From cfaffcb06a100efa76ae7eb9fa0f1e72a645cc9b Mon Sep 17 00:00:00 2001 From: Tobias Krause Date: Thu, 3 Feb 2011 16:22:52 +0100 Subject: tkr38: #i112307# Support for x509 v3 Subject Alternative Name extension added --- xmlsecurity/prj/build.lst | 3 +- xmlsecurity/qa/certext/SanCertExt.cxx | 227 ++++++++++++++++++ xmlsecurity/qa/certext/User_35_Root_11.crt | 64 ++++++ xmlsecurity/qa/certext/export.map | 34 +++ xmlsecurity/qa/certext/makefile.mk | 177 ++++++++++++++ xmlsecurity/source/xmlsec/mscrypt/makefile.mk | 3 +- .../xmlsec/mscrypt/sanextension_mscryptimpl.cxx | 188 +++++++++++++++ .../xmlsec/mscrypt/sanextension_mscryptimpl.hxx | 84 +++++++ .../mscrypt/securityenvironment_mscryptimpl.hxx | 3 + .../xmlsec/mscrypt/x509certificate_mscryptimpl.cxx | 9 +- xmlsecurity/source/xmlsec/nss/makefile.mk | 3 +- .../source/xmlsec/nss/sanextension_nssimpl.cxx | 254 +++++++++++++++++++++ .../source/xmlsec/nss/sanextension_nssimpl.hxx | 76 ++++++ .../source/xmlsec/nss/x509certificate_nssimpl.cxx | 29 ++- xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt | 1 + .../test_docs/CAs/Root_11/demoCA/newcerts/1022.pem | 64 ++++++ xmlsecurity/test_docs/CAs/Root_11/demoCA/serial | 2 +- xmlsecurity/test_docs/CAs/Root_11/openssl.cfg | 17 +- .../test_docs/certs/end_certs/User_35_Root_11.crt | 64 ++++++ 19 files changed, 1287 insertions(+), 15 deletions(-) create mode 100644 xmlsecurity/qa/certext/SanCertExt.cxx create mode 100644 xmlsecurity/qa/certext/User_35_Root_11.crt create mode 100644 xmlsecurity/qa/certext/export.map create mode 100644 xmlsecurity/qa/certext/makefile.mk create mode 100644 xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx create mode 100644 xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.hxx create mode 100644 xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.cxx create mode 100644 xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.hxx create mode 100644 xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1022.pem create mode 100644 xmlsecurity/test_docs/certs/end_certs/User_35_Root_11.crt diff --git a/xmlsecurity/prj/build.lst b/xmlsecurity/prj/build.lst index 3d70b9cb1..4618e309f 100644 --- a/xmlsecurity/prj/build.lst +++ b/xmlsecurity/prj/build.lst @@ -1,4 +1,4 @@ -xs xmlsecurity : l10n xmloff unotools offapi unoil svx MOZ:moz SO:moz_prebuilt LIBXMLSEC:libxmlsec NSS:nss LIBXSLT:libxslt NULL +xs xmlsecurity : l10n xmloff unotools offapi unoil svx MOZ:moz SO:moz_prebuilt LIBXMLSEC:libxmlsec NSS:nss LIBXSLT:libxslt NEON:neon NULL xs xmlsecurity usr1 - all xs_mkout NULL xs xmlsecurity\inc nmake - all xs_inc NULL xs xmlsecurity\source\framework nmake - all xs_fw xs_inc NULL @@ -9,3 +9,4 @@ xs xmlsecurity\source\helper nmake - al xs xmlsecurity\source\dialogs nmake - all xs_dialogs xs_inc NULL xs xmlsecurity\source\component nmake - all xs_component xs_inc NULL xs xmlsecurity\util nmake - all xs_util xs_fw xs_xmlsec xs_nss xs_mscrypt xs_helper xs_dialogs xs_component NULL +xs xmlsecurity\qa\certext nmake - all xs_certext xs_util NULL diff --git a/xmlsecurity/qa/certext/SanCertExt.cxx b/xmlsecurity/qa/certext/SanCertExt.cxx new file mode 100644 index 000000000..83477d39b --- /dev/null +++ b/xmlsecurity/qa/certext/SanCertExt.cxx @@ -0,0 +1,227 @@ +/************************************************************************* +* +* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +* +* Copyright 2000, 2010 Oracle and/or its affiliates. +* +* OpenOffice.org - a multi-platform office productivity suite +* +* This file is part of OpenOffice.org. +* +* OpenOffice.org is free software: you can redistribute it and/or modify +* it under the terms of the GNU Lesser General Public License version 3 +* only, as published by the Free Software Foundation. +* +* OpenOffice.org is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU Lesser General Public License version 3 for more details +* (a copy is included in the LICENSE file that accompanied this code). +* +* You should have received a copy of the GNU Lesser General Public License +* version 3 along with OpenOffice.org. If not, see +* +* for a copy of the LGPLv3 License. +* +************************************************************************/ + +#include "precompiled_xmlsecurity.hxx" +#include "sal/config.h" + +#include "../../source/xmlsec/mscrypt/securityenvironment_mscryptimpl.hxx" +#include +#include +#include +#include +#include +#include +#include + +#include "cppuhelper/bootstrap.hxx" +#include "cppunit/TestAssert.h" +#include "cppunit/TestFixture.h" +#include "cppunit/extensions/HelperMacros.h" +#include "cppunit/plugin/TestPlugIn.h" +#include "sal/types.h" +#include "comphelper/sequence.hxx" +#include + +#include + +using namespace com::sun::star; +using ::com::sun::star::lang::XMultiServiceFactory; + +#define OID_SUBJECT_ALTERNATIVE_NAME "2.5.29.17" + +namespace { + +class Test: public CppUnit::TestFixture { + +private: + + static uno::Sequence< security::CertAltNameEntry > altNames; + + void init(){ + if (altNames.getLength() == 0){ + cppu::defaultBootstrap_InitialComponentContext(); + ne_ssl_certificate* cert = ne_ssl_cert_read("User_35_Root_11.crt"); + char* certExportB64 = ne_ssl_cert_export(cert); + + uno::Reference< xml::crypto::XSecurityEnvironment > xSecurityEnv( new SecurityEnvironment_MSCryptImpl( uno::Reference< XMultiServiceFactory >() ) ); + + uno::Reference< security::XCertificate > xCert = xSecurityEnv->createCertificateFromAscii( + rtl::OStringToOUString( certExportB64, RTL_TEXTENCODING_ASCII_US ) ); + + uno::Sequence< uno::Reference< security::XCertificateExtension > > extensions = xCert->getExtensions(); + for (sal_Int32 i = 0 ; i < extensions.getLength(); i++) + { + uno::Reference< security::XCertificateExtension >element = extensions[i]; + + rtl::OString aId ( (const sal_Char *)element->getExtensionId().getArray(), element->getExtensionId().getLength()); + if (aId.equals(OID_SUBJECT_ALTERNATIVE_NAME)) + { + uno::Reference< security::XSanExtension > sanExtension ( element, uno::UNO_QUERY ); + altNames = sanExtension->getAlternativeNames(); + break; + } + } + } + + } + +public: + void test_Others() { + init(); + for(int n = 1; n < altNames.getLength(); n++) + { + if (altNames[n].Type == security::ExtAltNameType_OTHER_NAME) + { + ::com::sun::star::beans::NamedValue otherNameProp; + if (altNames[n].Value >>= otherNameProp) + { + //Name + CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("1.2.3.4"), otherNameProp.Name); + + //Value + uno::Sequence< sal_Int8 > ipAddress; + otherNameProp.Value >>= ipAddress; + CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( ipAddress.getLength() > 0 ) ); + } + } + } + } + + void test_RFC822() { + init(); + for(int n = 1; n < altNames.getLength(); n++) + { + if (altNames[n].Type == security::ExtAltNameType_RFC822_NAME) + { + rtl::OUString value; + altNames[n].Value >>= value; + //Value + CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("my@other.address"), value); + } + } + } + + void test_DNS() { + init(); + for(int n = 1; n < altNames.getLength(); n++) + { + if (altNames[n].Type == security::ExtAltNameType_DNS_NAME) + { + rtl::OUString value; + altNames[n].Value >>= value; + //Value + CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("alt.openoffice.org"), value); + } + } + } + + void test_Direcory() { + init(); + for(int n = 1; n < altNames.getLength(); n++) + { + if (altNames[n].Type == security::ExtAltNameType_DIRECTORY_NAME) + { + uno::Sequence< sal_Int8 > value; + altNames[n].Value >>= value; + //Value + CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( value.getLength() > 0 ) ); + } + } + } + + void test_URI() { + init(); + for(int n = 1; n < altNames.getLength(); n++) + { + if (altNames[n].Type == security::ExtAltNameType_URL) + { + rtl::OUString value; + altNames[n].Value >>= value; + //Value + CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("http://my.url.here/"), value); + } + } + } + + void test_IP() { + init(); + for(int n = 1; n < altNames.getLength(); n++) + { + if (altNames[n].Type == security::ExtAltNameType_IP_ADDRESS) + { + uno::Sequence< sal_Int8 > ipAddress; + altNames[n].Value >>= ipAddress; + //Value + CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( ipAddress.getLength() > 0 ) ); + } + } + + } + + void test_RID() { + init(); + for(int n = 1; n < altNames.getLength(); n++) + { + if (altNames[n].Type == security::ExtAltNameType_REGISTERED_ID) + { + rtl::OUString value; + altNames[n].Value >>= value; + //Value + CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("1.2.3.4"), value); + } + } + + } + + void test_EDI() { + // Not implemented + } + + void test_X400() { + // Not implemented + } + + CPPUNIT_TEST_SUITE(Test); + CPPUNIT_TEST(test_Others); + CPPUNIT_TEST(test_RFC822); + CPPUNIT_TEST(test_DNS); + CPPUNIT_TEST(test_Direcory); + CPPUNIT_TEST(test_URI); + CPPUNIT_TEST(test_IP); + CPPUNIT_TEST(test_RID); + CPPUNIT_TEST(test_EDI); + CPPUNIT_TEST(test_X400); + CPPUNIT_TEST_SUITE_END(); +}; + +uno::Sequence< security::CertAltNameEntry > Test::altNames; + +CPPUNIT_TEST_SUITE_REGISTRATION(Test); + +} + +CPPUNIT_PLUGIN_IMPLEMENT(); diff --git a/xmlsecurity/qa/certext/User_35_Root_11.crt b/xmlsecurity/qa/certext/User_35_Root_11.crt new file mode 100644 index 000000000..690260575 --- /dev/null +++ b/xmlsecurity/qa/certext/User_35_Root_11.crt @@ -0,0 +1,64 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4130 (0x1022) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11 + Validity + Not Before: Nov 8 10:51:39 2010 GMT + Not After : Nov 8 10:51:39 2011 GMT + Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=User 35 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:9b:36:00:64:f3:ce:93:97:62:19:fa:78:d9:6f: + 92:6a:b9:d2:9a:4e:06:2c:02:52:cd:93:50:84:28: + 19:42:a2:4a:34:e2:cd:e6:b0:39:7a:c8:4d:84:bc: + 71:51:ed:5d:6c:7e:f9:cc:01:5a:4b:73:50:a9:3b: + 5d:ad:cc:89:f7:dc:e0:dd:0a:ff:48:01:a9:34:19: + c0:6a:ee:4b:20:f4:cf:3c:94:c1:ae:88:0f:c9:42: + 1a:a6:47:31:fe:37:04:00:bb:ec:07:5f:cb:ee:70: + c4:c7:7c:6f:ee:03:19:76:de:0b:df:d0:48:91:67: + 55:9b:90:91:f4:ce:56:04:d5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Subject Key Identifier: + 91:47:AC:29:95:5D:EF:72:14:8F:82:45:07:E2:94:49:75:C6:7D:73 + X509v3 Authority Key Identifier: + keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55 + + X509v3 Subject Alternative Name: + DNS:alt.openoffice.org, IP Address:192.168.7.1, IP Address:13:0:0:0:0:0:0:17, email:my@other.address, Registered ID:1.2.3.4, othername:, DirName:/C=DE/O=OpenOffice.org/OU=Development/CN=User 32 Root 11, URI:http://my.url.here/ + Signature Algorithm: sha1WithRSAEncryption + 6e:80:e6:1e:86:3d:d2:65:a6:17:fa:80:2d:2e:dc:85:32:05: + a1:69:82:e1:79:d1:dc:de:69:cd:9e:f0:cc:90:75:a9:45:ee: + 73:46:fe:29:69:c0:99:bb:fc:3a:db:c0:5f:69:c6:b7:ea:9a: + 63:b2:8e:29:2c:a5:5a:88:88:94:75:4b:ab:0a:72:f6:3a:aa: + 5d:6b:3a:5c:b6:9b:57:f5:c1:51:af:df:3c:a6:8a:a3:da:70: + 66:61:49:12:06:78:98:9f:bc:78:3c:43:6d:08:94:aa:32:b6: + f3:cc:af:0d:29:fe:96:47:7d:fe:4a:61:48:90:11:0b:bd:0f: + a0:fd +-----BEGIN CERTIFICATE----- +MIIDajCCAtOgAwIBAgICECIwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx +EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD +VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDExMDgxMDUx +MzlaFw0xMTExMDgxMDUxMzlaMGAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i +dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l +bnQxEDAOBgNVBAMTB1VzZXIgMzUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +AJs2AGTzzpOXYhn6eNlvkmq50ppOBiwCUs2TUIQoGUKiSjTizeawOXrITYS8cVHt +XWx++cwBWktzUKk7Xa3Miffc4N0K/0gBqTQZwGruSyD0zzyUwa6ID8lCGqZHMf43 +BAC77Adfy+5wxMd8b+4DGXbeC9/QSJFnVZuQkfTOVgTVAgMBAAGjggExMIIBLTAL +BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJFHrCmVXe9yFI+CRQfilEl1xn1zMB8GA1Ud +IwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMIHdBgNVHREEgdUwgdKCEmFsdC5v +cGVub2ZmaWNlLm9yZ4cEwKgHAYcQABMAAAAAAAAAAAAAAAAAF4EQbXlAb3RoZXIu +YWRkcmVzc4gDKgMEoB4GAyoDBKAXDBVzb21lIG90aGVyIGlkZW50aWZpZXKkWDBW +MQswCQYDVQQGEwJERTEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT +C0RldmVsb3BtZW50MRgwFgYDVQQDEw9Vc2VyIDMyIFJvb3QgMTGGE2h0dHA6Ly9t +eS51cmwuaGVyZS8wDQYJKoZIhvcNAQEFBQADgYEAboDmHoY90mWmF/qALS7chTIF +oWmC4XnR3N5pzZ7wzJB1qUXuc0b+KWnAmbv8OtvAX2nGt+qaY7KOKSylWoiIlHVL +qwpy9jqqXWs6XLabV/XBUa/fPKaKo9pwZmFJEgZ4mJ+8eDxDbQiUqjK288yvDSn+ +lkd9/kphSJARC70PoP0= +-----END CERTIFICATE----- diff --git a/xmlsecurity/qa/certext/export.map b/xmlsecurity/qa/certext/export.map new file mode 100644 index 000000000..0dbbcc5a7 --- /dev/null +++ b/xmlsecurity/qa/certext/export.map @@ -0,0 +1,34 @@ +#************************************************************************* +# +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# Copyright 2000, 2010 Oracle and/or its affiliates. +# +# OpenOffice.org - a multi-platform office productivity suite +# +# This file is part of OpenOffice.org. +# +# OpenOffice.org is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License version 3 +# only, as published by the Free Software Foundation. +# +# OpenOffice.org is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License version 3 for more details +# (a copy is included in the LICENSE file that accompanied this code). +# +# You should have received a copy of the GNU Lesser General Public License +# version 3 along with OpenOffice.org. If not, see +# +# for a copy of the LGPLv3 License. +# +#************************************************************************* + +UDK_3_0_0 { + global: + cppunitTestPlugIn; + + local: + *; +}; diff --git a/xmlsecurity/qa/certext/makefile.mk b/xmlsecurity/qa/certext/makefile.mk new file mode 100644 index 000000000..36ebb9549 --- /dev/null +++ b/xmlsecurity/qa/certext/makefile.mk @@ -0,0 +1,177 @@ +#************************************************************************* +# +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# Copyright 2000, 2010 Oracle and/or its affiliates. +# +# OpenOffice.org - a multi-platform office productivity suite +# +# This file is part of OpenOffice.org. +# +# OpenOffice.org is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License version 3 +# only, as published by the Free Software Foundation. +# +# OpenOffice.org is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License version 3 for more details +# (a copy is included in the LICENSE file that accompanied this code). +# +# You should have received a copy of the GNU Lesser General Public License +# version 3 along with OpenOffice.org. If not, see +# +# for a copy of the LGPLv3 License. +# +#***********************************************************************/ + +PRJ = ../.. +PRJNAME = xmlsecurity +TARGET = qa_certext + +ENABLE_EXCEPTIONS = TRUE + +.IF "$(OS)" == "WNT" +my_file = file:/// +.ELSE +my_file = file:// +.END + + +.INCLUDE: settings.mk +.INCLUDE : $(PRJ)$/util$/target.pmk + +.IF "$(SYSTEM_LIBXML)" == "YES" +CFLAGS+=-DSYSTEM_LIBXML $(LIBXML_CFLAGS) +.ENDIF + +.IF "$(CRYPTO_ENGINE)" == "nss" + +.IF "$(WITH_MOZILLA)" == "NO" || "$(ENABLE_NSS_MODULE)"!="YES" +.IF "$(SYSTEM_MOZILLA)" != "YES" +@all: + @echo "No mozilla -> no nss -> no libxmlsec -> no xmlsecurity/nss" +.ENDIF +.ENDIF + +.IF "$(SYSTEM_MOZILLA)" != "YES" +MOZ_INC = $(SOLARVERSION)$/$(INPATH)$/inc$(UPDMINOREXT)$/mozilla +NSS_INC = $(MOZ_INC)$/nss +NSPR_INC = $(MOZ_INC)$/nspr +.ELSE +# MOZ_INC already defined from environment +NSS_INC = $(MOZ_NSS_CFLAGS) +NSPR_INC = $(MOZ_INC)$/nspr +.ENDIF + +.IF "$(GUI)"=="UNX" +.IF "$(COMNAME)"=="sunpro5" +CFLAGS += -features=tmplife +#This flag is needed to build mozilla 1.7 code +.ENDIF # "$(COMNAME)"=="sunpro5" +.ENDIF + +.IF "$(GUI)" == "WNT" +.IF "$(DBG_LEVEL)" == "0" +INCPRE += \ +-I$(MOZ_INC)$/profile \ +-I$(MOZ_INC)$/string \ +-I$(MOZ_INC)$/embed_base +CFLAGS += -GR- -W3 -Gy -MD -UDEBUG +.ELSE +INCPRE += \ +-I$(MOZ_INC)$/profile \ +-I$(MOZ_INC)$/string \ +-I$(MOZ_INC)$/embed_base +CFLAGS += -Zi -GR- -W3 -Gy -MDd -UNDEBUG +.ENDIF +.ENDIF +.IF "$(GUI)" == "UNX" +INCPOST += \ +$(MOZ_INC)$/profile \ +-I$(MOZ_INC)$/string \ +-I$(MOZ_INC)$/embed_base +.ENDIF + +CDEFS += -DXMLSEC_CRYPTO_NSS -DXMLSEC_NO_XSLT + +SOLARINC += \ + -I$(MOZ_INC) \ +-I$(NSPR_INC) \ +-I$(PRJ)$/source$/xmlsec + +.IF "$(SYSTEM_MOZILLA)" == "YES" +SOLARINC += -DSYSTEM_MOZILLA $(NSS_INC) +.ELSE +SOLARINC += -I$(NSS_INC) +.ENDIF +.ENDIF + + + + +CFLAGSCXX += $(CPPUNIT_CFLAGS) + +SHL1IMPLIB = i$(SHL1TARGET) +SHL1OBJS = $(SLOFILES) +SHL1RPATH = NONE +SHL1STDLIBS = $(CPPUNITLIB) \ + $(SALLIB) \ + $(NEON3RDLIB) \ + $(CPPULIB) \ + $(XMLOFFLIB) \ + $(CPPUHELPERLIB) \ + $(SVLLIB) \ + $(TOOLSLIB) \ + $(COMPHELPERLIB) + + + +.IF "$(OS)"=="SOLARIS" +SHL1STDLIBS +=-ldl +.ENDIF + +.IF "$(SYSTEM_MOZILLA)" == "YES" +.IF "$(NSPR_LIB)" != "" +SHL1STDLIBS += $(NSPR_LIB) +.ENDIF +.IF "$(NSS_LIB)" != "" +SHL1STDLIBS += $(NSS_LIB) +.ENDIF +.ENDIF + +.IF "$(CRYPTO_ENGINE)" == "mscrypto" +SHL1STDLIBS+= $(MSCRYPTOLIBS) +.ELSE +CDEFS += -DNSS_ENGINE +SHL1STDLIBS+= $(NSSCRYPTOLIBS) +.ENDIF + +.IF "$(ENABLE_NSS_MODULE)"=="YES" || "$(SYSTEM_MOZILLA)" == "YES" + +SHL1LIBS= \ + $(SLB)$/xs_comm.lib + +.IF "$(CRYPTO_ENGINE)" == "mscrypto" +SHL1LIBS += \ + $(SLB)$/xs_mscrypt.lib +.ELSE +SHL1LIBS += \ + $(SLB)$/xs_nss.lib +.ENDIF + +.ENDIF + +SHL1TARGET = qa_CertExt +SHL1VERSIONMAP = $(PRJ)/qa/certext/export.map +DEF1NAME = $(SHL1TARGET) + +SLOFILES = $(SLO)/SanCertExt.obj + +.INCLUDE: target.mk + +ALLTAR : test + +test .PHONY : $(SHL1TARGETN) + $(CPPUNITTESTER) $(SHL1TARGETN) \ + -env:UNO_TYPES=$(my_file)$(SOLARBINDIR)/types.rdb diff --git a/xmlsecurity/source/xmlsec/mscrypt/makefile.mk b/xmlsecurity/source/xmlsec/mscrypt/makefile.mk index 20153edf1..2287266de 100644 --- a/xmlsecurity/source/xmlsec/mscrypt/makefile.mk +++ b/xmlsecurity/source/xmlsec/mscrypt/makefile.mk @@ -63,7 +63,8 @@ SLOFILES = \ $(SLO)$/xmlsignature_mscryptimpl.obj \ $(SLO)$/x509certificate_mscryptimpl.obj \ $(SLO)$/seinitializer_mscryptimpl.obj \ - $(SLO)$/xsec_mscrypt.obj + $(SLO)$/xsec_mscrypt.obj \ + $(SLO)$/sanextension_mscryptimpl.obj .ENDIF diff --git a/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx new file mode 100644 index 000000000..fa25f9d76 --- /dev/null +++ b/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx @@ -0,0 +1,188 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +// MARKER(update_precomp.py): autogen include statement, do not remove +#include "precompiled_xmlsecurity.hxx" +#include +#include +#include +#include +#include +#include +#include +#include + + +#ifndef _SANEXTENSION_MSCRYPTIMPL_HXX_ +#include "sanextension_mscryptimpl.hxx" +#endif + +using namespace ::com::sun::star; +using namespace ::com::sun::star::uno ; +using namespace ::com::sun::star::security ; +using ::rtl::OUString ; + +using ::com::sun::star::security::XCertificateExtension ; + + +SanExtensionImpl :: SanExtensionImpl() : + m_critical( sal_False ) +{ +} + +SanExtensionImpl :: ~SanExtensionImpl() { +} + + +//Methods from XCertificateExtension +sal_Bool SAL_CALL SanExtensionImpl :: isCritical() throw( ::com::sun::star::uno::RuntimeException ) { + return m_critical ; +} + +::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL SanExtensionImpl :: getExtensionId() throw( ::com::sun::star::uno::RuntimeException ) { + return m_xExtnId ; +} + +::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL SanExtensionImpl :: getExtensionValue() throw( ::com::sun::star::uno::RuntimeException ) { + return m_xExtnValue ; +} + +//Methods from XSanExtension +::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > SAL_CALL SanExtensionImpl :: getAlternativeNames() throw( ::com::sun::star::uno::RuntimeException ){ + + if (!m_Entries.hasElements()) + { + CERT_ALT_NAME_INFO *subjectName; + DWORD size; + CryptDecodeObjectEx(X509_ASN_ENCODING, X509_ALTERNATE_NAME, (unsigned char*) m_xExtnValue.getArray(), m_xExtnValue.getLength(), CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,&subjectName, &size); + + CertAltNameEntry* arrCertAltNameEntry = new CertAltNameEntry[subjectName->cAltEntry]; + + for (unsigned int i = 0; i < (unsigned int)subjectName->cAltEntry; i++){ + PCERT_ALT_NAME_ENTRY pEntry = &subjectName->rgAltEntry[i]; + + switch(pEntry->dwAltNameChoice) { + case CERT_ALT_NAME_OTHER_NAME : + { + arrCertAltNameEntry[i].Type = ExtAltNameType_OTHER_NAME; + PCERT_OTHER_NAME pOtherName = pEntry->pOtherName; + + ::com::sun::star::beans::NamedValue otherNameProp; + otherNameProp.Name = ::rtl::OUString::createFromAscii(pOtherName->pszObjId); + + Sequence< sal_Int8 > otherName( pOtherName->Value.cbData ) ; + for( unsigned int n = 0; n < (unsigned int) pOtherName->Value.cbData ; n ++ ) + otherName[n] = *( pOtherName->Value.pbData + n ) ; + + otherNameProp.Value <<= otherName; + + arrCertAltNameEntry[i].Value <<= otherNameProp; + break; + } + case CERT_ALT_NAME_RFC822_NAME : + arrCertAltNameEntry[i].Type = ExtAltNameType_RFC822_NAME; + arrCertAltNameEntry[i].Value <<= ::rtl::OUString(pEntry->pwszRfc822Name); + break; + case CERT_ALT_NAME_DNS_NAME : + arrCertAltNameEntry[i].Type = ExtAltNameType_DNS_NAME; + arrCertAltNameEntry[i].Value <<= ::rtl::OUString(pEntry->pwszDNSName); + break; + case CERT_ALT_NAME_DIRECTORY_NAME : + { + arrCertAltNameEntry[i].Type = ExtAltNameType_DIRECTORY_NAME; + + Sequence< sal_Int8 > directoryName( pEntry->DirectoryName.cbData ) ; + for( unsigned int n = 0; n < pEntry->DirectoryName.cbData ; n++ ) + directoryName[n] = *( pEntry->DirectoryName.pbData + n ) ; + + arrCertAltNameEntry[i].Value <<= directoryName; + break; + } + case CERT_ALT_NAME_URL : + arrCertAltNameEntry[i].Type = ExtAltNameType_URL; + arrCertAltNameEntry[i].Value <<= ::rtl::OUString(pEntry->pwszURL); + break; + case CERT_ALT_NAME_IP_ADDRESS : + { + arrCertAltNameEntry[i].Type = ExtAltNameType_IP_ADDRESS; + + Sequence< sal_Int8 > ipAddress( pEntry->IPAddress.cbData ) ; + for( unsigned int n = 0; n < pEntry->IPAddress.cbData ; n ++ ) + ipAddress[n] = *( pEntry->IPAddress.pbData + n ) ; + + arrCertAltNameEntry[i].Value <<= ipAddress; + break; + } + case CERT_ALT_NAME_REGISTERED_ID : + arrCertAltNameEntry[i].Type = ExtAltNameType_REGISTERED_ID; + arrCertAltNameEntry[i].Value <<= ::rtl::OUString::createFromAscii(pEntry->pszRegisteredID); + break; + } + } + m_Entries = ::comphelper::arrayToSequence< com::sun::star::security::CertAltNameEntry >(arrCertAltNameEntry, subjectName->cAltEntry); + + delete [] arrCertAltNameEntry; + } + + return m_Entries; +} + +//Helper method +void SanExtensionImpl :: setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) { + m_critical = critical ; + m_xExtnId = extnId ; + m_xExtnValue = extnValue ; +} + +void SanExtensionImpl :: setCertExtn( unsigned char* value, unsigned int vlen, unsigned char* id, unsigned int idlen, sal_Bool critical ) { + unsigned int i ; + if( value != NULL && vlen != 0 ) { + Sequence< sal_Int8 > extnv( vlen ) ; + for( i = 0; i < vlen ; i ++ ) + extnv[i] = *( value + i ) ; + + m_xExtnValue = extnv ; + } else { + m_xExtnValue = Sequence(); + } + + if( id != NULL && idlen != 0 ) { + Sequence< sal_Int8 > extnId( idlen ) ; + for( i = 0; i < idlen ; i ++ ) + extnId[i] = *( id + i ) ; + + m_xExtnId = extnId ; + } else { + m_xExtnId = Sequence(); + } + + m_critical = critical ; +} + +void SanExtensionImpl :: extractCertExt () { +} + diff --git a/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.hxx b/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.hxx new file mode 100644 index 000000000..7b4a3f602 --- /dev/null +++ b/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.hxx @@ -0,0 +1,84 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +#ifndef _SANEXTENSION_MSCRYPTIMPL_HXX_ +#define _SANEXTENSION_MSCRYPTIMPL_HXX_ + +#ifdef _MSC_VER +#pragma warning(push,1) +#endif +#include "Windows.h" +#include "WinCrypt.h" +#ifdef _MSC_VER +#pragma warning(pop) +#endif +#include +#include +#include +#include +#include +#include "com/sun/star/uno/SecurityException.hpp" +#include +#include +#include +#include + +class SanExtensionImpl : public ::cppu::WeakImplHelper1< + ::com::sun::star::security::XSanExtension > +{ + private : + sal_Bool m_critical ; + ::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnId ; + ::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnValue ; + + ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > m_Entries; + + public : + SanExtensionImpl() ; + virtual ~SanExtensionImpl() ; + + //Methods from XCertificateExtension + virtual sal_Bool SAL_CALL isCritical() throw( ::com::sun::star::uno::RuntimeException ) ; + + virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getExtensionId() throw( ::com::sun::star::uno::RuntimeException ) ; + + virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getExtensionValue() throw( ::com::sun::star::uno::RuntimeException ) ; + + //Methods from XSanExtension + + virtual ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > SAL_CALL getAlternativeNames() throw( ::com::sun::star::uno::RuntimeException ) ; + + //Helper method + void setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) ; + + void setCertExtn( unsigned char* value, unsigned int vlen, unsigned char* id, unsigned int idlen, sal_Bool critical ) ; + + void extractCertExt() ; +} ; + +#endif // _CERTIFICATEEXTENSION_XMLSECIMPL_HXX_ + diff --git a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.hxx b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.hxx index 5893840e6..091ff94a9 100644 --- a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.hxx +++ b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.hxx @@ -60,6 +60,9 @@ #include #include "xmlsec/xmlsec.h" +#include "sal/types.h" + + class SecurityEnvironment_MSCryptImpl : public ::cppu::WeakImplHelper4< ::com::sun::star::xml::crypto::XSecurityEnvironment , ::com::sun::star::lang::XInitialization , diff --git a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx index 37812899c..52aa314bb 100644 --- a/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx +++ b/xmlsecurity/source/xmlsec/mscrypt/x509certificate_mscryptimpl.cxx @@ -31,6 +31,7 @@ #include #include "x509certificate_mscryptimpl.hxx" #include "certificateextension_xmlsecimpl.hxx" +#include "sanextension_mscryptimpl.hxx" //MM : added by MM #include "oid.hxx" @@ -392,7 +393,13 @@ sal_Int16 SAL_CALL X509Certificate_MSCryptImpl :: getVersion() throw ( ::com::su for( unsigned int i = 0; i < m_pCertContext->pCertInfo->cExtension; i++ ) { pExtn = &(m_pCertContext->pCertInfo->rgExtension[i]) ; - xExtn = new CertificateExtension_XmlSecImpl() ; + + ::rtl::OUString objId = ::rtl::OUString::createFromAscii( pExtn->pszObjId ); + + if ( objId.equalsAscii("2.5.29.17") ) + xExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ; + else + xExtn = new CertificateExtension_XmlSecImpl() ; if( xExtn == NULL ) throw RuntimeException() ; diff --git a/xmlsecurity/source/xmlsec/nss/makefile.mk b/xmlsecurity/source/xmlsec/nss/makefile.mk index 227b6de88..f4ba0bde7 100644 --- a/xmlsecurity/source/xmlsec/nss/makefile.mk +++ b/xmlsecurity/source/xmlsec/nss/makefile.mk @@ -131,7 +131,8 @@ SLOFILES = \ $(SLO)$/x509certificate_nssimpl.obj \ $(SLO)$/seinitializer_nssimpl.obj \ $(SLO)$/xsec_nss.obj \ - $(SLO)$/secerror.obj + $(SLO)$/sanextension_nssimpl.obj \ + $(SLO)$/secerror.obj diff --git a/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.cxx new file mode 100644 index 000000000..4e788afe1 --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.cxx @@ -0,0 +1,254 @@ +/************************************************************************* +* +* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +* +* Copyright 2000, 2010 Oracle and/or its affiliates. +* +* OpenOffice.org - a multi-platform office productivity suite +* +* This file is part of OpenOffice.org. +* +* OpenOffice.org is free software: you can redistribute it and/or modify +* it under the terms of the GNU Lesser General Public License version 3 +* only, as published by the Free Software Foundation. +* +* OpenOffice.org is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU Lesser General Public License version 3 for more details +* (a copy is included in the LICENSE file that accompanied this code). +* +* You should have received a copy of the GNU Lesser General Public License +* version 3 along with OpenOffice.org. If not, see +* +* for a copy of the LGPLv3 License. +* +************************************************************************/ + +// MARKER(update_precomp.py): autogen include statement, do not remove +#include "precompiled_xmlsecurity.hxx" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +#ifndef _SANEXTENSION_NSSIMPL_HXX_ +#include "sanextension_nssimpl.hxx" +#endif + +using namespace ::com::sun::star; +using namespace ::com::sun::star::uno ; +using namespace ::com::sun::star::security ; +using ::rtl::OUString ; + +using ::com::sun::star::security::XCertificateExtension ; + + +SanExtensionImpl :: SanExtensionImpl() : +m_critical( sal_False ) +{ +} + +SanExtensionImpl :: ~SanExtensionImpl() { +} + + +//Methods from XCertificateExtension +sal_Bool SAL_CALL SanExtensionImpl :: isCritical() throw( ::com::sun::star::uno::RuntimeException ) { + return m_critical ; +} + +::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL SanExtensionImpl :: getExtensionId() throw( ::com::sun::star::uno::RuntimeException ) { + return m_xExtnId ; +} + +::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL SanExtensionImpl :: getExtensionValue() throw( ::com::sun::star::uno::RuntimeException ) { + return m_xExtnValue ; +} + +namespace { + // Helper functions from nss/lib/certdb/genname.c + static int GetNamesLength(CERTGeneralName *names) + { + int length = 0; + CERTGeneralName *first; + + first = names; + if (names != NULL) { + do { + length++; + names = CERT_GetNextGeneralName(names); + } while (names != first); + } + return length; + } + + static SECStatus DestroyGeneralName(CERTGeneralName *name) + { + CERTGeneralName *first; + CERTGeneralName *next = NULL; + + first = name; + do { + next = CERT_GetNextGeneralName(name); + PORT_Free(name); + name = next; + } while (name != first); + return SECSuccess; + + } +} + +//Methods from XSanExtension +::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > SAL_CALL SanExtensionImpl :: getAlternativeNames() throw( ::com::sun::star::uno::RuntimeException ){ + + if (!m_Entries.hasElements()) + { + SECItem item; + + item.type = siDERCertBuffer; + item.data = (unsigned char*) m_xExtnValue.getArray(); + item.len = m_xExtnValue.getLength(); + + PRArenaPool *arena; + CERTGeneralName *nameList; + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + + if (!arena) + return m_Entries; + + nameList = CERT_DecodeAltNameExtension(arena, &item); + + CERTGeneralName* current = nameList; + + int size = GetNamesLength(nameList); + CertAltNameEntry* arrCertAltNameEntry = new CertAltNameEntry[size]; + for(int i = 0; i < size ; i++){ + switch (current->type) { + case certOtherName: { + arrCertAltNameEntry[i].Type = ExtAltNameType_OTHER_NAME; + ::com::sun::star::beans::PropertyValue otherNameProp; + otherNameProp.Name = ::rtl::OUString::createFromAscii(CERT_GetOidString(¤t->name.OthName.oid)); + + Sequence< sal_Int8 > otherName( current->name.OthName.name.len ) ; + for( unsigned int r = 0; r < current->name.OthName.name.len ; r ++ ) + otherName[r] = *( current->name.OthName.name.data + r ) ; + + otherNameProp.Value <<= otherName; + + arrCertAltNameEntry[i].Value <<= otherNameProp; + break; + } + case certRFC822Name: + arrCertAltNameEntry[i].Type = ExtAltNameType_RFC822_NAME; + arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Char*)current->name.other.data, current->name.other.len, RTL_TEXTENCODING_ASCII_US); + break; + case certDNSName: + arrCertAltNameEntry[i].Type = ExtAltNameType_DNS_NAME; + arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Char*)current->name.other.data, current->name.other.len, RTL_TEXTENCODING_ASCII_US); + break; + case certX400Address: { + // unsupported + arrCertAltNameEntry[i].Type = ExtAltNameType_X400_ADDRESS; + arrCertAltNameEntry[i].value <<= Any.VOID; + break; + } + case certDirectoryName: { + arrCertAltNameEntry[i].Type = ExtAltNameType_DIRECTORY_NAME; + + char * directoryName = CERT_NameToAscii(¤t->name.directoryName); + + arrCertAltNameEntry[i].Value <<= ::rtl::OUString::createFromAscii(directoryName); + + PORT_Free(directoryName); + break; + } + case certEDIPartyName: { + // unsupported + arrCertAltNameEntry[i].Type = ExtAltNameType_EDI_PARTY_NAME; + arrCertAltNameEntry[i].Value <<= Any.VOID; + break; + } + case certURI: + arrCertAltNameEntry[i].Type = ExtAltNameType_URL; + arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Char*)current->name.other.data, current->name.other.len, RTL_TEXTENCODING_ASCII_US); + break; + case certIPAddress: { + arrCertAltNameEntry[i].Type = ExtAltNameType_IP_ADDRESS; + + Sequence< sal_Int8 > ipAddress( current->name.other.len ) ; + for( unsigned int r = 0; r < current->name.other.len ; r ++ ) + ipAddress[r] = *( current->name.other.data + r ) ; + + arrCertAltNameEntry[i].Value <<= ipAddress; + break; + } + case certRegisterID: + arrCertAltNameEntry[i].Type = ExtAltNameType_REGISTERED_ID; + arrCertAltNameEntry[i].Value <<= ::rtl::OUString::createFromAscii(CERT_GetOidString(¤t->name.other)); + break; + } + + + // break; + + current = CERT_GetNextGeneralName(current); + } + + m_Entries = ::comphelper::arrayToSequence< com::sun::star::security::CertAltNameEntry >(arrCertAltNameEntry, size); + + delete [] arrCertAltNameEntry; + + PORT_FreeArena(arena, PR_FALSE); + + + } + + return m_Entries; +} + +//Helper method +void SanExtensionImpl :: setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) { + m_critical = critical ; + m_xExtnId = extnId ; + m_xExtnValue = extnValue ; +} + +void SanExtensionImpl :: setCertExtn( unsigned char* value, unsigned int vlen, unsigned char* id, unsigned int idlen, sal_Bool critical ) { + unsigned int i ; + if( value != NULL && vlen != 0 ) { + Sequence< sal_Int8 > extnv( vlen ) ; + for( i = 0; i < vlen ; i ++ ) + extnv[i] = *( value + i ) ; + + m_xExtnValue = extnv ; + } else { + m_xExtnValue = Sequence(); + } + + if( id != NULL && idlen != 0 ) { + Sequence< sal_Int8 > extnId( idlen ) ; + for( i = 0; i < idlen ; i ++ ) + extnId[i] = *( id + i ) ; + + m_xExtnId = extnId ; + } else { + m_xExtnId = Sequence(); + } + + m_critical = critical ; +} + +void SanExtensionImpl :: extractCertExt () { +} + diff --git a/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.hxx new file mode 100644 index 000000000..98f8d8da2 --- /dev/null +++ b/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.hxx @@ -0,0 +1,76 @@ +/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +#ifndef _SANEXTENSION_NSSIMPL_HXX_ +#define _SANEXTENSION_NSSIMPL_HXX_ + +#include +#include +#include +#include +#include +#include "com/sun/star/uno/SecurityException.hpp" +#include +#include +#include +#include + +class SanExtensionImpl : public ::cppu::WeakImplHelper1< + ::com::sun::star::security::XSanExtension > +{ + private : + sal_Bool m_critical ; + ::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnId ; + ::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnValue ; + + ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > m_Entries; + + public : + SanExtensionImpl() ; + virtual ~SanExtensionImpl() ; + + //Methods from XCertificateExtension + virtual sal_Bool SAL_CALL isCritical() throw( ::com::sun::star::uno::RuntimeException ) ; + + virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getExtensionId() throw( ::com::sun::star::uno::RuntimeException ) ; + + virtual ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL getExtensionValue() throw( ::com::sun::star::uno::RuntimeException ) ; + + //Methods from XSanExtension + + virtual ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > SAL_CALL getAlternativeNames() throw( ::com::sun::star::uno::RuntimeException ) ; + + //Helper method + void setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) ; + + void setCertExtn( unsigned char* value, unsigned int vlen, unsigned char* id, unsigned int idlen, sal_Bool critical ) ; + + void extractCertExt() ; +} ; + +#endif // _CERTIFICATEEXTENSION_XMLSECIMPL_HXX_ + diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx index 3316730d8..e3cf9a7ad 100644 --- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx @@ -51,6 +51,9 @@ #include "certificateextension_xmlsecimpl.hxx" #endif +#ifndef _SANEXTENSION_NSSIMPL_HXX_ +#include "sanextension_nssimpl.hxx" +#endif using namespace ::com::sun::star::uno ; using namespace ::com::sun::star::security ; @@ -203,12 +206,27 @@ sal_Int16 SAL_CALL X509Certificate_NssImpl :: getVersion() throw ( ::com::sun::s Sequence< Reference< XCertificateExtension > > xExtns( len ) ; for( extns = m_pCert->extensions, len = 0; *extns != NULL; extns ++, len ++ ) { - pExtn = new CertificateExtension_XmlSecImpl() ; + const SECItem id = (*extns)->id; + ::rtl::OString oidString(CERT_GetOidString(&id)); + + // remove "OID." prefix if existing + ::rtl::OString objID; + ::rtl::OString oid("OID."); + if (oidString.match(oid)) + objID = oidString.copy(oid.getLength()); + else + objID = oidString; + + if ( objId.equals("2.5.29.17") ) + pExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ; + else + pExtn = new CertificateExtension_XmlSecImpl() ; + if( (*extns)->critical.data == NULL ) crit = sal_False ; else crit = ( (*extns)->critical.data[0] == 0xFF ) ? sal_True : sal_False ; - pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (*extns)->id.data, (*extns)->id.len, crit ) ; + pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (unsigned char*)objId.getStr(), objId.getLength(), crit ) ; xExtns[len] = pExtn ; } @@ -232,7 +250,12 @@ sal_Int16 SAL_CALL X509Certificate_NssImpl :: getVersion() throw ( ::com::sun::s pExtn = NULL ; for( extns = m_pCert->extensions; *extns != NULL; extns ++ ) { if( SECITEM_CompareItem( &idItem, &(*extns)->id ) == SECEqual ) { - pExtn = new CertificateExtension_XmlSecImpl() ; + const SECItem id = (*extns)->id; + ::rtl::OString objId(CERT_GetOidString(&id)); + if ( objId.equals("OID.2.5.29.17") ) + pExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ; + else + pExtn = new CertificateExtension_XmlSecImpl() ; if( (*extns)->critical.data == NULL ) crit = sal_False ; else diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt b/xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt index 7061a98fa..f6c52e5ac 100755 --- a/xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt +++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/index.txt @@ -32,3 +32,4 @@ V 350113102213Z 101E unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/C V 350113102601Z 101F unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x003\x000\x00<\x00 \x00>\x00#\x00;\x00 \x00"\x00+\x00" V 350113102847Z 1020 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x003\x001\x00 \x00\\x00"\x00a\x00,\x00b\x00"\x00+\x00C\x00N\x00=\x00U\x00S\x00,\x00 \x00>\x00 \x00\\x00\\x00d\x00e\x00 \x00< V 350113104059Z 1021 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=\x00U\x00s\x00e\x00r\x00 \x001\x004\x00 \x00"\x00,\x00m\x00i\x00d\x00d\x00l\x00e\x00 \x00q\x00u\x00o\x00t\x00e +V 111108105139Z 1022 unknown /C=DE/ST=Hamburg/O=OpenOffice.org/OU=Development/CN=User 35 diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1022.pem b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1022.pem new file mode 100644 index 000000000..690260575 --- /dev/null +++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/newcerts/1022.pem @@ -0,0 +1,64 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4130 (0x1022) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11 + Validity + Not Before: Nov 8 10:51:39 2010 GMT + Not After : Nov 8 10:51:39 2011 GMT + Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=User 35 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:9b:36:00:64:f3:ce:93:97:62:19:fa:78:d9:6f: + 92:6a:b9:d2:9a:4e:06:2c:02:52:cd:93:50:84:28: + 19:42:a2:4a:34:e2:cd:e6:b0:39:7a:c8:4d:84:bc: + 71:51:ed:5d:6c:7e:f9:cc:01:5a:4b:73:50:a9:3b: + 5d:ad:cc:89:f7:dc:e0:dd:0a:ff:48:01:a9:34:19: + c0:6a:ee:4b:20:f4:cf:3c:94:c1:ae:88:0f:c9:42: + 1a:a6:47:31:fe:37:04:00:bb:ec:07:5f:cb:ee:70: + c4:c7:7c:6f:ee:03:19:76:de:0b:df:d0:48:91:67: + 55:9b:90:91:f4:ce:56:04:d5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Subject Key Identifier: + 91:47:AC:29:95:5D:EF:72:14:8F:82:45:07:E2:94:49:75:C6:7D:73 + X509v3 Authority Key Identifier: + keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55 + + X509v3 Subject Alternative Name: + DNS:alt.openoffice.org, IP Address:192.168.7.1, IP Address:13:0:0:0:0:0:0:17, email:my@other.address, Registered ID:1.2.3.4, othername:, DirName:/C=DE/O=OpenOffice.org/OU=Development/CN=User 32 Root 11, URI:http://my.url.here/ + Signature Algorithm: sha1WithRSAEncryption + 6e:80:e6:1e:86:3d:d2:65:a6:17:fa:80:2d:2e:dc:85:32:05: + a1:69:82:e1:79:d1:dc:de:69:cd:9e:f0:cc:90:75:a9:45:ee: + 73:46:fe:29:69:c0:99:bb:fc:3a:db:c0:5f:69:c6:b7:ea:9a: + 63:b2:8e:29:2c:a5:5a:88:88:94:75:4b:ab:0a:72:f6:3a:aa: + 5d:6b:3a:5c:b6:9b:57:f5:c1:51:af:df:3c:a6:8a:a3:da:70: + 66:61:49:12:06:78:98:9f:bc:78:3c:43:6d:08:94:aa:32:b6: + f3:cc:af:0d:29:fe:96:47:7d:fe:4a:61:48:90:11:0b:bd:0f: + a0:fd +-----BEGIN CERTIFICATE----- +MIIDajCCAtOgAwIBAgICECIwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx +EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD +VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDExMDgxMDUx +MzlaFw0xMTExMDgxMDUxMzlaMGAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i +dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l +bnQxEDAOBgNVBAMTB1VzZXIgMzUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +AJs2AGTzzpOXYhn6eNlvkmq50ppOBiwCUs2TUIQoGUKiSjTizeawOXrITYS8cVHt +XWx++cwBWktzUKk7Xa3Miffc4N0K/0gBqTQZwGruSyD0zzyUwa6ID8lCGqZHMf43 +BAC77Adfy+5wxMd8b+4DGXbeC9/QSJFnVZuQkfTOVgTVAgMBAAGjggExMIIBLTAL +BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJFHrCmVXe9yFI+CRQfilEl1xn1zMB8GA1Ud +IwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMIHdBgNVHREEgdUwgdKCEmFsdC5v +cGVub2ZmaWNlLm9yZ4cEwKgHAYcQABMAAAAAAAAAAAAAAAAAF4EQbXlAb3RoZXIu +YWRkcmVzc4gDKgMEoB4GAyoDBKAXDBVzb21lIG90aGVyIGlkZW50aWZpZXKkWDBW +MQswCQYDVQQGEwJERTEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT +C0RldmVsb3BtZW50MRgwFgYDVQQDEw9Vc2VyIDMyIFJvb3QgMTGGE2h0dHA6Ly9t +eS51cmwuaGVyZS8wDQYJKoZIhvcNAQEFBQADgYEAboDmHoY90mWmF/qALS7chTIF +oWmC4XnR3N5pzZ7wzJB1qUXuc0b+KWnAmbv8OtvAX2nGt+qaY7KOKSylWoiIlHVL +qwpy9jqqXWs6XLabV/XBUa/fPKaKo9pwZmFJEgZ4mJ+8eDxDbQiUqjK288yvDSn+ +lkd9/kphSJARC70PoP0= +-----END CERTIFICATE----- diff --git a/xmlsecurity/test_docs/CAs/Root_11/demoCA/serial b/xmlsecurity/test_docs/CAs/Root_11/demoCA/serial index c7781419a..b70608fe8 100755 --- a/xmlsecurity/test_docs/CAs/Root_11/demoCA/serial +++ b/xmlsecurity/test_docs/CAs/Root_11/demoCA/serial @@ -1 +1 @@ -1022 +1023 diff --git a/xmlsecurity/test_docs/CAs/Root_11/openssl.cfg b/xmlsecurity/test_docs/CAs/Root_11/openssl.cfg index 8bf98da50..9d98db508 100755 --- a/xmlsecurity/test_docs/CAs/Root_11/openssl.cfg +++ b/xmlsecurity/test_docs/CAs/Root_11/openssl.cfg @@ -178,13 +178,16 @@ authorityKeyIdentifier=keyid,issuer # An alternative to produce certificates that aren't # deprecated according to PKIX. # subjectAltName=email:move -subjectAltName=dirName:dn_subjectAlt -# Copy subject details -# issuerAltName=issuer:copy - - -[dn_subjectAlt] -CN=User 14 Root 11 +subjectAltName=DNS:alt.openoffice.org,IP:192.168.7.1,IP:13::17,email:my@other.address,RID:1.2.3.4,otherName:1.2.3.4;UTF8:some other identifier,dirName:dir_sect,URI:http://my.url.here/ +# Copy subject details +# issuerAltName=issuer:copy + + +[dir_sect] +C=DE +O=OpenOffice.org +OU=Development +CN=User 32 Root 11 [ v3_req ] diff --git a/xmlsecurity/test_docs/certs/end_certs/User_35_Root_11.crt b/xmlsecurity/test_docs/certs/end_certs/User_35_Root_11.crt new file mode 100644 index 000000000..690260575 --- /dev/null +++ b/xmlsecurity/test_docs/certs/end_certs/User_35_Root_11.crt @@ -0,0 +1,64 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4130 (0x1022) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=Root 11 + Validity + Not Before: Nov 8 10:51:39 2010 GMT + Not After : Nov 8 10:51:39 2011 GMT + Subject: C=DE, ST=Hamburg, O=OpenOffice.org, OU=Development, CN=User 35 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:9b:36:00:64:f3:ce:93:97:62:19:fa:78:d9:6f: + 92:6a:b9:d2:9a:4e:06:2c:02:52:cd:93:50:84:28: + 19:42:a2:4a:34:e2:cd:e6:b0:39:7a:c8:4d:84:bc: + 71:51:ed:5d:6c:7e:f9:cc:01:5a:4b:73:50:a9:3b: + 5d:ad:cc:89:f7:dc:e0:dd:0a:ff:48:01:a9:34:19: + c0:6a:ee:4b:20:f4:cf:3c:94:c1:ae:88:0f:c9:42: + 1a:a6:47:31:fe:37:04:00:bb:ec:07:5f:cb:ee:70: + c4:c7:7c:6f:ee:03:19:76:de:0b:df:d0:48:91:67: + 55:9b:90:91:f4:ce:56:04:d5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Subject Key Identifier: + 91:47:AC:29:95:5D:EF:72:14:8F:82:45:07:E2:94:49:75:C6:7D:73 + X509v3 Authority Key Identifier: + keyid:E8:6A:BB:C2:90:EA:6C:70:22:3E:F6:F6:48:1B:03:E6:BE:B7:A6:55 + + X509v3 Subject Alternative Name: + DNS:alt.openoffice.org, IP Address:192.168.7.1, IP Address:13:0:0:0:0:0:0:17, email:my@other.address, Registered ID:1.2.3.4, othername:, DirName:/C=DE/O=OpenOffice.org/OU=Development/CN=User 32 Root 11, URI:http://my.url.here/ + Signature Algorithm: sha1WithRSAEncryption + 6e:80:e6:1e:86:3d:d2:65:a6:17:fa:80:2d:2e:dc:85:32:05: + a1:69:82:e1:79:d1:dc:de:69:cd:9e:f0:cc:90:75:a9:45:ee: + 73:46:fe:29:69:c0:99:bb:fc:3a:db:c0:5f:69:c6:b7:ea:9a: + 63:b2:8e:29:2c:a5:5a:88:88:94:75:4b:ab:0a:72:f6:3a:aa: + 5d:6b:3a:5c:b6:9b:57:f5:c1:51:af:df:3c:a6:8a:a3:da:70: + 66:61:49:12:06:78:98:9f:bc:78:3c:43:6d:08:94:aa:32:b6: + f3:cc:af:0d:29:fe:96:47:7d:fe:4a:61:48:90:11:0b:bd:0f: + a0:fd +-----BEGIN CERTIFICATE----- +MIIDajCCAtOgAwIBAgICECIwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCREUx +EDAOBgNVBAgTB0hhbWJ1cmcxFzAVBgNVBAoTDk9wZW5PZmZpY2Uub3JnMRQwEgYD +VQQLEwtEZXZlbG9wbWVudDEQMA4GA1UEAxMHUm9vdCAxMTAeFw0xMDExMDgxMDUx +MzlaFw0xMTExMDgxMDUxMzlaMGAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1i +dXJnMRcwFQYDVQQKEw5PcGVuT2ZmaWNlLm9yZzEUMBIGA1UECxMLRGV2ZWxvcG1l +bnQxEDAOBgNVBAMTB1VzZXIgMzUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +AJs2AGTzzpOXYhn6eNlvkmq50ppOBiwCUs2TUIQoGUKiSjTizeawOXrITYS8cVHt +XWx++cwBWktzUKk7Xa3Miffc4N0K/0gBqTQZwGruSyD0zzyUwa6ID8lCGqZHMf43 +BAC77Adfy+5wxMd8b+4DGXbeC9/QSJFnVZuQkfTOVgTVAgMBAAGjggExMIIBLTAL +BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJFHrCmVXe9yFI+CRQfilEl1xn1zMB8GA1Ud +IwQYMBaAFOhqu8KQ6mxwIj729kgbA+a+t6ZVMIHdBgNVHREEgdUwgdKCEmFsdC5v +cGVub2ZmaWNlLm9yZ4cEwKgHAYcQABMAAAAAAAAAAAAAAAAAF4EQbXlAb3RoZXIu +YWRkcmVzc4gDKgMEoB4GAyoDBKAXDBVzb21lIG90aGVyIGlkZW50aWZpZXKkWDBW +MQswCQYDVQQGEwJERTEXMBUGA1UEChMOT3Blbk9mZmljZS5vcmcxFDASBgNVBAsT +C0RldmVsb3BtZW50MRgwFgYDVQQDEw9Vc2VyIDMyIFJvb3QgMTGGE2h0dHA6Ly9t +eS51cmwuaGVyZS8wDQYJKoZIhvcNAQEFBQADgYEAboDmHoY90mWmF/qALS7chTIF +oWmC4XnR3N5pzZ7wzJB1qUXuc0b+KWnAmbv8OtvAX2nGt+qaY7KOKSylWoiIlHVL +qwpy9jqqXWs6XLabV/XBUa/fPKaKo9pwZmFJEgZ4mJ+8eDxDbQiUqjK288yvDSn+ +lkd9/kphSJARC70PoP0= +-----END CERTIFICATE----- -- cgit v1.2.3 From 4373b99302077b605c1e1d303c8b3c4e02af1aab Mon Sep 17 00:00:00 2001 From: Tobias Krause Date: Mon, 14 Feb 2011 11:28:12 +0100 Subject: tkr38: fixed broken error text print out if nss init fails (PR_GetErrorText doesn't allow NULL parameter) --- .../source/xmlsec/nss/seinitializer_nssimpl.cxx | 28 ++++++++++++---------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx index 4717b10ba..ce4755100 100644 --- a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx @@ -171,6 +171,19 @@ void deleteRootsModule() } } +namespace{ + void getAndPrintPRErrorText() + { + char error[1024] = "Cannot get error text from function PR_GetErrorText()."; + PRInt32 size = PR_GetErrorTextLength(); + if (size < (int) sizeof(error)) + { + PR_GetErrorText(error); + } + xmlsec_trace("%s",error); + } +} + //Older versions of Firefox (FF), for example FF2, and Thunderbird (TB) 2 write //the roots certificate module (libnssckbi.so), which they use, into the //profile. This module will then already be loaded during NSS_Init (and the @@ -206,11 +219,7 @@ bool nsscrypto_initialize( const char* token, bool & out_nss_init ) if( NSS_InitReadWrite( token ) != SECSuccess ) { xmlsec_trace("Initializing NSS with profile failed."); - char * error = NULL; - - PR_GetErrorText(error); - if (error) - xmlsec_trace("%s",error); + getAndPrintPRErrorText(); return false ; } } @@ -220,10 +229,7 @@ bool nsscrypto_initialize( const char* token, bool & out_nss_init ) if ( NSS_NoDB_Init(NULL) != SECSuccess ) { xmlsec_trace("Initializing NSS without profile failed."); - char * error = NULL; - PR_GetErrorText(error); - if (error) - xmlsec_trace("%s",error); + getAndPrintPRErrorText(); return false ; } } @@ -296,7 +302,6 @@ bool nsscrypto_initialize( const char* token, bool & out_nss_init ) return return_value; } - // must be extern "C" because we pass the function pointer to atexit extern "C" void nsscrypto_finalize() { @@ -410,19 +415,16 @@ cssu::Reference< cssxc::XXMLSecurityContext > SAL_CALL rtl::OUString ouCertDir; - if ( getMozillaCurrentProfile(mxMSF, ouCertDir) ) *pDefaultCertDir = rtl::OString(ouCertDir, ouCertDir.getLength(), RTL_TEXTENCODING_ASCII_US); } sCertDir = *pDefaultCertDir; } - if( ! *initNSS( sCertDir.getStr() ) ) { return NULL; } - pCertHandle = CERT_GetDefaultCertDB() ; try -- cgit v1.2.3 From 8b236c22bc3853d1b80696a88429e655684e22c9 Mon Sep 17 00:00:00 2001 From: Tobias Krause Date: Mon, 14 Feb 2011 11:58:31 +0100 Subject: tkr38: #i112307# fix nss test run and clean up sources --- xmlsecurity/qa/certext/SanCertExt.cxx | 216 +++++++++++++-------- xmlsecurity/qa/certext/makefile.mk | 130 ++----------- .../xmlsec/mscrypt/sanextension_mscryptimpl.cxx | 6 - .../source/xmlsec/nss/sanextension_nssimpl.cxx | 44 ++--- .../source/xmlsec/nss/sanextension_nssimpl.hxx | 3 +- .../source/xmlsec/nss/x509certificate_nssimpl.cxx | 4 +- 6 files changed, 168 insertions(+), 235 deletions(-) diff --git a/xmlsecurity/qa/certext/SanCertExt.cxx b/xmlsecurity/qa/certext/SanCertExt.cxx index 83477d39b..43b342006 100644 --- a/xmlsecurity/qa/certext/SanCertExt.cxx +++ b/xmlsecurity/qa/certext/SanCertExt.cxx @@ -27,15 +27,18 @@ #include "precompiled_xmlsecurity.hxx" #include "sal/config.h" +#include "test/officeconnection.hxx" -#include "../../source/xmlsec/mscrypt/securityenvironment_mscryptimpl.hxx" #include #include #include +#include #include #include #include #include +#include "com/sun/star/uno/XComponentContext.hpp" +#include "com/sun/star/uno/Reference.hxx" #include "cppuhelper/bootstrap.hxx" #include "cppunit/TestAssert.h" @@ -49,49 +52,138 @@ #include using namespace com::sun::star; -using ::com::sun::star::lang::XMultiServiceFactory; #define OID_SUBJECT_ALTERNATIVE_NAME "2.5.29.17" +#define SEINITIALIZER_COMPONENT "com.sun.star.xml.crypto.SEInitializer" + namespace { -class Test: public CppUnit::TestFixture { + class Test: public CppUnit::TestFixture { -private: + private: + static uno::Sequence< security::CertAltNameEntry > altNames; + static bool runOnce; - static uno::Sequence< security::CertAltNameEntry > altNames; + uno::Reference< xml::crypto::XSecurityEnvironment > initUno(); + void init(); + rtl::OString getB64CertFromFile(const char filename[]); + test::OfficeConnection connection_; - void init(){ - if (altNames.getLength() == 0){ - cppu::defaultBootstrap_InitialComponentContext(); - ne_ssl_certificate* cert = ne_ssl_cert_read("User_35_Root_11.crt"); - char* certExportB64 = ne_ssl_cert_export(cert); + public: - uno::Reference< xml::crypto::XSecurityEnvironment > xSecurityEnv( new SecurityEnvironment_MSCryptImpl( uno::Reference< XMultiServiceFactory >() ) ); - - uno::Reference< security::XCertificate > xCert = xSecurityEnv->createCertificateFromAscii( - rtl::OStringToOUString( certExportB64, RTL_TEXTENCODING_ASCII_US ) ); + Test(); - uno::Sequence< uno::Reference< security::XCertificateExtension > > extensions = xCert->getExtensions(); - for (sal_Int32 i = 0 ; i < extensions.getLength(); i++) - { - uno::Reference< security::XCertificateExtension >element = extensions[i]; + ~Test(); - rtl::OString aId ( (const sal_Char *)element->getExtensionId().getArray(), element->getExtensionId().getLength()); - if (aId.equals(OID_SUBJECT_ALTERNATIVE_NAME)) - { - uno::Reference< security::XSanExtension > sanExtension ( element, uno::UNO_QUERY ); - altNames = sanExtension->getAlternativeNames(); - break; - } + virtual void setUp(); + + virtual void tearDown(); + + void test_Others(); + + void test_RFC822(); + + void test_DNS(); + + void test_Direcory(); + + void test_URI(); + + void test_IP(); + + void test_RID(); + + void test_EDI(); + + void test_X400(); + + CPPUNIT_TEST_SUITE(Test); + CPPUNIT_TEST(test_Others); + CPPUNIT_TEST(test_RFC822); + CPPUNIT_TEST(test_DNS); + CPPUNIT_TEST(test_Direcory); + CPPUNIT_TEST(test_URI); + CPPUNIT_TEST(test_IP); + CPPUNIT_TEST(test_RID); + CPPUNIT_TEST(test_EDI); + CPPUNIT_TEST(test_X400); + CPPUNIT_TEST_SUITE_END(); + }; + + uno::Sequence< security::CertAltNameEntry > Test::altNames; + bool Test::runOnce = false; + + CPPUNIT_TEST_SUITE_REGISTRATION(Test); + + Test::Test() + { + if (runOnce) + return; + runOnce = true; + connection_.setUp(); + init(); + } + + Test::~Test() + { + if (runOnce) + { + connection_.tearDown(); + runOnce = false; + } + } + + + uno::Reference< xml::crypto::XSecurityEnvironment > Test::initUno() + { + uno::Reference< uno::XComponentContext > context(connection_.getComponentContext(), uno::UNO_QUERY_THROW); + uno::Reference< lang::XMultiServiceFactory > factory(context->getServiceManager(), uno::UNO_QUERY_THROW); + uno::Reference< xml::crypto::XSEInitializer > xSEInitializer(factory->createInstance( + rtl::OUString::createFromAscii( SEINITIALIZER_COMPONENT )), uno::UNO_QUERY_THROW); + uno::Reference< xml::crypto::XXMLSecurityContext > xSecurityContext( + xSEInitializer->createSecurityContext(rtl::OUString())); + return xSecurityContext->getSecurityEnvironment(); + } + + + void Test::init() + { + uno::Reference< xml::crypto::XSecurityEnvironment > xSecurityEnv = initUno(); + rtl::OString b64Cert(getB64CertFromFile("User_35_Root_11.crt")); + uno::Reference< security::XCertificate > xCert = xSecurityEnv->createCertificateFromAscii( + rtl::OStringToOUString( b64Cert, RTL_TEXTENCODING_ASCII_US ) ); + uno::Sequence< uno::Reference< security::XCertificateExtension > > extensions = xCert->getExtensions(); + for (sal_Int32 i = 0 ; i < extensions.getLength(); i++) + { + uno::Reference< security::XCertificateExtension >element = extensions[i]; + rtl::OString aId ( (const sal_Char *)element->getExtensionId().getArray(), element->getExtensionId().getLength()); + if (aId.equals(OID_SUBJECT_ALTERNATIVE_NAME)) + { + uno::Reference< security::XSanExtension > sanExtension ( element, uno::UNO_QUERY ); + altNames = sanExtension->getAlternativeNames(); + break; } } + } + rtl::OString Test::getB64CertFromFile(const char filename[]) + { + ne_ssl_certificate* cert = ne_ssl_cert_read(filename); + char* certExportB64 = ne_ssl_cert_export(cert); + rtl::OString certB64( certExportB64 ); + return certB64; } -public: - void test_Others() { - init(); + + void Test::setUp() { + } + + void Test::tearDown() { + } + + void Test::test_Others() { + CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( altNames.getLength() > 0 ) ); for(int n = 1; n < altNames.getLength(); n++) { if (altNames[n].Type == security::ExtAltNameType_OTHER_NAME) @@ -99,10 +191,7 @@ public: ::com::sun::star::beans::NamedValue otherNameProp; if (altNames[n].Value >>= otherNameProp) { - //Name CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("1.2.3.4"), otherNameProp.Name); - - //Value uno::Sequence< sal_Int8 > ipAddress; otherNameProp.Value >>= ipAddress; CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( ipAddress.getLength() > 0 ) ); @@ -111,117 +200,82 @@ public: } } - void test_RFC822() { - init(); + void Test::test_RFC822() { + CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( altNames.getLength() > 0 ) ); for(int n = 1; n < altNames.getLength(); n++) { if (altNames[n].Type == security::ExtAltNameType_RFC822_NAME) { rtl::OUString value; altNames[n].Value >>= value; - //Value CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("my@other.address"), value); } } } - void test_DNS() { - init(); + void Test::test_DNS() { + CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( altNames.getLength() > 0 ) ); for(int n = 1; n < altNames.getLength(); n++) { if (altNames[n].Type == security::ExtAltNameType_DNS_NAME) { rtl::OUString value; altNames[n].Value >>= value; - //Value CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("alt.openoffice.org"), value); } } } - void test_Direcory() { - init(); - for(int n = 1; n < altNames.getLength(); n++) - { - if (altNames[n].Type == security::ExtAltNameType_DIRECTORY_NAME) - { - uno::Sequence< sal_Int8 > value; - altNames[n].Value >>= value; - //Value - CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( value.getLength() > 0 ) ); - } - } + void Test::test_Direcory() { + // Not implemented } - void test_URI() { - init(); + void Test::test_URI() { + CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( altNames.getLength() > 0 ) ); for(int n = 1; n < altNames.getLength(); n++) { if (altNames[n].Type == security::ExtAltNameType_URL) { rtl::OUString value; altNames[n].Value >>= value; - //Value CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("http://my.url.here/"), value); } } } - void test_IP() { - init(); + void Test::test_IP() { + CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( altNames.getLength() > 0 ) ); for(int n = 1; n < altNames.getLength(); n++) { if (altNames[n].Type == security::ExtAltNameType_IP_ADDRESS) { uno::Sequence< sal_Int8 > ipAddress; altNames[n].Value >>= ipAddress; - //Value CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( ipAddress.getLength() > 0 ) ); } } } - void test_RID() { - init(); + void Test::test_RID() { + CPPUNIT_ASSERT_ASSERTION_PASS( CPPUNIT_ASSERT( altNames.getLength() > 0 ) ); for(int n = 1; n < altNames.getLength(); n++) { if (altNames[n].Type == security::ExtAltNameType_REGISTERED_ID) { rtl::OUString value; altNames[n].Value >>= value; - //Value - CPPUNIT_ASSERT_EQUAL( rtl::OUString::createFromAscii("1.2.3.4"), value); + CPPUNIT_ASSERT( rtl::OUString::createFromAscii("1.2.3.4").equals(value)); } } - } - void test_EDI() { + void Test::test_EDI() { // Not implemented } - void test_X400() { + void Test::test_X400() { // Not implemented } - - CPPUNIT_TEST_SUITE(Test); - CPPUNIT_TEST(test_Others); - CPPUNIT_TEST(test_RFC822); - CPPUNIT_TEST(test_DNS); - CPPUNIT_TEST(test_Direcory); - CPPUNIT_TEST(test_URI); - CPPUNIT_TEST(test_IP); - CPPUNIT_TEST(test_RID); - CPPUNIT_TEST(test_EDI); - CPPUNIT_TEST(test_X400); - CPPUNIT_TEST_SUITE_END(); -}; - -uno::Sequence< security::CertAltNameEntry > Test::altNames; - -CPPUNIT_TEST_SUITE_REGISTRATION(Test); - } - CPPUNIT_PLUGIN_IMPLEMENT(); diff --git a/xmlsecurity/qa/certext/makefile.mk b/xmlsecurity/qa/certext/makefile.mk index 36ebb9549..8cf90b4b4 100644 --- a/xmlsecurity/qa/certext/makefile.mk +++ b/xmlsecurity/qa/certext/makefile.mk @@ -24,6 +24,9 @@ # for a copy of the LGPLv3 License. # #***********************************************************************/ +.IF "$(OOO_SUBSEQUENT_TESTS)" == "" +nothing .PHONY: +.ELSE PRJ = ../.. PRJNAME = xmlsecurity @@ -31,85 +34,9 @@ TARGET = qa_certext ENABLE_EXCEPTIONS = TRUE -.IF "$(OS)" == "WNT" -my_file = file:/// -.ELSE -my_file = file:// -.END - - .INCLUDE: settings.mk .INCLUDE : $(PRJ)$/util$/target.pmk -.IF "$(SYSTEM_LIBXML)" == "YES" -CFLAGS+=-DSYSTEM_LIBXML $(LIBXML_CFLAGS) -.ENDIF - -.IF "$(CRYPTO_ENGINE)" == "nss" - -.IF "$(WITH_MOZILLA)" == "NO" || "$(ENABLE_NSS_MODULE)"!="YES" -.IF "$(SYSTEM_MOZILLA)" != "YES" -@all: - @echo "No mozilla -> no nss -> no libxmlsec -> no xmlsecurity/nss" -.ENDIF -.ENDIF - -.IF "$(SYSTEM_MOZILLA)" != "YES" -MOZ_INC = $(SOLARVERSION)$/$(INPATH)$/inc$(UPDMINOREXT)$/mozilla -NSS_INC = $(MOZ_INC)$/nss -NSPR_INC = $(MOZ_INC)$/nspr -.ELSE -# MOZ_INC already defined from environment -NSS_INC = $(MOZ_NSS_CFLAGS) -NSPR_INC = $(MOZ_INC)$/nspr -.ENDIF - -.IF "$(GUI)"=="UNX" -.IF "$(COMNAME)"=="sunpro5" -CFLAGS += -features=tmplife -#This flag is needed to build mozilla 1.7 code -.ENDIF # "$(COMNAME)"=="sunpro5" -.ENDIF - -.IF "$(GUI)" == "WNT" -.IF "$(DBG_LEVEL)" == "0" -INCPRE += \ --I$(MOZ_INC)$/profile \ --I$(MOZ_INC)$/string \ --I$(MOZ_INC)$/embed_base -CFLAGS += -GR- -W3 -Gy -MD -UDEBUG -.ELSE -INCPRE += \ --I$(MOZ_INC)$/profile \ --I$(MOZ_INC)$/string \ --I$(MOZ_INC)$/embed_base -CFLAGS += -Zi -GR- -W3 -Gy -MDd -UNDEBUG -.ENDIF -.ENDIF -.IF "$(GUI)" == "UNX" -INCPOST += \ -$(MOZ_INC)$/profile \ --I$(MOZ_INC)$/string \ --I$(MOZ_INC)$/embed_base -.ENDIF - -CDEFS += -DXMLSEC_CRYPTO_NSS -DXMLSEC_NO_XSLT - -SOLARINC += \ - -I$(MOZ_INC) \ --I$(NSPR_INC) \ --I$(PRJ)$/source$/xmlsec - -.IF "$(SYSTEM_MOZILLA)" == "YES" -SOLARINC += -DSYSTEM_MOZILLA $(NSS_INC) -.ELSE -SOLARINC += -I$(NSS_INC) -.ENDIF -.ENDIF - - - - CFLAGSCXX += $(CPPUNIT_CFLAGS) SHL1IMPLIB = i$(SHL1TARGET) @@ -123,44 +50,8 @@ SHL1STDLIBS = $(CPPUNITLIB) \ $(CPPUHELPERLIB) \ $(SVLLIB) \ $(TOOLSLIB) \ - $(COMPHELPERLIB) - - - -.IF "$(OS)"=="SOLARIS" -SHL1STDLIBS +=-ldl -.ENDIF - -.IF "$(SYSTEM_MOZILLA)" == "YES" -.IF "$(NSPR_LIB)" != "" -SHL1STDLIBS += $(NSPR_LIB) -.ENDIF -.IF "$(NSS_LIB)" != "" -SHL1STDLIBS += $(NSS_LIB) -.ENDIF -.ENDIF - -.IF "$(CRYPTO_ENGINE)" == "mscrypto" -SHL1STDLIBS+= $(MSCRYPTOLIBS) -.ELSE -CDEFS += -DNSS_ENGINE -SHL1STDLIBS+= $(NSSCRYPTOLIBS) -.ENDIF - -.IF "$(ENABLE_NSS_MODULE)"=="YES" || "$(SYSTEM_MOZILLA)" == "YES" - -SHL1LIBS= \ - $(SLB)$/xs_comm.lib - -.IF "$(CRYPTO_ENGINE)" == "mscrypto" -SHL1LIBS += \ - $(SLB)$/xs_mscrypt.lib -.ELSE -SHL1LIBS += \ - $(SLB)$/xs_nss.lib -.ENDIF - -.ENDIF + $(COMPHELPERLIB) \ + $(TESTLIB) SHL1TARGET = qa_CertExt SHL1VERSIONMAP = $(PRJ)/qa/certext/export.map @@ -169,9 +60,12 @@ DEF1NAME = $(SHL1TARGET) SLOFILES = $(SLO)/SanCertExt.obj .INCLUDE: target.mk +.INCLUDE: installationtest.mk + +ALLTAR : cpptest + +cpptest : $(SHL1TARGETN) -ALLTAR : test +CPPTEST_LIBRARY = $(SHL1TARGETN) -test .PHONY : $(SHL1TARGETN) - $(CPPUNITTESTER) $(SHL1TARGETN) \ - -env:UNO_TYPES=$(my_file)$(SOLARBINDIR)/types.rdb +.END \ No newline at end of file diff --git a/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx index fa25f9d76..139e1b50a 100644 --- a/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx +++ b/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx @@ -114,12 +114,6 @@ sal_Bool SAL_CALL SanExtensionImpl :: isCritical() throw( ::com::sun::star::uno: case CERT_ALT_NAME_DIRECTORY_NAME : { arrCertAltNameEntry[i].Type = ExtAltNameType_DIRECTORY_NAME; - - Sequence< sal_Int8 > directoryName( pEntry->DirectoryName.cbData ) ; - for( unsigned int n = 0; n < pEntry->DirectoryName.cbData ; n++ ) - directoryName[n] = *( pEntry->DirectoryName.pbData + n ) ; - - arrCertAltNameEntry[i].Value <<= directoryName; break; } case CERT_ALT_NAME_URL : diff --git a/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.cxx index 4e788afe1..e15bc0c86 100644 --- a/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.cxx @@ -93,20 +93,6 @@ namespace { return length; } - static SECStatus DestroyGeneralName(CERTGeneralName *name) - { - CERTGeneralName *first; - CERTGeneralName *next = NULL; - - first = name; - do { - next = CERT_GetNextGeneralName(name); - PORT_Free(name); - name = next; - } while (name != first); - return SECSuccess; - - } } //Methods from XSanExtension @@ -160,23 +146,16 @@ namespace { case certX400Address: { // unsupported arrCertAltNameEntry[i].Type = ExtAltNameType_X400_ADDRESS; - arrCertAltNameEntry[i].value <<= Any.VOID; break; } case certDirectoryName: { + // unsupported arrCertAltNameEntry[i].Type = ExtAltNameType_DIRECTORY_NAME; - - char * directoryName = CERT_NameToAscii(¤t->name.directoryName); - - arrCertAltNameEntry[i].Value <<= ::rtl::OUString::createFromAscii(directoryName); - - PORT_Free(directoryName); break; } case certEDIPartyName: { // unsupported arrCertAltNameEntry[i].Type = ExtAltNameType_EDI_PARTY_NAME; - arrCertAltNameEntry[i].Value <<= Any.VOID; break; } case certURI: @@ -195,13 +174,13 @@ namespace { } case certRegisterID: arrCertAltNameEntry[i].Type = ExtAltNameType_REGISTERED_ID; - arrCertAltNameEntry[i].Value <<= ::rtl::OUString::createFromAscii(CERT_GetOidString(¤t->name.other)); - break; - } - // break; - + rtl::OString nssOid = ::rtl::OString(CERT_GetOidString(¤t->name.other)); + rtl::OString unoOid = removeOIDFromString(nssOid); + arrCertAltNameEntry[i].Value <<= rtl::OStringToOUString( unoOid, RTL_TEXTENCODING_ASCII_US ); + break; + } current = CERT_GetNextGeneralName(current); } @@ -217,6 +196,17 @@ namespace { return m_Entries; } +::rtl::OString SanExtensionImpl :: removeOIDFromString( const ::rtl::OString &oidString) + { + ::rtl::OString objID; + ::rtl::OString oid("OID."); + if (oidString.match(oid)) + objID = oidString.copy(oid.getLength()); + else + objID = oidString; + return objID; + + } //Helper method void SanExtensionImpl :: setCertExtn( ::com::sun::star::uno::Sequence< sal_Int8 > extnId, ::com::sun::star::uno::Sequence< sal_Int8 > extnValue, sal_Bool critical ) { m_critical = critical ; diff --git a/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.hxx b/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.hxx index 98f8d8da2..ccfe727a1 100644 --- a/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.hxx +++ b/xmlsecurity/source/xmlsec/nss/sanextension_nssimpl.hxx @@ -46,9 +46,10 @@ class SanExtensionImpl : public ::cppu::WeakImplHelper1< sal_Bool m_critical ; ::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnId ; ::com::sun::star::uno::Sequence< sal_Int8 > m_xExtnValue ; - ::com::sun::star::uno::Sequence< com::sun::star::security::CertAltNameEntry > m_Entries; + ::rtl::OString removeOIDFromString( const ::rtl::OString &oid); + public : SanExtensionImpl() ; virtual ~SanExtensionImpl() ; diff --git a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx index e3cf9a7ad..8ebdfd808 100644 --- a/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx @@ -217,7 +217,7 @@ sal_Int16 SAL_CALL X509Certificate_NssImpl :: getVersion() throw ( ::com::sun::s else objID = oidString; - if ( objId.equals("2.5.29.17") ) + if ( objID.equals("2.5.29.17") ) pExtn = (CertificateExtension_XmlSecImpl*) new SanExtensionImpl() ; else pExtn = new CertificateExtension_XmlSecImpl() ; @@ -226,7 +226,7 @@ sal_Int16 SAL_CALL X509Certificate_NssImpl :: getVersion() throw ( ::com::sun::s crit = sal_False ; else crit = ( (*extns)->critical.data[0] == 0xFF ) ? sal_True : sal_False ; - pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (unsigned char*)objId.getStr(), objId.getLength(), crit ) ; + pExtn->setCertExtn( (*extns)->value.data, (*extns)->value.len, (unsigned char*)objID.getStr(), objID.getLength(), crit ) ; xExtns[len] = pExtn ; } -- cgit v1.2.3 From b5a7f1f929c677b52739afb6669d8e8be5217cf5 Mon Sep 17 00:00:00 2001 From: Tobias Krause Date: Tue, 22 Feb 2011 10:17:34 +0100 Subject: tkr38: #i112307# build errors on mingw fixed --- xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx index 139e1b50a..0a447280d 100644 --- a/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx +++ b/xmlsecurity/source/xmlsec/mscrypt/sanextension_mscryptimpl.cxx @@ -105,11 +105,11 @@ sal_Bool SAL_CALL SanExtensionImpl :: isCritical() throw( ::com::sun::star::uno: } case CERT_ALT_NAME_RFC822_NAME : arrCertAltNameEntry[i].Type = ExtAltNameType_RFC822_NAME; - arrCertAltNameEntry[i].Value <<= ::rtl::OUString(pEntry->pwszRfc822Name); + arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Unicode*)pEntry->pwszRfc822Name); break; case CERT_ALT_NAME_DNS_NAME : arrCertAltNameEntry[i].Type = ExtAltNameType_DNS_NAME; - arrCertAltNameEntry[i].Value <<= ::rtl::OUString(pEntry->pwszDNSName); + arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Unicode*)pEntry->pwszDNSName); break; case CERT_ALT_NAME_DIRECTORY_NAME : { @@ -118,7 +118,7 @@ sal_Bool SAL_CALL SanExtensionImpl :: isCritical() throw( ::com::sun::star::uno: } case CERT_ALT_NAME_URL : arrCertAltNameEntry[i].Type = ExtAltNameType_URL; - arrCertAltNameEntry[i].Value <<= ::rtl::OUString(pEntry->pwszURL); + arrCertAltNameEntry[i].Value <<= ::rtl::OUString((const sal_Unicode*)pEntry->pwszURL); break; case CERT_ALT_NAME_IP_ADDRESS : { -- cgit v1.2.3