1*cdf0e10cSrcweir /************************************************************************* 2*cdf0e10cSrcweir * 3*cdf0e10cSrcweir * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4*cdf0e10cSrcweir * 5*cdf0e10cSrcweir * Copyright 2000, 2010 Oracle and/or its affiliates. 6*cdf0e10cSrcweir * 7*cdf0e10cSrcweir * OpenOffice.org - a multi-platform office productivity suite 8*cdf0e10cSrcweir * 9*cdf0e10cSrcweir * This file is part of OpenOffice.org. 10*cdf0e10cSrcweir * 11*cdf0e10cSrcweir * OpenOffice.org is free software: you can redistribute it and/or modify 12*cdf0e10cSrcweir * it under the terms of the GNU Lesser General Public License version 3 13*cdf0e10cSrcweir * only, as published by the Free Software Foundation. 14*cdf0e10cSrcweir * 15*cdf0e10cSrcweir * OpenOffice.org is distributed in the hope that it will be useful, 16*cdf0e10cSrcweir * but WITHOUT ANY WARRANTY; without even the implied warranty of 17*cdf0e10cSrcweir * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18*cdf0e10cSrcweir * GNU Lesser General Public License version 3 for more details 19*cdf0e10cSrcweir * (a copy is included in the LICENSE file that accompanied this code). 20*cdf0e10cSrcweir * 21*cdf0e10cSrcweir * You should have received a copy of the GNU Lesser General Public License 22*cdf0e10cSrcweir * version 3 along with OpenOffice.org. If not, see 23*cdf0e10cSrcweir * <http://www.openoffice.org/license.html> 24*cdf0e10cSrcweir * for a copy of the LGPLv3 License. 25*cdf0e10cSrcweir * 26*cdf0e10cSrcweir ************************************************************************/ 27*cdf0e10cSrcweir 28*cdf0e10cSrcweir // MARKER(update_precomp.py): autogen include statement, do not remove 29*cdf0e10cSrcweir #include "precompiled_xmlsecurity.hxx" 30*cdf0e10cSrcweir 31*cdf0e10cSrcweir /* 32*cdf0e10cSrcweir * Turn off DEBUG Assertions 33*cdf0e10cSrcweir */ 34*cdf0e10cSrcweir #ifdef _DEBUG 35*cdf0e10cSrcweir #define _DEBUG_WAS_DEFINED _DEBUG 36*cdf0e10cSrcweir #undef _DEBUG 37*cdf0e10cSrcweir #else 38*cdf0e10cSrcweir #undef _DEBUG_WAS_DEFINED 39*cdf0e10cSrcweir #endif 40*cdf0e10cSrcweir 41*cdf0e10cSrcweir /* 42*cdf0e10cSrcweir * and turn off the additional virtual methods which are part of some interfaces when compiled 43*cdf0e10cSrcweir * with debug 44*cdf0e10cSrcweir */ 45*cdf0e10cSrcweir #ifdef DEBUG 46*cdf0e10cSrcweir #define DEBUG_WAS_DEFINED DEBUG 47*cdf0e10cSrcweir #undef DEBUG 48*cdf0e10cSrcweir #else 49*cdf0e10cSrcweir #undef DEBUG_WAS_DEFINED 50*cdf0e10cSrcweir #endif 51*cdf0e10cSrcweir 52*cdf0e10cSrcweir 53*cdf0e10cSrcweir #include <com/sun/star/mozilla/XMozillaBootstrap.hpp> 54*cdf0e10cSrcweir #include <com/sun/star/xml/crypto/DigestID.hpp> 55*cdf0e10cSrcweir #include <com/sun/star/xml/crypto/CipherID.hpp> 56*cdf0e10cSrcweir 57*cdf0e10cSrcweir #include <sal/types.h> 58*cdf0e10cSrcweir #include <rtl/instance.hxx> 59*cdf0e10cSrcweir #include <rtl/bootstrap.hxx> 60*cdf0e10cSrcweir #include <rtl/string.hxx> 61*cdf0e10cSrcweir #include <rtl/strbuf.hxx> 62*cdf0e10cSrcweir #include <osl/file.hxx> 63*cdf0e10cSrcweir #include <osl/thread.h> 64*cdf0e10cSrcweir #include <tools/debug.hxx> 65*cdf0e10cSrcweir #include <rtl/logfile.hxx> 66*cdf0e10cSrcweir 67*cdf0e10cSrcweir #include "seinitializer_nssimpl.hxx" 68*cdf0e10cSrcweir #include "../diagnose.hxx" 69*cdf0e10cSrcweir 70*cdf0e10cSrcweir #include "securityenvironment_nssimpl.hxx" 71*cdf0e10cSrcweir #include "digestcontext.hxx" 72*cdf0e10cSrcweir #include "ciphercontext.hxx" 73*cdf0e10cSrcweir 74*cdf0e10cSrcweir #include <nspr.h> 75*cdf0e10cSrcweir #include <cert.h> 76*cdf0e10cSrcweir #include <nss.h> 77*cdf0e10cSrcweir #include <pk11pub.h> 78*cdf0e10cSrcweir #include <secmod.h> 79*cdf0e10cSrcweir #include <nssckbi.h> 80*cdf0e10cSrcweir 81*cdf0e10cSrcweir 82*cdf0e10cSrcweir namespace css = ::com::sun::star; 83*cdf0e10cSrcweir namespace cssu = css::uno; 84*cdf0e10cSrcweir namespace cssl = css::lang; 85*cdf0e10cSrcweir namespace cssxc = css::xml::crypto; 86*cdf0e10cSrcweir 87*cdf0e10cSrcweir using namespace xmlsecurity; 88*cdf0e10cSrcweir using namespace com::sun::star; 89*cdf0e10cSrcweir using ::rtl::OUString; 90*cdf0e10cSrcweir using ::rtl::OString; 91*cdf0e10cSrcweir 92*cdf0e10cSrcweir #define IMPLEMENTATION_NAME "com.sun.star.xml.security.bridge.xmlsec.NSSInitializer_NssImpl" 93*cdf0e10cSrcweir 94*cdf0e10cSrcweir #define ROOT_CERTS "Root Certs for OpenOffice.org" 95*cdf0e10cSrcweir 96*cdf0e10cSrcweir extern "C" void nsscrypto_finalize(); 97*cdf0e10cSrcweir 98*cdf0e10cSrcweir 99*cdf0e10cSrcweir namespace 100*cdf0e10cSrcweir { 101*cdf0e10cSrcweir 102*cdf0e10cSrcweir bool nsscrypto_initialize( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF, bool & out_nss_init ); 103*cdf0e10cSrcweir 104*cdf0e10cSrcweir struct InitNSSInitialize 105*cdf0e10cSrcweir { 106*cdf0e10cSrcweir css::uno::Reference< css::lang::XMultiServiceFactory > mxMSF; 107*cdf0e10cSrcweir 108*cdf0e10cSrcweir InitNSSInitialize( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF ) 109*cdf0e10cSrcweir : mxMSF( xMSF ) 110*cdf0e10cSrcweir { 111*cdf0e10cSrcweir } 112*cdf0e10cSrcweir 113*cdf0e10cSrcweir bool * operator()() 114*cdf0e10cSrcweir { 115*cdf0e10cSrcweir static bool bInitialized = false; 116*cdf0e10cSrcweir bool bNSSInit = false; 117*cdf0e10cSrcweir bInitialized = nsscrypto_initialize( mxMSF, bNSSInit ); 118*cdf0e10cSrcweir if (bNSSInit) 119*cdf0e10cSrcweir atexit(nsscrypto_finalize ); 120*cdf0e10cSrcweir return & bInitialized; 121*cdf0e10cSrcweir } 122*cdf0e10cSrcweir }; 123*cdf0e10cSrcweir 124*cdf0e10cSrcweir struct GetNSSInitStaticMutex 125*cdf0e10cSrcweir { 126*cdf0e10cSrcweir ::osl::Mutex* operator()() 127*cdf0e10cSrcweir { 128*cdf0e10cSrcweir static ::osl::Mutex aNSSInitMutex; 129*cdf0e10cSrcweir return &aNSSInitMutex; 130*cdf0e10cSrcweir } 131*cdf0e10cSrcweir }; 132*cdf0e10cSrcweir 133*cdf0e10cSrcweir void deleteRootsModule() 134*cdf0e10cSrcweir { 135*cdf0e10cSrcweir SECMODModule *RootsModule = 0; 136*cdf0e10cSrcweir SECMODModuleList *list = SECMOD_GetDefaultModuleList(); 137*cdf0e10cSrcweir SECMODListLock *lock = SECMOD_GetDefaultModuleListLock(); 138*cdf0e10cSrcweir SECMOD_GetReadLock(lock); 139*cdf0e10cSrcweir 140*cdf0e10cSrcweir while (!RootsModule && list) 141*cdf0e10cSrcweir { 142*cdf0e10cSrcweir SECMODModule *module = list->module; 143*cdf0e10cSrcweir 144*cdf0e10cSrcweir for (int i=0; i < module->slotCount; i++) 145*cdf0e10cSrcweir { 146*cdf0e10cSrcweir PK11SlotInfo *slot = module->slots[i]; 147*cdf0e10cSrcweir if (PK11_IsPresent(slot)) 148*cdf0e10cSrcweir { 149*cdf0e10cSrcweir if (PK11_HasRootCerts(slot)) 150*cdf0e10cSrcweir { 151*cdf0e10cSrcweir xmlsec_trace("The root certifificates module \"%s" 152*cdf0e10cSrcweir "\" is already loaded: \n%s", 153*cdf0e10cSrcweir module->commonName, module->dllName); 154*cdf0e10cSrcweir 155*cdf0e10cSrcweir RootsModule = SECMOD_ReferenceModule(module); 156*cdf0e10cSrcweir break; 157*cdf0e10cSrcweir } 158*cdf0e10cSrcweir } 159*cdf0e10cSrcweir } 160*cdf0e10cSrcweir list = list->next; 161*cdf0e10cSrcweir } 162*cdf0e10cSrcweir SECMOD_ReleaseReadLock(lock); 163*cdf0e10cSrcweir 164*cdf0e10cSrcweir if (RootsModule) 165*cdf0e10cSrcweir { 166*cdf0e10cSrcweir PRInt32 modType; 167*cdf0e10cSrcweir if (SECSuccess == SECMOD_DeleteModule(RootsModule->commonName, &modType)) 168*cdf0e10cSrcweir { 169*cdf0e10cSrcweir xmlsec_trace("Deleted module \"%s\".", RootsModule->commonName); 170*cdf0e10cSrcweir } 171*cdf0e10cSrcweir else 172*cdf0e10cSrcweir { 173*cdf0e10cSrcweir xmlsec_trace("Failed to delete \"%s\" : \n%s", 174*cdf0e10cSrcweir RootsModule->commonName, RootsModule->dllName); 175*cdf0e10cSrcweir } 176*cdf0e10cSrcweir SECMOD_DestroyModule(RootsModule); 177*cdf0e10cSrcweir RootsModule = 0; 178*cdf0e10cSrcweir } 179*cdf0e10cSrcweir } 180*cdf0e10cSrcweir 181*cdf0e10cSrcweir ::rtl::OString getMozillaCurrentProfile( const css::uno::Reference< css::lang::XMultiServiceFactory > &rxMSF ) 182*cdf0e10cSrcweir { 183*cdf0e10cSrcweir ::rtl::OString sResult; 184*cdf0e10cSrcweir // first, try to get the profile from "MOZILLA_CERTIFICATE_FOLDER" 185*cdf0e10cSrcweir char* pEnv = getenv( "MOZILLA_CERTIFICATE_FOLDER" ); 186*cdf0e10cSrcweir if ( pEnv ) 187*cdf0e10cSrcweir { 188*cdf0e10cSrcweir sResult = ::rtl::OString( pEnv ); 189*cdf0e10cSrcweir RTL_LOGFILE_PRODUCT_TRACE1( "XMLSEC: Using env MOZILLA_CERTIFICATE_FOLDER: %s", sResult.getStr() ); 190*cdf0e10cSrcweir } 191*cdf0e10cSrcweir else 192*cdf0e10cSrcweir { 193*cdf0e10cSrcweir mozilla::MozillaProductType productTypes[4] = { 194*cdf0e10cSrcweir mozilla::MozillaProductType_Thunderbird, 195*cdf0e10cSrcweir mozilla::MozillaProductType_Mozilla, 196*cdf0e10cSrcweir mozilla::MozillaProductType_Firefox, 197*cdf0e10cSrcweir mozilla::MozillaProductType_Default }; 198*cdf0e10cSrcweir int nProduct = 4; 199*cdf0e10cSrcweir 200*cdf0e10cSrcweir uno::Reference<uno::XInterface> xInstance = rxMSF->createInstance( 201*cdf0e10cSrcweir ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM("com.sun.star.mozilla.MozillaBootstrap")) ); 202*cdf0e10cSrcweir OSL_ENSURE( xInstance.is(), "failed to create instance" ); 203*cdf0e10cSrcweir 204*cdf0e10cSrcweir uno::Reference<mozilla::XMozillaBootstrap> xMozillaBootstrap 205*cdf0e10cSrcweir = uno::Reference<mozilla::XMozillaBootstrap>(xInstance,uno::UNO_QUERY); 206*cdf0e10cSrcweir OSL_ENSURE( xMozillaBootstrap.is(), "failed to create instance" ); 207*cdf0e10cSrcweir 208*cdf0e10cSrcweir if (xMozillaBootstrap.is()) 209*cdf0e10cSrcweir { 210*cdf0e10cSrcweir for (int i=0; i<nProduct; i++) 211*cdf0e10cSrcweir { 212*cdf0e10cSrcweir ::rtl::OUString profile = xMozillaBootstrap->getDefaultProfile(productTypes[i]); 213*cdf0e10cSrcweir 214*cdf0e10cSrcweir if (profile != NULL && profile.getLength()>0) 215*cdf0e10cSrcweir { 216*cdf0e10cSrcweir ::rtl::OUString sProfilePath = xMozillaBootstrap->getProfilePath( productTypes[i], profile ); 217*cdf0e10cSrcweir sResult = ::rtl::OUStringToOString( sProfilePath, osl_getThreadTextEncoding() ); 218*cdf0e10cSrcweir RTL_LOGFILE_PRODUCT_TRACE1( "XMLSEC: Using Mozilla Profile: %s", sResult.getStr() ); 219*cdf0e10cSrcweir } 220*cdf0e10cSrcweir } 221*cdf0e10cSrcweir } 222*cdf0e10cSrcweir 223*cdf0e10cSrcweir RTL_LOGFILE_PRODUCT_TRACE( "XMLSEC: No Mozilla Profile found!" ); 224*cdf0e10cSrcweir } 225*cdf0e10cSrcweir 226*cdf0e10cSrcweir return sResult; 227*cdf0e10cSrcweir } 228*cdf0e10cSrcweir 229*cdf0e10cSrcweir //Older versions of Firefox (FF), for example FF2, and Thunderbird (TB) 2 write 230*cdf0e10cSrcweir //the roots certificate module (libnssckbi.so), which they use, into the 231*cdf0e10cSrcweir //profile. This module will then already be loaded during NSS_Init (and the 232*cdf0e10cSrcweir //other init functions). This fails in two cases. First, FF3 was used to create 233*cdf0e10cSrcweir //the profile, or possibly used that profile before, and second the profile was 234*cdf0e10cSrcweir //used on a different platform. 235*cdf0e10cSrcweir // 236*cdf0e10cSrcweir //Then one needs to add the roots module oneself. This should be done with 237*cdf0e10cSrcweir //SECMOD_LoadUserModule rather then SECMOD_AddNewModule. The latter would write 238*cdf0e10cSrcweir //the location of the roots module to the profile, which makes FF2 and TB2 use 239*cdf0e10cSrcweir //it instead of there own module. 240*cdf0e10cSrcweir // 241*cdf0e10cSrcweir //When using SYSTEM_MOZILLA then the libnss3.so lib is typically found in 242*cdf0e10cSrcweir ///usr/lib. This folder may, however, NOT contain the roots certificate 243*cdf0e10cSrcweir //module. That is, just providing the library name in SECMOD_LoadUserModule or 244*cdf0e10cSrcweir //SECMOD_AddNewModule will FAIL to load the mozilla unless the LD_LIBRARY_PATH 245*cdf0e10cSrcweir //contains an FF or TB installation. 246*cdf0e10cSrcweir //ATTENTION: DO NOT call this function directly instead use initNSS 247*cdf0e10cSrcweir //return true - whole initialization was successful 248*cdf0e10cSrcweir //param out_nss_init = true: at least the NSS initialization (NSS_InitReadWrite 249*cdf0e10cSrcweir //was successful and therefor NSS_Shutdown should be called when terminating. 250*cdf0e10cSrcweir bool nsscrypto_initialize( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF, bool & out_nss_init ) 251*cdf0e10cSrcweir { 252*cdf0e10cSrcweir bool return_value = true; 253*cdf0e10cSrcweir 254*cdf0e10cSrcweir // this method must be called only once, no need for additional lock 255*cdf0e10cSrcweir rtl::OString sCertDir; 256*cdf0e10cSrcweir 257*cdf0e10cSrcweir (void) xMSF; 258*cdf0e10cSrcweir #ifdef XMLSEC_CRYPTO_NSS 259*cdf0e10cSrcweir if ( xMSF.is() ) 260*cdf0e10cSrcweir sCertDir = getMozillaCurrentProfile( xMSF ); 261*cdf0e10cSrcweir #endif 262*cdf0e10cSrcweir xmlsec_trace( "Using profile: %s", sCertDir.getStr() ); 263*cdf0e10cSrcweir 264*cdf0e10cSrcweir PR_Init( PR_USER_THREAD, PR_PRIORITY_NORMAL, 1 ) ; 265*cdf0e10cSrcweir 266*cdf0e10cSrcweir // there might be no profile 267*cdf0e10cSrcweir if ( sCertDir.getLength() > 0 ) 268*cdf0e10cSrcweir { 269*cdf0e10cSrcweir if( NSS_InitReadWrite( sCertDir.getStr() ) != SECSuccess ) 270*cdf0e10cSrcweir { 271*cdf0e10cSrcweir xmlsec_trace("Initializing NSS with profile failed."); 272*cdf0e10cSrcweir char * error = NULL; 273*cdf0e10cSrcweir 274*cdf0e10cSrcweir PR_GetErrorText(error); 275*cdf0e10cSrcweir if (error) 276*cdf0e10cSrcweir xmlsec_trace("%s",error); 277*cdf0e10cSrcweir return false ; 278*cdf0e10cSrcweir } 279*cdf0e10cSrcweir } 280*cdf0e10cSrcweir else 281*cdf0e10cSrcweir { 282*cdf0e10cSrcweir xmlsec_trace("Initializing NSS without profile."); 283*cdf0e10cSrcweir if ( NSS_NoDB_Init(NULL) != SECSuccess ) 284*cdf0e10cSrcweir { 285*cdf0e10cSrcweir xmlsec_trace("Initializing NSS without profile failed."); 286*cdf0e10cSrcweir char * error = NULL; 287*cdf0e10cSrcweir PR_GetErrorText(error); 288*cdf0e10cSrcweir if (error) 289*cdf0e10cSrcweir xmlsec_trace("%s",error); 290*cdf0e10cSrcweir return false ; 291*cdf0e10cSrcweir } 292*cdf0e10cSrcweir } 293*cdf0e10cSrcweir out_nss_init = true; 294*cdf0e10cSrcweir 295*cdf0e10cSrcweir #ifdef XMLSEC_CRYPTO_NSS 296*cdf0e10cSrcweir #if defined SYSTEM_MOZILLA 297*cdf0e10cSrcweir if (!SECMOD_HasRootCerts()) 298*cdf0e10cSrcweir { 299*cdf0e10cSrcweir #endif 300*cdf0e10cSrcweir deleteRootsModule(); 301*cdf0e10cSrcweir 302*cdf0e10cSrcweir #if defined SYSTEM_MOZILLA 303*cdf0e10cSrcweir OUString rootModule(RTL_CONSTASCII_USTRINGPARAM("libnssckbi"SAL_DLLEXTENSION)); 304*cdf0e10cSrcweir #else 305*cdf0e10cSrcweir OUString rootModule(RTL_CONSTASCII_USTRINGPARAM("${OOO_BASE_DIR}/program/libnssckbi"SAL_DLLEXTENSION)); 306*cdf0e10cSrcweir #endif 307*cdf0e10cSrcweir ::rtl::Bootstrap::expandMacros(rootModule); 308*cdf0e10cSrcweir 309*cdf0e10cSrcweir OUString rootModulePath; 310*cdf0e10cSrcweir if (::osl::File::E_None == ::osl::File::getSystemPathFromFileURL(rootModule, rootModulePath)) 311*cdf0e10cSrcweir { 312*cdf0e10cSrcweir ::rtl::OString ospath = ::rtl::OUStringToOString(rootModulePath, osl_getThreadTextEncoding()); 313*cdf0e10cSrcweir ::rtl::OStringBuffer pkcs11moduleSpec; 314*cdf0e10cSrcweir pkcs11moduleSpec.append("name=\""); 315*cdf0e10cSrcweir pkcs11moduleSpec.append(ROOT_CERTS); 316*cdf0e10cSrcweir pkcs11moduleSpec.append("\" library=\""); 317*cdf0e10cSrcweir pkcs11moduleSpec.append(ospath.getStr()); 318*cdf0e10cSrcweir pkcs11moduleSpec.append("\""); 319*cdf0e10cSrcweir 320*cdf0e10cSrcweir SECMODModule * RootsModule = 321*cdf0e10cSrcweir SECMOD_LoadUserModule( 322*cdf0e10cSrcweir const_cast<char*>(pkcs11moduleSpec.makeStringAndClear().getStr()), 323*cdf0e10cSrcweir 0, // no parent 324*cdf0e10cSrcweir PR_FALSE); // do not recurse 325*cdf0e10cSrcweir 326*cdf0e10cSrcweir if (RootsModule) 327*cdf0e10cSrcweir { 328*cdf0e10cSrcweir 329*cdf0e10cSrcweir bool found = RootsModule->loaded; 330*cdf0e10cSrcweir 331*cdf0e10cSrcweir SECMOD_DestroyModule(RootsModule); 332*cdf0e10cSrcweir RootsModule = 0; 333*cdf0e10cSrcweir if (found) 334*cdf0e10cSrcweir xmlsec_trace("Added new root certificate module " 335*cdf0e10cSrcweir "\""ROOT_CERTS"\" contained in \n%s", ospath.getStr()); 336*cdf0e10cSrcweir else 337*cdf0e10cSrcweir { 338*cdf0e10cSrcweir xmlsec_trace("FAILED to load the new root certificate module " 339*cdf0e10cSrcweir "\""ROOT_CERTS"\" contained in \n%s", ospath.getStr()); 340*cdf0e10cSrcweir return_value = false; 341*cdf0e10cSrcweir } 342*cdf0e10cSrcweir } 343*cdf0e10cSrcweir else 344*cdf0e10cSrcweir { 345*cdf0e10cSrcweir xmlsec_trace("FAILED to add new root certifice module: " 346*cdf0e10cSrcweir "\""ROOT_CERTS"\" contained in \n%s", ospath.getStr()); 347*cdf0e10cSrcweir return_value = false; 348*cdf0e10cSrcweir 349*cdf0e10cSrcweir } 350*cdf0e10cSrcweir } 351*cdf0e10cSrcweir else 352*cdf0e10cSrcweir { 353*cdf0e10cSrcweir xmlsec_trace("Adding new root certificate module failed."); 354*cdf0e10cSrcweir return_value = false; 355*cdf0e10cSrcweir } 356*cdf0e10cSrcweir #if SYSTEM_MOZILLA 357*cdf0e10cSrcweir } 358*cdf0e10cSrcweir #endif 359*cdf0e10cSrcweir #endif 360*cdf0e10cSrcweir 361*cdf0e10cSrcweir return return_value; 362*cdf0e10cSrcweir } 363*cdf0e10cSrcweir 364*cdf0e10cSrcweir 365*cdf0e10cSrcweir // must be extern "C" because we pass the function pointer to atexit 366*cdf0e10cSrcweir extern "C" void nsscrypto_finalize() 367*cdf0e10cSrcweir { 368*cdf0e10cSrcweir SECMODModule *RootsModule = SECMOD_FindModule(ROOT_CERTS); 369*cdf0e10cSrcweir 370*cdf0e10cSrcweir if (RootsModule) 371*cdf0e10cSrcweir { 372*cdf0e10cSrcweir 373*cdf0e10cSrcweir if (SECSuccess == SECMOD_UnloadUserModule(RootsModule)) 374*cdf0e10cSrcweir { 375*cdf0e10cSrcweir xmlsec_trace("Unloaded module \""ROOT_CERTS"\"."); 376*cdf0e10cSrcweir } 377*cdf0e10cSrcweir else 378*cdf0e10cSrcweir { 379*cdf0e10cSrcweir xmlsec_trace("Failed unloadeding module \""ROOT_CERTS"\"."); 380*cdf0e10cSrcweir } 381*cdf0e10cSrcweir SECMOD_DestroyModule(RootsModule); 382*cdf0e10cSrcweir } 383*cdf0e10cSrcweir else 384*cdf0e10cSrcweir { 385*cdf0e10cSrcweir xmlsec_trace("Unloading module \""ROOT_CERTS 386*cdf0e10cSrcweir "\" failed because it was not found."); 387*cdf0e10cSrcweir } 388*cdf0e10cSrcweir PK11_LogoutAll(); 389*cdf0e10cSrcweir NSS_Shutdown(); 390*cdf0e10cSrcweir } 391*cdf0e10cSrcweir } // namespace 392*cdf0e10cSrcweir 393*cdf0e10cSrcweir ONSSInitializer::ONSSInitializer( 394*cdf0e10cSrcweir const css::uno::Reference< css::lang::XMultiServiceFactory > &rxMSF) 395*cdf0e10cSrcweir :mxMSF( rxMSF ) 396*cdf0e10cSrcweir { 397*cdf0e10cSrcweir } 398*cdf0e10cSrcweir 399*cdf0e10cSrcweir ONSSInitializer::~ONSSInitializer() 400*cdf0e10cSrcweir { 401*cdf0e10cSrcweir } 402*cdf0e10cSrcweir 403*cdf0e10cSrcweir bool ONSSInitializer::initNSS( const css::uno::Reference< css::lang::XMultiServiceFactory > &xMSF ) 404*cdf0e10cSrcweir { 405*cdf0e10cSrcweir return *rtl_Instance< bool, InitNSSInitialize, ::osl::MutexGuard, GetNSSInitStaticMutex > 406*cdf0e10cSrcweir ::create( InitNSSInitialize( xMSF ), GetNSSInitStaticMutex() ); 407*cdf0e10cSrcweir } 408*cdf0e10cSrcweir 409*cdf0e10cSrcweir css::uno::Reference< css::xml::crypto::XDigestContext > SAL_CALL ONSSInitializer::getDigestContext( ::sal_Int32 nDigestID, const css::uno::Sequence< css::beans::NamedValue >& aParams ) 410*cdf0e10cSrcweir throw (css::lang::IllegalArgumentException, css::uno::RuntimeException) 411*cdf0e10cSrcweir { 412*cdf0e10cSrcweir SECOidTag nNSSDigestID = SEC_OID_UNKNOWN; 413*cdf0e10cSrcweir sal_Int32 nDigestLength = 0; 414*cdf0e10cSrcweir bool b1KData = false; 415*cdf0e10cSrcweir if ( nDigestID == css::xml::crypto::DigestID::SHA256 416*cdf0e10cSrcweir || nDigestID == css::xml::crypto::DigestID::SHA256_1K ) 417*cdf0e10cSrcweir { 418*cdf0e10cSrcweir nNSSDigestID = SEC_OID_SHA256; 419*cdf0e10cSrcweir nDigestLength = 32; 420*cdf0e10cSrcweir b1KData = ( nDigestID == css::xml::crypto::DigestID::SHA256_1K ); 421*cdf0e10cSrcweir } 422*cdf0e10cSrcweir else if ( nDigestID == css::xml::crypto::DigestID::SHA1 423*cdf0e10cSrcweir || nDigestID == css::xml::crypto::DigestID::SHA1_1K ) 424*cdf0e10cSrcweir { 425*cdf0e10cSrcweir nNSSDigestID = SEC_OID_SHA1; 426*cdf0e10cSrcweir nDigestLength = 20; 427*cdf0e10cSrcweir b1KData = ( nDigestID == css::xml::crypto::DigestID::SHA1_1K ); 428*cdf0e10cSrcweir } 429*cdf0e10cSrcweir else 430*cdf0e10cSrcweir throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected digest requested." ) ), css::uno::Reference< css::uno::XInterface >(), 1 ); 431*cdf0e10cSrcweir 432*cdf0e10cSrcweir if ( aParams.getLength() ) 433*cdf0e10cSrcweir throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected arguments provided for digest creation." ) ), css::uno::Reference< css::uno::XInterface >(), 2 ); 434*cdf0e10cSrcweir 435*cdf0e10cSrcweir css::uno::Reference< css::xml::crypto::XDigestContext > xResult; 436*cdf0e10cSrcweir if( initNSS( mxMSF ) ) 437*cdf0e10cSrcweir { 438*cdf0e10cSrcweir PK11Context* pContext = PK11_CreateDigestContext( nNSSDigestID ); 439*cdf0e10cSrcweir if ( pContext && PK11_DigestBegin( pContext ) == SECSuccess ) 440*cdf0e10cSrcweir xResult = new ODigestContext( pContext, nDigestLength, b1KData ); 441*cdf0e10cSrcweir } 442*cdf0e10cSrcweir 443*cdf0e10cSrcweir return xResult; 444*cdf0e10cSrcweir } 445*cdf0e10cSrcweir 446*cdf0e10cSrcweir css::uno::Reference< css::xml::crypto::XCipherContext > SAL_CALL ONSSInitializer::getCipherContext( ::sal_Int32 nCipherID, const css::uno::Sequence< ::sal_Int8 >& aKey, const css::uno::Sequence< ::sal_Int8 >& aInitializationVector, ::sal_Bool bEncryption, const css::uno::Sequence< css::beans::NamedValue >& aParams ) 447*cdf0e10cSrcweir throw (css::lang::IllegalArgumentException, css::uno::RuntimeException) 448*cdf0e10cSrcweir { 449*cdf0e10cSrcweir CK_MECHANISM_TYPE nNSSCipherID = 0; 450*cdf0e10cSrcweir bool bW3CPadding = false; 451*cdf0e10cSrcweir if ( nCipherID == css::xml::crypto::CipherID::AES_CBC_W3C_PADDING ) 452*cdf0e10cSrcweir { 453*cdf0e10cSrcweir nNSSCipherID = CKM_AES_CBC; 454*cdf0e10cSrcweir bW3CPadding = true; 455*cdf0e10cSrcweir 456*cdf0e10cSrcweir if ( aKey.getLength() != 16 && aKey.getLength() != 24 && aKey.getLength() != 32 ) 457*cdf0e10cSrcweir throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected key length." ) ), css::uno::Reference< css::uno::XInterface >(), 2 ); 458*cdf0e10cSrcweir 459*cdf0e10cSrcweir if ( aParams.getLength() ) 460*cdf0e10cSrcweir throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected arguments provided for cipher creation." ) ), css::uno::Reference< css::uno::XInterface >(), 5 ); 461*cdf0e10cSrcweir } 462*cdf0e10cSrcweir else 463*cdf0e10cSrcweir throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected cipher requested." ) ), css::uno::Reference< css::uno::XInterface >(), 1 ); 464*cdf0e10cSrcweir 465*cdf0e10cSrcweir css::uno::Reference< css::xml::crypto::XCipherContext > xResult; 466*cdf0e10cSrcweir if( initNSS( mxMSF ) ) 467*cdf0e10cSrcweir { 468*cdf0e10cSrcweir if ( aInitializationVector.getLength() != PK11_GetIVLength( nNSSCipherID ) ) 469*cdf0e10cSrcweir throw css::lang::IllegalArgumentException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "Unexpected length of initialization vector." ) ), css::uno::Reference< css::uno::XInterface >(), 3 ); 470*cdf0e10cSrcweir 471*cdf0e10cSrcweir xResult = OCipherContext::Create( nNSSCipherID, aKey, aInitializationVector, bEncryption, bW3CPadding ); 472*cdf0e10cSrcweir } 473*cdf0e10cSrcweir 474*cdf0e10cSrcweir return xResult; 475*cdf0e10cSrcweir } 476*cdf0e10cSrcweir 477*cdf0e10cSrcweir rtl::OUString ONSSInitializer_getImplementationName () 478*cdf0e10cSrcweir throw (cssu::RuntimeException) 479*cdf0e10cSrcweir { 480*cdf0e10cSrcweir 481*cdf0e10cSrcweir return rtl::OUString ( RTL_CONSTASCII_USTRINGPARAM ( IMPLEMENTATION_NAME ) ); 482*cdf0e10cSrcweir } 483*cdf0e10cSrcweir 484*cdf0e10cSrcweir sal_Bool SAL_CALL ONSSInitializer_supportsService( const rtl::OUString& ServiceName ) 485*cdf0e10cSrcweir throw (cssu::RuntimeException) 486*cdf0e10cSrcweir { 487*cdf0e10cSrcweir return ServiceName.equalsAsciiL( RTL_CONSTASCII_STRINGPARAM ( NSS_SERVICE_NAME )); 488*cdf0e10cSrcweir } 489*cdf0e10cSrcweir 490*cdf0e10cSrcweir cssu::Sequence< rtl::OUString > SAL_CALL ONSSInitializer_getSupportedServiceNames( ) 491*cdf0e10cSrcweir throw (cssu::RuntimeException) 492*cdf0e10cSrcweir { 493*cdf0e10cSrcweir cssu::Sequence < rtl::OUString > aRet(1); 494*cdf0e10cSrcweir rtl::OUString* pArray = aRet.getArray(); 495*cdf0e10cSrcweir pArray[0] = rtl::OUString ( RTL_CONSTASCII_USTRINGPARAM ( NSS_SERVICE_NAME ) ); 496*cdf0e10cSrcweir return aRet; 497*cdf0e10cSrcweir } 498*cdf0e10cSrcweir 499*cdf0e10cSrcweir cssu::Reference< cssu::XInterface > SAL_CALL ONSSInitializer_createInstance( const cssu::Reference< cssl::XMultiServiceFactory > & rSMgr) 500*cdf0e10cSrcweir throw( cssu::Exception ) 501*cdf0e10cSrcweir { 502*cdf0e10cSrcweir return (cppu::OWeakObject*) new ONSSInitializer( rSMgr ); 503*cdf0e10cSrcweir } 504*cdf0e10cSrcweir 505*cdf0e10cSrcweir /* XServiceInfo */ 506*cdf0e10cSrcweir rtl::OUString SAL_CALL ONSSInitializer::getImplementationName() 507*cdf0e10cSrcweir throw (cssu::RuntimeException) 508*cdf0e10cSrcweir { 509*cdf0e10cSrcweir return ONSSInitializer_getImplementationName(); 510*cdf0e10cSrcweir } 511*cdf0e10cSrcweir sal_Bool SAL_CALL ONSSInitializer::supportsService( const rtl::OUString& rServiceName ) 512*cdf0e10cSrcweir throw (cssu::RuntimeException) 513*cdf0e10cSrcweir { 514*cdf0e10cSrcweir return ONSSInitializer_supportsService( rServiceName ); 515*cdf0e10cSrcweir } 516*cdf0e10cSrcweir cssu::Sequence< rtl::OUString > SAL_CALL ONSSInitializer::getSupportedServiceNames( ) 517*cdf0e10cSrcweir throw (cssu::RuntimeException) 518*cdf0e10cSrcweir { 519*cdf0e10cSrcweir return ONSSInitializer_getSupportedServiceNames(); 520*cdf0e10cSrcweir } 521*cdf0e10cSrcweir 522