xmlsecurity: implement XCertificateCreator for NSS backend

Change-Id: I28aa17e6c97494769185ed289836524064030f39
Reviewed-on: https://gerrit.libreoffice.org/61914
Tested-by: Jenkins
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>

xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx

@@ -26,7 +26,6 @@
 #include <sal/macros.h>
 #include <osl/diagnose.h>
 #include "securityenvironment_nssimpl.hxx"
-#include "x509certificate_nssimpl.hxx"
 #include <comphelper/servicehelper.hxx>
 
 #include <xmlsec-wrapper.h>
@@ -433,20 +432,23 @@ Sequence< Reference < XCertificate > > SecurityEnvironment_NssImpl::buildCertifi
     return Sequence< Reference < XCertificate > >();
 }
 
-Reference< XCertificate > SecurityEnvironment_NssImpl::createCertificateFromRaw( const Sequence< sal_Int8 >& rawCertificate ) {
-    X509Certificate_NssImpl* xcert ;
-
-    if( rawCertificate.getLength() > 0 ) {
-        xcert = new X509Certificate_NssImpl() ;
-        if( xcert == nullptr )
-            throw RuntimeException() ;
+X509Certificate_NssImpl* SecurityEnvironment_NssImpl::createX509CertificateFromDER(const css::uno::Sequence<sal_Int8>& aDerCertificate)
+{
+    X509Certificate_NssImpl* pX509Certificate = nullptr;
 
-        xcert->setRawCert( rawCertificate ) ;
-    } else {
-        xcert = nullptr ;
+    if (aDerCertificate.getLength() > 0)
+    {
+        pX509Certificate = new X509Certificate_NssImpl();
+        if (pX509Certificate == nullptr)
+            throw RuntimeException();
+        pX509Certificate->setRawCert(aDerCertificate);
     }
+    return pX509Certificate;
+}
 
-    return xcert ;
+Reference<XCertificate> SecurityEnvironment_NssImpl::createCertificateFromRaw(const Sequence< sal_Int8 >& rawCertificate)
+{
+    return createX509CertificateFromDER(rawCertificate);
 }
 
 Reference< XCertificate > SecurityEnvironment_NssImpl::createCertificateFromAscii( const OUString& asciiCertificate )
@@ -839,6 +841,47 @@ void SecurityEnvironment_NssImpl::destroyKeysManager(xmlSecKeysMngrPtr pKeysMngr
     }
 }
 
+uno::Reference<security::XCertificate> SecurityEnvironment_NssImpl::createDERCertificateWithPrivateKey(
+        Sequence<sal_Int8> const & raDERCertificate, Sequence<sal_Int8> const & raPrivateKey)
+{
+    SECStatus nStatus = SECSuccess;
+
+    PK11SlotInfo* pSlot = PK11_GetInternalKeySlot();
+    if (!pSlot)
+        return uno::Reference<security::XCertificate>();
+
+    SECItem pDerPrivateKeyInfo;
+    pDerPrivateKeyInfo.data = reinterpret_cast<unsigned char *>(const_cast<sal_Int8 *>(raPrivateKey.getConstArray()));
+    pDerPrivateKeyInfo.len = raPrivateKey.getLength();
+
+    const unsigned int keyUsage = KU_KEY_ENCIPHERMENT | KU_DATA_ENCIPHERMENT | KU_DIGITAL_SIGNATURE;
+    SECKEYPrivateKey* pPrivateKey = nullptr;
+
+    bool bPermanent = false;
+    bool bSensitive = false;
+
+    nStatus = PK11_ImportDERPrivateKeyInfoAndReturnKey(
+          pSlot, &pDerPrivateKeyInfo, nullptr, nullptr, bPermanent, bSensitive,
+          keyUsage, &pPrivateKey, nullptr);
+
+    if (nStatus != SECSuccess)
+        return uno::Reference<security::XCertificate>();
+
+    if (!pPrivateKey)
+        return uno::Reference<security::XCertificate>();
+
+    X509Certificate_NssImpl* pX509Certificate = createX509CertificateFromDER(raDERCertificate);
+    if (!pX509Certificate)
+        return uno::Reference<security::XCertificate>();
+
+    addCryptoSlot(pSlot);
+
+    CERTCertificate* pCERTCertificate = const_cast<CERTCertificate*>(pX509Certificate->getNssCert());
+    pCERTCertificate->slot = pSlot;
+
+    return pX509Certificate;
+}
+
 extern "C" SAL_DLLPUBLIC_EXPORT uno::XInterface*
 com_sun_star_xml_crypto_SecurityEnvironment_get_implementation(
     uno::XComponentContext* /*pCtx*/, uno::Sequence<uno::Any> const& /*rSeq*/)

xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.hxx

@@ -31,11 +31,14 @@
 
 #include <com/sun/star/lang/XServiceInfo.hpp>
 #include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp>
+#include <com/sun/star/xml/crypto/XCertificateCreator.hpp>
 #include <com/sun/star/security/XCertificate.hpp>
 #include <com/sun/star/security/CertificateCharacters.hpp>
 #include <com/sun/star/security/CertificateValidity.hpp>
 #include <com/sun/star/lang/XUnoTunnel.hpp>
 
+#include "x509certificate_nssimpl.hxx"
+
 #include <osl/mutex.hxx>
 
 #include <pk11func.h>
@@ -46,7 +49,8 @@
 #include <xmlsec-wrapper.h>
 
 class SecurityEnvironment_NssImpl : public ::cppu::WeakImplHelper<
-    css::xml::crypto::XSecurityEnvironment ,
+    css::xml::crypto::XSecurityEnvironment,
+    css::xml::crypto::XCertificateCreator,
     css::lang::XServiceInfo,
     css::lang::XUnoTunnel >
 {
@@ -111,6 +115,10 @@ private:
         virtual css::uno::Reference< css::security::XCertificate > SAL_CALL createCertificateFromRaw( const css::uno::Sequence< sal_Int8 >& rawCertificate ) override ;
         virtual css::uno::Reference< css::security::XCertificate > SAL_CALL createCertificateFromAscii( const OUString& asciiCertificate ) override ;
 
+        // Methods of XCertificateCreator
+        css::uno::Reference<css::security::XCertificate> SAL_CALL createDERCertificateWithPrivateKey(
+                css::uno::Sequence<sal_Int8> const & raDERCertificate,
+                css::uno::Sequence<sal_Int8> const & raPrivateKey) override;
 
         //Native methods
         /// @throws css::uno::RuntimeException
@@ -122,6 +130,8 @@ private:
 private:
         void updateSlots();
 
+        X509Certificate_NssImpl* createX509CertificateFromDER(const css::uno::Sequence<sal_Int8>& aDerCertificate);
+
           /// @throws css::uno::Exception
           /// @throws css::uno::RuntimeException
           void addCryptoSlot( PK11SlotInfo* aSlot ) ;