1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* This file is part of the LibreOffice project.
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* This file incorporates work covered by the following license notice:
*
*/
#include <com/sun/star/security/CertificateContainer.hpp>
#include <com/sun/star/security/XCertificate.hpp>
#include <com/sun/star/security/XCertificateContainer.hpp>
#include <com/sun/star/xml/crypto/SEInitializer.hpp>
#include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp>
#include <rtl/ref.hxx>
#include <comphelper/sequence.hxx>
#include <ucbhelper/simplecertificatevalidationrequest.hxx>
#include "certvalidation_handler.hxx"
#define STD_TO_OUSTR( str ) OUString( str.c_str(), str.length( ), RTL_TEXTENCODING_UTF8 )
using namespace com::sun::star;
namespace cmis
{
bool CertValidationHandler::validateCertificate( std::vector< std::string > aCertificates )
{
bool bValidate = false;
if ( !aCertificates.empty() && m_xEnv.is() )
{
uno::Reference< xml::crypto::XSEInitializer > xSEInitializer;
try
{
xSEInitializer = xml::crypto::SEInitializer::create( m_xContext );
}
catch ( uno::Exception const & )
{
}
if ( xSEInitializer.is() )
{
uno::Reference< xml::crypto::XXMLSecurityContext > xSecurityContext(
xSEInitializer->createSecurityContext( OUString() ) );
uno::Reference< xml::crypto::XSecurityEnvironment > xSecurityEnv(
xSecurityContext->getSecurityEnvironment() );
std::vector< std::string >::iterator pIt = aCertificates.begin();
std::string sCert = *pIt;
// We need to get rid of the PEM header/footer lines
OUString sCleanCert = STD_TO_OUSTR( sCert );
sCleanCert = sCleanCert.replaceAll( "-----BEGIN CERTIFICATE-----", "" );
sCleanCert = sCleanCert.replaceAll( "-----END CERTIFICATE-----", "" );
uno::Reference< security::XCertificate > xCert(
xSecurityEnv->createCertificateFromAscii(
sCleanCert ) );
uno::Reference< security::XCertificateContainer > xCertificateContainer;
try
{
xCertificateContainer = security::CertificateContainer::create( m_xContext );
}
catch ( uno::Exception const & )
{
}
if ( xCertificateContainer.is( ) )
{
security::CertificateContainerStatus status(
xCertificateContainer->hasCertificate(
m_sHostname, xCert->getSubjectName() ) );
if ( status != security::CertificateContainerStatus_NOCERT )
return status == security::CertificateContainerStatus_TRUSTED;
}
// If we had no certificate, ask what to do
std::vector< uno::Reference< security::XCertificate > > vecCerts;
for ( ++pIt; pIt != aCertificates.end(); ++pIt )
{
sCert = *pIt;
uno::Reference< security::XCertificate> xImCert(
xSecurityEnv->createCertificateFromAscii(
STD_TO_OUSTR( sCert ) ) );
if ( xImCert.is() )
vecCerts.push_back( xImCert );
}
sal_Int64 certValidity = xSecurityEnv->verifyCertificate( xCert,
::comphelper::containerToSequence( vecCerts ) );
uno::Reference< task::XInteractionHandler > xIH(
m_xEnv->getInteractionHandler() );
if ( xIH.is() )
{
rtl::Reference< ucbhelper::SimpleCertificateValidationRequest >
xRequest( new ucbhelper::SimpleCertificateValidationRequest(
sal_Int32( certValidity ), xCert, m_sHostname ) );
xIH->handle( xRequest );
rtl::Reference< ucbhelper::InteractionContinuation > xSelection
= xRequest->getSelection();
if ( xSelection.is() )
{
uno::Reference< task::XInteractionApprove > xApprove(
xSelection.get(), uno::UNO_QUERY );
bValidate = xApprove.is();
// Store the decision in the container
xCertificateContainer->addCertificate(
m_sHostname, xCert->getSubjectName(), bValidate );
}
}
}
}
return bValidate;
}
}
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|
