31#include <rtl/ustrbuf.hxx>
43using ::css::util::DateTime;
52 CERT_DestroyCertificate(
m_pCert ) ;
59 if(
m_pCert->version.len > 0 ) {
60 return static_cast<char>(*(
m_pCert->version.data )) ;
70 return comphelper::arrayToSequence<sal_Int8>(
m_pCert->serialNumber.data,
73 return css::uno::Sequence< sal_Int8 >();
79 return OUString(
m_pCert->issuerName , PL_strlen(
m_pCert->issuerName) , RTL_TEXTENCODING_UTF8) ;
87 return OUString(
m_pCert->subjectName , PL_strlen(
m_pCert->subjectName) , RTL_TEXTENCODING_UTF8);
97 PRExplodedTime explTime ;
100 rv = DER_DecodeTimeChoice( ¬Before, &
m_pCert->validity.notBefore ) ;
101 if( rv != SECStatus::SECSuccess ) {
106 PR_ExplodeTime( notBefore, PR_LocalTimeParameters, &explTime ) ;
109 dateTime.Seconds =
static_cast< sal_Int16
>( explTime.tm_sec );
110 dateTime.Minutes =
static_cast< sal_Int16
>( explTime.tm_min );
111 dateTime.Hours =
static_cast< sal_Int16
>( explTime.tm_hour );
112 dateTime.Day =
static_cast< sal_Int16
>( explTime.tm_mday );
113 dateTime.Month =
static_cast< sal_Int16
>( explTime.tm_month+1 );
114 dateTime.Year =
static_cast< sal_Int16
>( explTime.tm_year );
126 PRExplodedTime explTime ;
129 rv = DER_DecodeTimeChoice( ¬After, &
m_pCert->validity.notAfter ) ;
130 if( rv != SECStatus::SECSuccess ) {
135 PR_ExplodeTime( notAfter, PR_LocalTimeParameters, &explTime ) ;
138 dateTime.Seconds =
static_cast< sal_Int16
>( explTime.tm_sec );
139 dateTime.Minutes =
static_cast< sal_Int16
>( explTime.tm_min );
140 dateTime.Hours =
static_cast< sal_Int16
>( explTime.tm_hour );
141 dateTime.Day =
static_cast< sal_Int16
>( explTime.tm_mday );
142 dateTime.Month =
static_cast< sal_Int16
>( explTime.tm_month+1 );
143 dateTime.Year =
static_cast< sal_Int16
>( explTime.tm_year );
153 return comphelper::arrayToSequence<sal_Int8>(
m_pCert->issuerID.data,
m_pCert->issuerID.len) ;
155 return css::uno::Sequence< sal_Int8 >();
161 return comphelper::arrayToSequence<sal_Int8>(
m_pCert->subjectID.data,
164 return css::uno::Sequence< sal_Int8 >();
170 CERTCertExtension** extns ;
173 for( len = 0, extns =
m_pCert->extensions; *extns !=
nullptr; len ++, extns ++ ) ;
174 css::uno::Sequence< css::uno::Reference< css::security::XCertificateExtension > > xExtns( len ) ;
175 auto xExtnsRange = asNonConstRange(xExtns);
177 for( extns =
m_pCert->extensions, len = 0; *extns !=
nullptr; extns ++, len ++ ) {
178 const SECItem
id = (*extns)->id;
179 OString oidString(CERT_GetOidString(&
id));
182 if( (*extns)->critical.data ==
nullptr )
185 crit = (*extns)->critical.data[0] == 0xFF;
189 constexpr std::string_view oid(
"OID.");
190 if (oidString.match(oid))
191 objID = oidString.copy(oid.size());
195 unsigned char*
value = (*extns)->value.data;
196 unsigned int vlen = (*extns)->value.len;
197 unsigned char* objid =
reinterpret_cast<unsigned char *
>(
const_cast<char *
>(objID.getStr()));
198 unsigned int objidlen = objID.getLength();
200 if (objID ==
"2.5.29.17")
203 pExtn->setCertExtn(
value, vlen, objid, objidlen, crit);
204 xExtnsRange[len] = pExtn ;
209 pExtn->setCertExtn(
value, vlen, objid, objidlen, crit);
210 xExtnsRange[len] = pExtn;
216 return css::uno::Sequence< css::uno::Reference< css::security::XCertificateExtension > > ();
222 CERTCertExtension** extns ;
225 idItem.data =
reinterpret_cast<unsigned char *
>(
const_cast<sal_Int8 *
>(oid.getConstArray()));
226 idItem.len = oid.getLength() ;
228 css::uno::Reference<css::security::XCertificateExtension> xExtn;
229 for( extns =
m_pCert->extensions; *extns !=
nullptr; extns ++ ) {
230 if( SECITEM_CompareItem( &idItem, &(*extns)->id ) == SECEqual ) {
231 const SECItem
id = (*extns)->id;
232 OString objId(CERT_GetOidString(&
id));
235 if( (*extns)->critical.data ==
nullptr )
238 crit = (*extns)->critical.data[0] == 0xFF;
240 unsigned char*
value = (*extns)->value.data;
241 unsigned int vlen = (*extns)->value.len;
242 unsigned char* objid = (*extns)->id.data;
243 unsigned int objidlen = (*extns)->id.len;
245 if ( objId ==
"OID.2.5.29.17" )
249 xSanImpl->setCertExtn(
value, vlen, objid, objidlen, crit);
250 xExtn = xSanImpl.get();
256 xSecImpl->setCertExtn(
value, vlen, objid, objidlen, crit);
257 xExtn = xSecImpl.get();
272 return comphelper::arrayToSequence<sal_Int8>(
m_pCert->derCert.data,
m_pCert->derCert.len) ;
274 return css::uno::Sequence< sal_Int8 >();
281 CERT_DestroyCertificate(
m_pCert ) ;
285 if( cert !=
nullptr ) {
286 m_pCert = CERT_DupCertificate( cert ) ;
299 CERTCertificate* cert ;
302 certItem.data =
reinterpret_cast<unsigned char *
>(
const_cast<sal_Int8 *
>(rawCert.getConstArray()));
303 certItem.len = rawCert.getLength() ;
306 if( cert ==
nullptr )
307 throw css::uno::RuntimeException() ;
310 CERT_DestroyCertificate(
m_pCert ) ;
321 SECKEYPrivateKey* pPrivateKey = PK11_FindPrivateKeyFromCert(
m_pCert->slot,
m_pCert,
nullptr);
324 pPrivateKey = PK11_FindKeyByDERCert(
m_pCert->slot,
m_pCert,
nullptr);
327 SAL_INFO(
"xmlsecurity.xmlsec",
"fallback from PK11_FindPrivateKeyFromCert to PK11_FindKeyByDERCert needed");
330 SAL_WARN(
"xmlsecurity.xmlsec",
"X509Certificate_NssImpl::getPrivateKey() cannot find private key");
338 tag = SECOID_GetAlgorithmTag(aid);
340 const char *pDesc = SECOID_FindOIDTagDescription(tag);
342 return OUString::createFromAscii( pDesc ) ;
345static css::uno::Sequence< sal_Int8 >
getThumbprint(CERTCertificate
const *pCert, SECOidTag
id)
347 if( pCert !=
nullptr )
350 unsigned char fingerprint[32];
367 memset(fingerprint, 0,
sizeof fingerprint);
368 rv = PK11_HashBuf(
id, fingerprint, pCert->derCert.data, pCert->derCert.len);
369 if(rv == SECStatus::SECSuccess)
371 return comphelper::arrayToSequence<sal_Int8>(fingerprint,
length);
374 return css::uno::Sequence< sal_Int8 >();
393 SECItem spk =
m_pCert->subjectPublicKeyInfo.subjectPublicKey;
394 DER_ConvertBitString(&spk);
398 return comphelper::arrayToSequence<sal_Int8>(spk.data, spk.len) ;
402 return css::uno::Sequence< sal_Int8 >();
424 SECOidTag eTag = SECOID_GetAlgorithmTag(&
m_pCert->subjectPublicKeyInfo.algorithm);
425 if (eTag == SEC_OID_ANSIX962_EC_PUBLIC_KEY)
448 return css::security::CertificateKind_X509;
457 rv = CERT_FindKeyUsageExtension(
m_pCert, &tmpitem);
458 if ( rv == SECStatus::SECSuccess )
460 usage = tmpitem.data[0];
461 PORT_Free(tmpitem.data);
462 tmpitem.data =
nullptr;
486 return "com.sun.star.xml.security.gpg.XCertificate_NssImpl";
506 OUStringBuffer buf(rDN.size());
508 for (
size_t i = 0;
i < rDN.size(); ++
i)
515 if (rDN.size() ==
i+1)
519 else if (rDN[
i+1] ==
'"')
521 buf.append(rDN[
i+1]);
531 else if (state == INVALUE)
533 if (rDN[
i] ==
'+' || rDN[
i] ==
',' || rDN[
i] ==
';')
541 assert(state == INQUOTE);
544 if (rDN.size() !=
i+1 && rDN[
i+1] ==
'"')
546 buf.append(OUString::Concat(
"\\") + OUStringChar(rDN[
i+1]));
561 return buf.makeStringAndClear();
565 std::u16string_view
const rName1, std::u16string_view
const rName2,
568 if (eMode ==
COMPAT_BOTH && !rName1.empty() && rName1 == rName2)
572 CERTName *
const pName1(CERT_AsciiToName(
OUStringToOString(rName1, RTL_TEXTENCODING_UTF8).getStr()));
573 if (pName1 ==
nullptr)
577 CERTName *
const pName2(CERT_AsciiToName(
OUStringToOString(rName2, RTL_TEXTENCODING_UTF8).getStr()));
581 ret = (CERT_CompareName(pName1, pName2) == SECEqual);
582 CERT_DestroyName(pName2);
588 if (pName2Compat ==
nullptr)
590 CERT_DestroyName(pName1);
593 ret = CERT_CompareName(pName1, pName2Compat) == SECEqual;
594 CERT_DestroyName(pName2Compat);
596 CERT_DestroyName(pName1);
virtual svl::crypto::SignatureMethodAlgorithm getSignatureMethodAlgorithm() override
void setRawCert(const css::uno::Sequence< sal_Int8 > &rawCert)
void setCert(CERTCertificate *cert)
virtual ~X509Certificate_NssImpl() override
SECKEYPrivateKey * getPrivateKey()
virtual css::uno::Sequence< css::uno::Reference< css::security::XCertificateExtension > > SAL_CALL getExtensions() override
virtual css::uno::Reference< css::security::XCertificateExtension > SAL_CALL findCertificateExtension(const css::uno::Sequence< sal_Int8 > &oid) override
virtual css::uno::Sequence< sal_Int8 > SAL_CALL getMD5Thumbprint() override
X509Certificate_NssImpl()
virtual css::uno::Sequence< sal_Int8 > SAL_CALL getSubjectUniqueID() override
virtual OUString SAL_CALL getImplementationName() override
const CERTCertificate * getNssCert() const
virtual sal_Int32 SAL_CALL getCertificateUsage() override
virtual css::uno::Sequence< sal_Int8 > getSHA256Thumbprint() override
virtual css::util::DateTime SAL_CALL getNotValidBefore() override
virtual css::util::DateTime SAL_CALL getNotValidAfter() override
virtual OUString SAL_CALL getSubjectPublicKeyAlgorithm() override
virtual css::uno::Sequence< sal_Int8 > SAL_CALL getEncoded() override
virtual OUString SAL_CALL getSubjectName() override
virtual css::security::CertificateKind SAL_CALL getCertificateKind() override
virtual css::uno::Sequence< OUString > SAL_CALL getSupportedServiceNames() override
virtual sal_Int16 SAL_CALL getVersion() override
virtual css::uno::Sequence< sal_Int8 > SAL_CALL getIssuerUniqueID() override
CERTCertificate * m_pCert
virtual OUString SAL_CALL getSignatureAlgorithm() override
virtual css::uno::Sequence< sal_Int8 > SAL_CALL getSubjectPublicKeyValue() override
virtual OUString SAL_CALL getIssuerName() override
virtual css::uno::Sequence< sal_Int8 > SAL_CALL getSHA1Thumbprint() override
virtual sal_Bool SAL_CALL supportsService(const OUString &ServiceName) override
virtual css::uno::Sequence< sal_Int8 > SAL_CALL getSerialNumber() override
#define SAL_WARN(area, stream)
#define SAL_INFO(area, stream)
bool CPPUHELPER_DLLPUBLIC supportsService(css::lang::XServiceInfo *implementation, rtl::OUString const &name)
OString OUStringToOString(std::u16string_view str, ConnectionSettings const *settings)
static OUString CompatDNCryptoAPI(std::u16string_view rDN)
bool EqualDistinguishedNames(std::u16string_view const rName1, std::u16string_view const rName2, EqualMode const eMode)
#define CERT_DecodeDERCertificate
static css::uno::Sequence< sal_Int8 > getThumbprint(CERTCertificate const *pCert, SECOidTag id)
static OUString getAlgorithmDescription(SECAlgorithmID const *aid)