Revert "[API CHANGE] createSecurityContext() was always called with an empty string"

I got cold feet. I don't want to have to revert this many years later instead, when some obscure 3rd-party software stops working. This reverts commit e1ce7bad.

Revert "[API CHANGE] createSecurityContext() was always called with an empty string"
I got cold feet. I don't want to have to revert this many years later instead, when some obscure 3rd-party software stops working. This reverts commit e1ce7bad.
b1c14587 · Tor Lillqvist · cc15806b · b1c14587 · b1c14587 · b1c14587
Kaydet (Commit) b1c14587 authored Ara 22, 2016 tarafından Tor Lillqvist
12 changed files
--- a/offapi/com/sun/star/xml/crypto/XSEInitializer.idl
+++ b/offapi/com/sun/star/xml/crypto/XSEInitializer.idl
@@ -35,9 +35,12 @@ interface XSEInitializer : com::sun::star::uno::XInterface
    /**
       Creates a security context.
+       @param aString
+            reserved for internal use.
       @return            the security context created
     */
-    ::com::sun::star::xml::crypto::XXMLSecurityContext createSecurityContext();
+    ::com::sun::star::xml::crypto::XXMLSecurityContext createSecurityContext( [in] string aString );
    /**
     * Frees a security context.

--- a/ucb/source/ucp/cmis/certvalidation_handler.cxx
+++ b/ucb/source/ucp/cmis/certvalidation_handler.cxx
@@ -46,7 +46,7 @@ namespace cmis
            if ( xSEInitializer.is() )
            {
                uno::Reference< xml::crypto::XXMLSecurityContext > xSecurityContext(
-                    xSEInitializer->createSecurityContext() );
+                    xSEInitializer->createSecurityContext( OUString() ) );
                uno::Reference< xml::crypto::XSecurityEnvironment > xSecurityEnv(
                        xSecurityContext->getSecurityEnvironment() );

--- a/ucb/source/ucp/webdav-neon/NeonSession.cxx
+++ b/ucb/source/ucp/webdav-neon/NeonSession.cxx
@@ -398,7 +398,7 @@ extern "C" int NeonSession_CertificationNotify( void *userdata,
        return 1;
    uno::Reference< xml::crypto::XXMLSecurityContext > xSecurityContext(
-        xSEInitializer->createSecurityContext() );
+        xSEInitializer->createSecurityContext( OUString() ) );
    uno::Reference< xml::crypto::XSecurityEnvironment > xSecurityEnv(
        xSecurityContext->getSecurityEnvironment() );

--- a/ucb/source/ucp/webdav/SerfSession.cxx
+++ b/ucb/source/ucp/webdav/SerfSession.cxx
@@ -373,7 +373,7 @@ apr_status_t SerfSession::verifySerfCertificateChain (
        css::uno::Reference< css::xml::crypto::XSEInitializer > xSEInitializer =
            css::xml::crypto::SEInitializer::create( xContext );
-        xSecurityContext = xSEInitializer->createSecurityContext();
+        xSecurityContext = xSEInitializer->createSecurityContext( OUString() );
        if (xSecurityContext.is())
            xSecurityEnv = xSecurityContext->getSecurityEnvironment();

--- a/xmlsecurity/qa/certext/SanCertExt.cxx
+++ b/xmlsecurity/qa/certext/SanCertExt.cxx
@@ -126,7 +126,7 @@ namespace {
        uno::Reference< lang::XMultiServiceFactory > factory(context->getServiceManager(), uno::UNO_QUERY_THROW);
        uno::Reference< xml::crypto::XSEInitializer > xSEInitializer = xml::crypto::SEInitializer::create(context);
        uno::Reference< xml::crypto::XXMLSecurityContext > xSecurityContext(
-            xSEInitializer->createSecurityContext());
+            xSEInitializer->createSecurityContext(OUString()));
        return xSecurityContext->getSecurityEnvironment();
    }

--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -119,7 +119,7 @@ void PDFSigningTest::setUp()
 std::vector<SignatureInformation> PDFSigningTest::verify(const OUString& rURL, size_t nCount, const OString& rExpectedSubFilter)
 {
    uno::Reference<xml::crypto::XSEInitializer> xSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext);
-    uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext = xSEInitializer->createSecurityContext();
+    uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext = xSEInitializer->createSecurityContext(OUString());
    std::vector<SignatureInformation> aRet;
    SvFileStream aStream(rURL, StreamMode::READ);
@@ -151,7 +151,7 @@ bool PDFSigningTest::sign(const OUString& rInURL, const OUString& rOutURL, size_
 {
    // Make sure that input has nOriginalSignatureCount signatures.
    uno::Reference<xml::crypto::XSEInitializer> xSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext);
-    uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext = xSEInitializer->createSecurityContext();
+    uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext = xSEInitializer->createSecurityContext(OUString());
    xmlsecurity::pdfio::PDFDocument aDocument;
    {
        SvFileStream aStream(rInURL, StreamMode::READ);
@@ -223,7 +223,7 @@ void PDFSigningTest::testPDFRemove()
 {
    // Make sure that good.pdf has 1 valid signature.
    uno::Reference<xml::crypto::XSEInitializer> xSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext);
-    uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext = xSEInitializer->createSecurityContext();
+    uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext = xSEInitializer->createSecurityContext(OUString());
    xmlsecurity::pdfio::PDFDocument aDocument;
    {
        OUString aSourceDir = m_directories.getURLFromSrc(DATA_DIRECTORY);
@@ -257,7 +257,7 @@ void PDFSigningTest::testPDFRemoveAll()
    // testPDFRemove(), here intentionally test DocumentSignatureManager and
    // PDFSignatureHelper code as well.
    uno::Reference<xml::crypto::XSEInitializer> xSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext);
-    uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext = xSEInitializer->createSecurityContext();
+    uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext = xSEInitializer->createSecurityContext(OUString());
    // Copy the test document to a temporary file, as it'll be modified.
    OUString aTargetDir = m_directories.getURLFromWorkdir("/CppunitTest/xmlsecurity_pdfsigning.test.user/");
@@ -410,7 +410,7 @@ void PDFSigningTest::testUnknownSubFilter()
 {
    // Tokenize the bugdoc.
    uno::Reference<xml::crypto::XSEInitializer> xSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext);
-    uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext = xSEInitializer->createSecurityContext();
+    uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext = xSEInitializer->createSecurityContext(OUString());
    SvStream* pStream = utl::UcbStreamHelper::CreateStream(m_directories.getURLFromSrc(DATA_DIRECTORY) + "cr-comment.pdf", StreamMode::READ | StreamMode::WRITE);
    uno::Reference<io::XStream> xStream(new utl::OStreamWrapper(*pStream));
    DocumentSignatureManager aManager(mxComponentContext, DocumentSignatureMode::Content);

--- a/xmlsecurity/source/helper/documentsignaturemanager.cxx
+++ b/xmlsecurity/source/helper/documentsignaturemanager.cxx
@@ -56,7 +56,7 @@ bool DocumentSignatureManager::init()
    mxSEInitializer = css::xml::crypto::SEInitializer::create(mxContext);
    if (mxSEInitializer.is())
-        mxSecurityContext = mxSEInitializer->createSecurityContext();
+        mxSecurityContext = mxSEInitializer->createSecurityContext(OUString());
    return mxSecurityContext.is();
 }

--- a/xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.cxx
@@ -45,12 +45,31 @@ SEInitializer_MSCryptImpl::~SEInitializer_MSCryptImpl()
 /* XSEInitializer */
 cssu::Reference< cssxc::XXMLSecurityContext > SAL_CALL
-    SEInitializer_MSCryptImpl::createSecurityContext()
+    SEInitializer_MSCryptImpl::createSecurityContext(
+    const OUString& sCertDB )
    throw (cssu::RuntimeException)
 {
+    const char* n_pCertStore ;
+    HCERTSTORE  n_hStoreHandle ;
    //Initialize the crypto engine
+    if( sCertDB.getLength() > 0 )
+    {
+        OString sCertDir(sCertDB.getStr(), sCertDB.getLength(), RTL_TEXTENCODING_ASCII_US);
+        n_pCertStore = sCertDir.getStr();
+        n_hStoreHandle = CertOpenSystemStore( NULL, n_pCertStore ) ;
+        if( n_hStoreHandle == nullptr )
+        {
+            return nullptr;
+        }
+    }
+    else
+    {
+        n_pCertStore = nullptr ;
+        n_hStoreHandle = nullptr ;
+    }
-    xmlSecMSCryptoAppInit( nullptr ) ;
+    xmlSecMSCryptoAppInit( n_pCertStore ) ;
    try {
        /* Build Security Environment */
@@ -61,11 +80,24 @@ cssu::Reference< cssxc::XXMLSecurityContext > SAL_CALL
        SecurityEnvironment_MSCryptImpl* pSecEnv = reinterpret_cast<SecurityEnvironment_MSCryptImpl*>(xSecEnvTunnel->getSomething( SecurityEnvironment_MSCryptImpl::getUnoTunnelId() ));
        if( pSecEnv == nullptr )
        {
+            if( n_hStoreHandle != nullptr )
+            {
+                CertCloseStore( n_hStoreHandle, CERT_CLOSE_STORE_FORCE_FLAG ) ;
+            }
            xmlSecMSCryptoAppShutdown() ;
            return nullptr;
        }
-        pSecEnv->enableDefaultCrypt( true ) ;
+        if( n_hStoreHandle != nullptr )
+        {
+            pSecEnv->setCryptoSlot( n_hStoreHandle ) ;
+            pSecEnv->setCertDb( n_hStoreHandle ) ;
+        }
+        else
+        {
+            pSecEnv->enableDefaultCrypt( true ) ;
+        }
        /* Build XML Security Context */
        cssu::Reference< cssxc::XXMLSecurityContext > xSecCtx = cssxc::XMLSecurityContext::create( mxContext );
@@ -75,6 +107,11 @@ cssu::Reference< cssxc::XXMLSecurityContext > SAL_CALL
    }
    catch( cssu::Exception& )
    {
+        if( n_hStoreHandle != nullptr )
+        {
+            CertCloseStore( n_hStoreHandle, CERT_CLOSE_STORE_FORCE_FLAG ) ;
+        }
        xmlSecMSCryptoAppShutdown() ;
        return nullptr;
    }

--- a/xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.hxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.hxx
@@ -56,7 +56,7 @@ public:
    /* XSEInitializer */
    virtual css::uno::Reference< css::xml::crypto::XXMLSecurityContext >
-        SAL_CALL createSecurityContext()
+        SAL_CALL createSecurityContext( const OUString& certDB )
        throw (css::uno::RuntimeException) override;
    virtual void SAL_CALL freeSecurityContext( const css::uno::Reference<

--- a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx
@@ -63,7 +63,7 @@ SEInitializer_NssImpl::~SEInitializer_NssImpl()
 /* XSEInitializer */
 uno::Reference< cssxc::XXMLSecurityContext > SAL_CALL
-    SEInitializer_NssImpl::createSecurityContext()
+    SEInitializer_NssImpl::createSecurityContext( const OUString& )
    throw (uno::RuntimeException, std::exception)
 {
    CERTCertDBHandle    *pCertHandle = nullptr ;

--- a/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx
+++ b/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.hxx
@@ -41,7 +41,7 @@ public:
    /* XSEInitializer */
    virtual css::uno::Reference< css::xml::crypto::XXMLSecurityContext >
-        SAL_CALL createSecurityContext()
+        SAL_CALL createSecurityContext( const OUString& )
        throw (css::uno::RuntimeException, std::exception) override;
    virtual void SAL_CALL freeSecurityContext( const css::uno::Reference<

--- a/xmlsecurity/workben/pdfverify.cxx
+++ b/xmlsecurity/workben/pdfverify.cxx
@@ -56,7 +56,7 @@ int pdfVerify(int nArgc, char** pArgv)
        SAL_WARN("xmlsecurity.pdfio", "DeploymentException while creating SEInitializer: " << rException.Message);
        return 1;
    }
-    uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext = xSEInitializer->createSecurityContext();
+    uno::Reference<xml::crypto::XXMLSecurityContext> xSecurityContext = xSEInitializer->createSecurityContext(OUString());
    OUString aInURL;
    osl::FileBase::getFileURLFromSystemPath(OUString::fromUtf8(pArgv[1]), aInURL);