializer_nssimpl.obj \
$(SLO)$/xsec_nss.obj \
- $(SLO)$/secerror.obj
+ $(SLO)$/sanextension_nssimpl.obj \
+ $(SLO)$/secerror.obj
diff --git a/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.cxx
new file mode 100644
index 000000000..e15bc0c86
--- /dev/null
+++ b/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.cxx
@@ -0,0 +1,244 @@
+/*************************************************************************
+*
+* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+*
+* Copyright 2000, 2010 Oracle and/or its affiliates.
+*
+* OpenOffice.org - a multi-platform office productivity suite
+*
+* This file is part of OpenOffice.org.
+*
+* OpenOffice.org is free software: you can redistribute it and/or modify
+* it under the terms of the GNU Lesser General Public License version 3
+* only, as published by the Free Software Foundation.
+*
+* OpenOffice.org is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU Lesser General Public License version 3 for more details
+* (a copy is included in the LICENSE file that accompanied this code).
+*
+* You should have received a copy of the GNU Lesser General Public License
+* version 3 along with OpenOffice.org. If not, see
+* <http://www.openoffice.org/license.html>
+* for a copy of the LGPLv3 License.
+*
+************************************************************************/
+
+// MARKER(update_precomp.py): autogen include statement, do not remove
+#include "precompiled_xmlsecurity.hxx"
+#include <sal/config.h>
+#include <rtl/uuid.h>
+#include <rtl/ustring.hxx>
+#include <com/sun/star/security/ExtAltNameType.hpp>
+#include <com/sun/star/security/CertAltNameEntry.hpp>
+#include <com/sun/star/beans/PropertyValue.hpp>
+#include <com/sun/star/uno/Reference.hxx>
+#include <comphelper/sequence.hxx>
+#include <seccomon.h>
+#include <cert.h>
+#include <certt.h>
+#include <secitem.h>
+#include <secport.h>
+
+
+#ifndef _SANEXTENSION_NSSIMPL_HXX_
+#include "sanextension_nssimpl.hxx"
+#endif
+
+using namespace ::com::sun::star;
+using namespace ::com::sun::star::uno ;
+using namespace ::com::sun::star::security ;
+using ::rtl::OUString ;
+
+using ::com::sun::star::security::XCertificateExtension ;
+
+
+SanExtensionImpl :: SanExtensionImpl() :
+m_critical( sal_False )
+{
+}
+
+SanExtensionImpl :: ~SanExtensionImpl() {
+}
+
+
+//Methods from XCertificateExtension
+sal_Bool SAL_CALL SanExtensionImpl :: isCritical() throw( ::com::sun::star::uno::RuntimeException ) {
+ return m_critical ;
+}
+
+::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL SanExtensionImpl :: getExtensionId() throw( ::com::sun::star::uno::RuntimeException ) {
+ return m_xExtnId ;
+}
+
+::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL SanExtensionImpl :: getExtensionValue() throw( ::com::sun::star::uno::RuntimeException ) {
+ return m_xExtnValue ;
+}
+
+namespace {
+ // Helper functions from nss/lib/certdb/genname.c
+ static int GetNamesLength(CERTGeneralName *names)
+ {
+ int length = 0;
+ CERTGeneralName *first;
+
+ first = names;
+ if (names != NULL) {
+ do {
+ length++;
+ names = CERT_GetNextGeneralName(names);
+ } while (names != first);
+ }
+ return length;
+ }
+
+}
+
+//Methods from XSanExtension
+::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > SAL_CALL SanExtensionImpl :: getAlternativeNames() throw( ::com::sun::star::uno::RuntimeException ){
+
+ if (!m_Entries.hasElements())
+ {
+ SECItem item;
+
+ item.type = siDERCertBuffer;
+ item.data = (unsigned char*) m_xExtnValue.getArray();
+ item.len = m_xExtnValue.getLength();
+
+ PRArenaPool *arena;
+ CERTGeneralName *nameList;
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+ if (!arena)
+ return m_Entries;
+
+ nameList = CERT_DecodeAltNameExtension(arena, &item);
+
+ CERTGeneralName* current = nameList;
+
+ int size = GetNamesLength(nameList);
+ CertAltNameEntry* arrCertAltNameEntry = new CertAltNameEntry[size];
+ for(int i = 0; i < size ; i++){
+ switch (current->type) {
+ case certOtherName: {
+ arrCertAltNameEntry[i].Type = ExtAltNameType_OTHER_NAME;
+ ::com::sun::star::beans::PropertyValue otherNameProp;
+ otherNameProp.Name = ::rtl::OUString::createFromAscii(CERT_GetOidString(&current->name.OthName.oid));
+
+ Sequence< sal_Int8 > otherName( current->name.OthName.name.len ) ;
+ for( unsigned int r = 0; r < current->name.OthName.name.len ; r ++ )
+ otherName[r] = *( current->name.OthName.name.data + r ) ;
+
+ otherNameProp.Value <<= otherName;
+
+ arrCertAltNameEntry[i].Value <<= otherNameProp;
+ break;
+ }
+ case certRFC822Name:
+ arrCertAltNameEntry[i].Type = ExtAltNameType_RFC822_NAME;
+ arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Char*)current->name.other.data, current->name.other.len, RTL_TEXTENCODING_ASCII_US);
+ break;
+ case certDNSName:
+ arrCertAltNameEntry[i].Type = ExtAltNameType_DNS_NAME;
+ arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Char*)current->name.other.data, current->name.other.len, RTL_TEXTENCODING_ASCII_US);
+ break;
+ case certX400Address: {
+ // unsupported
+ arrCertAltNameEntry[i].Type = ExtAltNameType_X400_ADDRESS;
+ break;
+ }
+ case certDirectoryName: {
+ // unsupported
+ arrCertAltNameEntry[i].Type = ExtAltNameType_DIRECTORY_NAME;
+ break;
+ }
+ case certEDIPartyName: {
+ // unsupported
+ arrCertAltNameEntry[i].Type = ExtAltNameType_EDI_PARTY_NAME;
+ break;
+ }
+ case certURI:
+ arrCertAltNameEntry[i].Type = ExtAltNameType_URL;
+ arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Char*)current->name.other.data, current->name.other.len, RTL_TEXTENCODING_ASCII_US);
+ break;
+ case certIPAddress: {
+ arrCertAltNameEntry[i].Type = ExtAltNameType_IP_ADDRESS;
+
+ Sequence< sal_Int8 > ipAddress( current->name.other.len ) ;
+ for( unsigned int r = 0; r < current->name.other.len ; r ++ )
+ ipAddress[r] = *( current->name.other.data + r ) ;
+
+ arrCertAltNameEntry[i].Value <<= ipAddress;
+ break;
+ }
+ case certRegisterID:
+ arrCertAltNameEntry[i].Type = ExtAltNameType_REGISTERED_ID;
+
+
+ rtl::OString nssOid = ::rtl::OString(CERT_GetOidString(&current->name.other));
+ rtl::OString unoOid = removeOIDFromString(nssOid);
+ arrCertAltNameEntry[i].Value <<= rtl::OStringToOUString( unoOid, RTL_TEXTENCODING_ASCII_US );
+ break;
+ }
+ current = CERT_GetNextGeneralName(current);
+ }
+
+ m_Entries = ::comphelper::arrayToSequence< com::sun::star::security::CertAltNameEntry >(arrCertAltNameEntry, size);
+
+ delete [] arrCertAltNameEntry;
+
+ PORT_FreeArena(arena, PR_FALSE);
+
+
+ }
+
+ return m_Entries;
+}
+
+::rtl::OString SanExtensionImpl :: removeOIDFromString( const ::rtl::OString &oidString)
+ {
+ ::rtl::OString objID;
+ ::rtl::OString oid("OID.");
+ if (oidString.match(oid))
+ objID = oidString.copy(oid.getLength());
+ else
+ objID = oidString;
+ return objID;
+
+ }
+//Helper method
+void SanExtensionImpl :: setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) {
+ m_critical = critical ;
+ m_xExtnId = extnId ;
+ m_xExtnValue = extnValue ;
+}
+
+void SanExtensionImpl :: setCertExtn( unsigned char* value, unsigned int vlen, unsigned char* id, unsigned int idlen, sal_Bool critical ) {
+ unsigned int i ;
+ if( value != NULL && vlen != 0 ) {
+ Sequence< sal_Int8 > extnv( vlen ) ;
+ for( i = 0; i < vlen ; i ++ )
+ extnv[i] = *( value + i ) ;
+
+ m_xExtnValue = extnv ;
+ } else {
+ m_xExtnValue = Sequence<sal_Int8>();
+ }
+
+ if( id != NULL && idlen != 0 ) {
+ Sequence< sal_Int8 > extnId( idlen ) ;
+ for( i = 0; i < idlen ; i ++ )
+ extnId[i] = *( id + i ) ;
+
+ m_xExtnId = extnId ;
+ } else {
+ m_xExtnId = Sequence<sal_Int8>();
+ }
+
+ m_critical = critical ;
+}
+
+void SanExtensionImpl :: extractCertExt () {
+}
+
diff --git a/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.hxx
new file mode 100644
index 000000000..ccfe727a1
--- /dev/null
+++ b/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.hxx
@@ -0,0 +1,77 @@
+/*************************************************************************
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * Copyright 2000, 2010 Oracle and/or its affiliates.
+ *
+ * OpenOffice.org - a multi-platform office productivity suite
+ *
+ * This file is part of OpenOffice.org.
+ *
+ * OpenOffice.org is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 3
+ * only, as published by the Free Software Foundation.
+ *
+ * OpenOffice.org is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License version 3 for more details
+ * (a copy is included in the LICENSE file that accompanied this code).
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * version 3 along with OpenOffice.org. If not, see
+ * <http://www.openoffice.org/license.html>
+ * for a copy of the LGPLv3 License.
+ *
+ ************************************************************************/
+
+#ifndef _SANEXTENSION_NSSIMPL_HXX_
+#define _SANEXTENSION_NSSIMPL_HXX_
+
+#include <sal/config.h>
+#include <rtl/ustring.hxx>
+#include <cppuhelper/factory.hxx>
+#include <cppuhelper/implbase1.hxx>
+#include <com/sun/star/uno/Exception.hpp>
+#include "com/sun/star/uno/SecurityException.hpp"
+#include <com/sun/star/uno/Exception.hpp>
+#include <com/sun/star/security/XCertificateExtension.hpp>
+#include <com/sun/star/security/XSanExtension.hpp>
+#include <com/sun/star/security/CertAltNameEntry.hpp>
+
+class SanExtensionImpl : public ::cppu::WeakImplHelper1<
+ ::com::sun::star::security::XSanExtension >
+{
+ private :
+ sal_Bool m_critical ;
+ ::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnId ;
+ ::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnValue ;
+ ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > m_Entries;
+
+ ::rtl::OString removeOIDFromString( const ::rtl::OString &oid);
+
+ public :
+ SanExtensionImpl() ;
+ virtual ~SanExtensionImpl() ;
+
+ //Methods from XCertificateExtension
+ virtual sal_Bool SAL_CALL isCritical() throw( ::com::sun::star::uno::RuntimeException ) ;
+
+ virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getExtensionId() throw( ::com::sun::star::uno::RuntimeException ) ;
+
+ virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getExtensionValue() throw( ::com::sun::star::uno::RuntimeException ) ;
+
+ //Methods from XSanExtension
+
+ virtual ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > SAL_CALL getAlternativeNames() throw( ::com::sun::star::uno::RuntimeException ) ;
+
+ //Helper method
+ void setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) ;
+
+ void setCertExtn( unsigned char* value, unsigned int vlen, unsigned char* id, unsigned int idlen, sal_Bool critical ) ;
+
+ void extractCertExt() ;
+} ;
+
+#endif // _CERTIFICATEEXTENSION_XMLSECIMPL_HXX_
+
diff --git a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx
index 4717b10ba..ce4755100 100644
--- a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx
@@ -171,6 +171,19 @@ void deleteRootsModule()
}
}
+namespace{
+ void getAndPrintPRErrorText()
+ {
+ char error[1024] = "Cannot get error text from function PR_GetErrorText().";
+ PRInt32 size = PR_GetErrorTextLength();
+ if (size < (int) sizeof(error))
+ {
+ PR_GetErrorText(error);
+ }
+ xmlsec_trace("%s",error);
+ }
+}
+
//Older versions of Firefox (FF), for example FF2, and Thunderbird (TB) 2 write
//the roots certificate module (libnssckbi.so), which they use, into the
//profile. This module will then already be loaded during NSS_Init (and the
@@ -206,11 +219,7 @@ bool nsscrypto_initialize( const char* token, bool & out_nss_init )
if( NSS_InitReadWrite( token ) != SECSuccess )
{
xmlsec_trace("Initializing NSS with profile failed.");
- char * error = NULL;
-
- PR_GetErrorText(error);
- if (error)
- xmlsec_trace("%s",error);
+ getAndPrintPRErrorText();
return false ;
}
}
@@ -220,10 +229,7 @@ bool nsscrypto_initialize( const char* token, bool & out_nss_init )
if ( NSS_NoDB_Init(NULL) != SECSuccess )
{
xmlsec_trace("Initializing NSS without profile failed.");
- char * error = NULL;
- PR_GetErrorText(error);
- if (error)
- xmlsec_trace("%s",error);
+ getAndPrintPRErrorText();
return false ;
}
}
@@ -296,7 +302,6 @@ bool nsscrypto_initialize( const char* token, bool & out_nss_init )
return return_value;
}
-
// must be extern "C" because we pass the function pointer to atexit
extern "C" void nsscrypto_finalize()
{
@@ -410,19 +415,16 @@ cssu::Reference< cssxc::XXMLSecurityContext > SAL_CALL
rtl::OUString ouCertDir;
-
if ( getMozillaCurrentProfile(mxMSF, ouCertDir) )
*pDefaultCertDir = rtl::OString(ouCertDir, ouCertDir.getLength(), RTL_TEXTENCODING_ASCII_US);
}
sCertDir = *pDefaultCertDir;
}
-
if( ! *initNSS( sCertDir.getStr() ) )
{
return NULL;
}
-
pCertHandle = CERT_GetDefaultCertDB() ;
try
diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
index 3316730d8..8ebdfd808 100644
--- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx
@@ -51,6 +51,9 @@
#include "certificateextension_xmlsecimpl.hxx"
#endif
+#ifndef _SANEXTENSION_NSSIMPL_HXX_
+#include "sanextension_nssimpl.hxx"
+#endif
using namespace ::com::sun::star::uno ;
using namespace ::com::sun::star::security ;
@@ -203,12 +206,27 @@ sal_Int16 SAL_CALL X509Certificate_NssImpl :: getVersion() throw ( ::com::sun::s
Sequence< Reference< XCertificateExtension > > xExtns( len ) ;
for( extns = m_pCert->extensions, len = 0; *extns != NULL; extns ++, len ++ ) {
- pExtn = new CertificateExtension_XmlSecImpl() ;
+ const SECItem id = (*extns)->id;
+ ::rtl::OString oidString(CERT_GetOidString(&id));
+
+ // remove "OID." prefix if existing
+ ::rtl::OString objID;
+ ::rtl::OString oid("OID.");
+ if (oidString.match(oid))
+ objID = oidString.copy(oid.getLength());
+ else
+ objID = oidString;
+
+ if ( objID.equals("2.5.29.17") )
+ pExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ;
+ else
+ pExtn = new CertificateExtension_XmlSecImpl() ;
+
if( (*extns)->critical.data == NULL )
crit = sal_False ;
else
crit = ( (*extns)->critical.data[0] == 0xFF ) ? sal_True : sal_False ;
- pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (*extns)->id.data, (*extns)->id.len, crit ) ;
+ pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (unsigned char*)objID.getStr(), objID.getLength(), crit ) ;
xExtns[len] = pExtn ;
}
@@ -232,7 +250,12 @@ sal_Int16 SAL_CALL X509Certificate_NssImpl :: getVersion() throw ( ::com::sun::s
pExtn = NULL ;
for( extns = m_pCert->extensions; *extns != NULL; extns ++ ) {
if( SECITEM_CompareItem( &idItem, &(*extns)->id ) == SECEqual ) {
- pExtn = new CertificateExtension_XmlSecImpl() ;
+ const SECItem id = (*extns)->id;
+ ::rtl::OString objId(CERT_GetOidString(&id));
+ if ( objId.equals("OID.2.5.29.17") )
+ pExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ;
+ else
+ pExtn = new CertificateExtension_XmlSecImpl() ;
if( (*extns)->critical.data == NULL )
crit = sal_False ;
else
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt b/xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt
index 7061a98fa..f6c52e5ac 100755
--- a/xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt
@@ -32,3 +32,4 @@ V 350113102213Z 101E unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/C
V 350113102601Z 101F unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x003\x000\x00<\x00 \x00>\x00#\x00;\x00 \x00"\x00+\x00"
V 350113102847Z 1020 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x003\x001\x00 \x00\\x00"\x00a\x00,\x00b\x00"\x00+\x00C\x00N\x00=\x00U\x00S\x00,\x00 \x00>\x00 \x00\\x00\\x00d\x00e\x00 \x00<
V 350113104059Z 1021 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x001\x004\x00 \x00"\x00,\x00m\x00i\x00d\x00d\x00l\x00e\x00 \x00q\x00u\x00o\x00t\x00e
+V 111108105139Z 1022 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=User 35
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1022.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1022.pem
new file mode 100644
index 000000000..690260575
--- /dev/null
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1022.pem
@@ -0,0 +1,64 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4130 (0x1022)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Nov 8 10:51:39 2010 GMT
+ Not After : Nov 8 10:51:39 2011 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=User 35
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:9b:36:00:64:f3:ce:93:97:62:19:fa:78:d9:6f:
+ 92:6a:b9:d2:9a:4e:06:2c:02:52:cd:93:50:84:28:
+ 19:42:a2:4a:34:e2:cd:e6:b0:39:7a:c8:4d:84:bc:
+ 71:51:ed:5d:6c:7e:f9:cc:01:5a:4b:73:50:a9:3b:
+ 5d:ad:cc:89:f7:dc:e0:dd:0a:ff:48:01:a9:34:19:
+ c0:6a:ee:4b:20:f4:cf:3c:94:c1:ae:88:0f:c9:42:
+ 1a:a6:47:31:fe:37:04:00:bb:ec:07:5f:cb:ee:70:
+ c4:c7:7c:6f:ee:03:19:76:de:0b:df:d0:48:91:67:
+ 55:9b:90:91:f4:ce:56:04:d5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 91:47:AC:29:95:5D:EF:72:14:8F:82:45:07:E2:94:49:75:C6:7D:73
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DNS:alt.openoffice.org, IP Address:192.168.7.1, IP Address:13:0:0:0:0:0:0:17, email:my@other.address, Registered ID:1.2.3.4, othername:<unsupported>, DirName:/C=DE/O=OpenOffice.org/OU=Development/CN=User 32 Root 11, URI:http://my.url.here/
+ Signature Algorithm: sha1WithRSAEncryption
+ 6e:80:e6:1e:86:3d:d2:65:a6:17:fa:80:2d:2e:dc:85:32:05:
+ a1:69:82:e1:79:d1:dc:de:69:cd:9e:f0:cc:90:75:a9:45:ee:
+ 73:46:fe:29:69:c0:99:bb:fc:3a:db:c0:5f:69:c6:b7:ea:9a:
+ 63:b2:8e:29:2c:a5:5a:88:88:94:75:4b:ab:0a:72:f6:3a:aa:
+ 5d:6b:3a:5c:b6:9b:57:f5:c1:51:af:df:3c:a6:8a:a3:da:70:
+ 66:61:49:12:06:78:98:9f:bc:78:3c:43:6d:08:94:aa:32:b6:
+ f3:cc:af:0d:29:fe:96:47:7d:fe:4a:61:48:90:11:0b:bd:0f:
+ a0:fd
+-----BEGIN CERTIFICATE-----
+MIIDajCCAtOgAwIBAgICECIwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDExMDgxMDUx
+MzlaFw0xMTExMDgxMDUxMzlaMGAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxEDAOBgNVBAMTB1VzZXIgMzUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+AJs2AGTzzpOXYhn6eNlvkmq50ppOBiwCUs2TUIQoGUKiSjTizeawOXrITYS8cVHt
+XWx++cwBWktzUKk7Xa3Miffc4N0K/0gBqTQZwGruSyD0zzyUwa6ID8lCGqZHMf43
+BAC77Adfy+5wxMd8b+4DGXbeC9/QSJFnVZuQkfTOVgTVAgMBAAGjggExMIIBLTAL
+BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJFHrCmVXe9yFI+CRQfilEl1xn1zMB8GA1Ud
+IwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMIHdBgNVHREEgdUwgdKCEmFsdC5v
+cGVub2ZmaWNlLm9yZ4cEwKgHAYcQABMAAAAAAAAAAAAAAAAAF4EQbXlAb3RoZXIu
+YWRkcmVzc4gDKgMEoB4GAyoDBKAXDBVzb21lIG90aGVyIGlkZW50aWZpZXKkWDBW
+MQswCQYDVQQGEwJERTEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT
+C0RldmVsb3BtZW50MRgwFgYDVQQDEw9Vc2VyIDMyIFJvb3QgMTGGE2h0dHA6Ly9t
+eS51cmwuaGVyZS8wDQYJKoZIhvcNAQEFBQADgYEAboDmHoY90mWmF/qALS7chTIF
+oWmC4XnR3N5pzZ7wzJB1qUXuc0b+KWnAmbv8OtvAX2nGt+qaY7KOKSylWoiIlHVL
+qwpy9jqqXWs6XLabV/XBUa/fPKaKo9pwZmFJEgZ4mJ+8eDxDbQiUqjK288yvDSn+
+lkd9/kphSJARC70PoP0=
+-----END CERTIFICATE-----
diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/serial b/xmlsecurity/test_docs/CAs/Root_11/demoCA/serial
index c7781419a..b70608fe8 100755
--- a/xmlsecurity/test_docs/CAs/Root_11/demoCA/serial
+++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/serial
@@ -1 +1 @@
-1022
+1023
diff --git a/xmlsecurity/test_docs/CAs/Root_11/openssl.cfg b/xmlsecurity/test_docs/CAs/Root_11/openssl.cfg
index 8bf98da50..9d98db508 100755
--- a/xmlsecurity/test_docs/CAs/Root_11/openssl.cfg
+++ b/xmlsecurity/test_docs/CAs/Root_11/openssl.cfg
@@ -178,13 +178,16 @@ authorityKeyIdentifier=keyid,issuer
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
-subjectAltName=dirName:dn_subjectAlt
-# Copy subject details
-# issuerAltName=issuer:copy
-
-
-[dn_subjectAlt]
-CN=User 14 Root 11
+subjectAltName=DNS:alt.openoffice.org,IP:192.168.7.1,IP:13::17,email:my@other.address,RID:1.2.3.4,otherName:1.2.3.4;UTF8:some other identifier,dirName:dir_sect,URI:http://my.url.here/
+# Copy subject details
+# issuerAltName=issuer:copy
+
+
+[dir_sect]
+C=DE
+O=OpenOffice.org
+OU=Development
+CN=User 32 Root 11
[ v3_req ]
diff --git a/xmlsecurity/test_docs/certs/end_certs/User_35_Root_11.crt b/xmlsecurity/test_docs/certs/end_certs/User_35_Root_11.crt
new file mode 100644
index 000000000..690260575
--- /dev/null
+++ b/xmlsecurity/test_docs/certs/end_certs/User_35_Root_11.crt
@@ -0,0 +1,64 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4130 (0x1022)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11
+ Validity
+ Not Before: Nov 8 10:51:39 2010 GMT
+ Not After : Nov 8 10:51:39 2011 GMT
+ Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=User 35
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:9b:36:00:64:f3:ce:93:97:62:19:fa:78:d9:6f:
+ 92:6a:b9:d2:9a:4e:06:2c:02:52:cd:93:50:84:28:
+ 19:42:a2:4a:34:e2:cd:e6:b0:39:7a:c8:4d:84:bc:
+ 71:51:ed:5d:6c:7e:f9:cc:01:5a:4b:73:50:a9:3b:
+ 5d:ad:cc:89:f7:dc:e0:dd:0a:ff:48:01:a9:34:19:
+ c0:6a:ee:4b:20:f4:cf:3c:94:c1:ae:88:0f:c9:42:
+ 1a:a6:47:31:fe:37:04:00:bb:ec:07:5f:cb:ee:70:
+ c4:c7:7c:6f:ee:03:19:76:de:0b:df:d0:48:91:67:
+ 55:9b:90:91:f4:ce:56:04:d5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Non Repudiation, Key Encipherment
+ X509v3 Subject Key Identifier:
+ 91:47:AC:29:95:5D:EF:72:14:8F:82:45:07:E2:94:49:75:C6:7D:73
+ X509v3 Authority Key Identifier:
+ keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55
+
+ X509v3 Subject Alternative Name:
+ DNS:alt.openoffice.org, IP Address:192.168.7.1, IP Address:13:0:0:0:0:0:0:17, email:my@other.address, Registered ID:1.2.3.4, othername:<unsupported>, DirName:/C=DE/O=OpenOffice.org/OU=Development/CN=User 32 Root 11, URI:http://my.url.here/
+ Signature Algorithm: sha1WithRSAEncryption
+ 6e:80:e6:1e:86:3d:d2:65:a6:17:fa:80:2d:2e:dc:85:32:05:
+ a1:69:82:e1:79:d1:dc:de:69:cd:9e:f0:cc:90:75:a9:45:ee:
+ 73:46:fe:29:69:c0:99:bb:fc:3a:db:c0:5f:69:c6:b7:ea:9a:
+ 63:b2:8e:29:2c:a5:5a:88:88:94:75:4b:ab:0a:72:f6:3a:aa:
+ 5d:6b:3a:5c:b6:9b:57:f5:c1:51:af:df:3c:a6:8a:a3:da:70:
+ 66:61:49:12:06:78:98:9f:bc:78:3c:43:6d:08:94:aa:32:b6:
+ f3:cc:af:0d:29:fe:96:47:7d:fe:4a:61:48:90:11:0b:bd:0f:
+ a0:fd
+-----BEGIN CERTIFICATE-----
+MIIDajCCAtOgAwIBAgICECIwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD
+VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDExMDgxMDUx
+MzlaFw0xMTExMDgxMDUxMzlaMGAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i
+dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l
+bnQxEDAOBgNVBAMTB1VzZXIgMzUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+AJs2AGTzzpOXYhn6eNlvkmq50ppOBiwCUs2TUIQoGUKiSjTizeawOXrITYS8cVHt
+XWx++cwBWktzUKk7Xa3Miffc4N0K/0gBqTQZwGruSyD0zzyUwa6ID8lCGqZHMf43
+BAC77Adfy+5wxMd8b+4DGXbeC9/QSJFnVZuQkfTOVgTVAgMBAAGjggExMIIBLTAL
+BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJFHrCmVXe9yFI+CRQfilEl1xn1zMB8GA1Ud
+IwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMIHdBgNVHREEgdUwgdKCEmFsdC5v
+cGVub2ZmaWNlLm9yZ4cEwKgHAYcQABMAAAAAAAAAAAAAAAAAF4EQbXlAb3RoZXIu
+YWRkcmVzc4gDKgMEoB4GAyoDBKAXDBVzb21lIG90aGVyIGlkZW50aWZpZXKkWDBW
+MQswCQYDVQQGEwJERTEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT
+C0RldmVsb3BtZW50MRgwFgYDVQQDEw9Vc2VyIDMyIFJvb3QgMTGGE2h0dHA6Ly9t
+eS51cmwuaGVyZS8wDQYJKoZIhvcNAQEFBQADgYEAboDmHoY90mWmF/qALS7chTIF
+oWmC4XnR3N5pzZ7wzJB1qUXuc0b+KWnAmbv8OtvAX2nGt+qaY7KOKSylWoiIlHVL
+qwpy9jqqXWs6XLabV/XBUa/fPKaKo9pwZmFJEgZ4mJ+8eDxDbQiUqjK288yvDSn+
+lkd9/kphSJARC70PoP0=
+-----END CERTIFICATE-----