xmlsecurity: expose the certificate's SHA-256 checksum in the NSS backend

OOXML export will need an SHA-256 hash of the certificate, introducing
a css::security::XCertificate2 just for this would be probably an
overkill. The same will have to be done in the mscrypto backend in the
near future.

Change-Id: Id2df06416a713927edd60e1253ff8e1c09dd706a

xmlsecurity/inc/certificate.hxx

+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#ifndef INCLUDED_XMLSECURITY_INC_CERTIFICATE_H
+#define INCLUDED_XMLSECURITY_INC_CERTIFICATE_H
+
+#include <sal/types.h>
+
+namespace xmlsecurity
+{
+
+/// Extension of css::security::XCertificate for module-internal purposes.
+class SAL_NO_VTABLE SAL_DLLPUBLIC_RTTI Certificate
+{
+public:
+
+    /// Returns the SHA-256 thumbprint.
+    virtual css::uno::Sequence<sal_Int8> getSHA256Thumbprint() throw (css::uno::RuntimeException, std::exception) = 0;
+
+protected:
+    ~Certificate() throw () {}
+};
+
+}
+
+#endif // INCLUDED_XMLSECURITY_INC_CERTIFICATE_H
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */

xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.cxx

@@ -35,6 +35,7 @@
 #include "sanextension_nssimpl.hxx"
 #include <tools/time.hxx>
 
+using namespace ::com::sun::star;
 using namespace ::com::sun::star::uno ;
 using namespace ::com::sun::star::security ;
 
@@ -337,8 +338,22 @@ OUString getAlgorithmDescription(SECAlgorithmID *aid)
     if( pCert != nullptr )
     {
         SECStatus rv;
-        unsigned char fingerprint[20];
-        int length = ((id == SEC_OID_MD5)?MD5_LENGTH:SHA1_LENGTH);
+        unsigned char fingerprint[32];
+        int length = 0;
+        switch (id)
+        {
+        case SEC_OID_MD5:
+            length = MD5_LENGTH;
+            break;
+        case SEC_OID_SHA1:
+            length = SHA1_LENGTH;
+            break;
+        case SEC_OID_SHA256:
+            length = SHA256_LENGTH;
+            break;
+        default:
+            break;
+        }
 
         memset(fingerprint, 0, sizeof fingerprint);
         rv = PK11_HashBuf(id, fingerprint, pCert->derCert.data, pCert->derCert.len);
@@ -409,6 +424,11 @@ OUString SAL_CALL X509Certificate_NssImpl::getSignatureAlgorithm()
     return getThumbprint(m_pCert, SEC_OID_SHA1);
 }
 
+uno::Sequence<sal_Int8> X509Certificate_NssImpl::getSHA256Thumbprint() throw (uno::RuntimeException, std::exception)
+{
+    return getThumbprint(m_pCert, SEC_OID_SHA256);
+}
+
 ::com::sun::star::uno::Sequence< sal_Int8 > SAL_CALL X509Certificate_NssImpl::getMD5Thumbprint()
     throw ( ::com::sun::star::uno::RuntimeException, std::exception)
 {

xmlsecurity/source/xmlsec/nss/x509certificate_nssimpl.hxx

@@ -29,11 +29,12 @@
 #include <com/sun/star/uno/SecurityException.hpp>
 #include <com/sun/star/security/XCertificate.hpp>
 
+#include <certificate.hxx>
 #include "cert.h"
 
 class X509Certificate_NssImpl : public ::cppu::WeakImplHelper<
     ::com::sun::star::security::XCertificate ,
-    ::com::sun::star::lang::XUnoTunnel >
+    ::com::sun::star::lang::XUnoTunnel > , public xmlsecurity::Certificate
 {
     private:
         CERTCertificate* m_pCert ;
@@ -82,6 +83,9 @@ class X509Certificate_NssImpl : public ::cppu::WeakImplHelper<
         //Methods from XUnoTunnel
         virtual sal_Int64 SAL_CALL getSomething( const ::com::sun::star::uno::Sequence< sal_Int8 >& aIdentifier ) throw (com::sun::star::uno::RuntimeException, std::exception) override;
 
+        /// @see xmlsecurity::Certificate::getSHA256Thumbprint().
+        virtual css::uno::Sequence<sal_Int8> getSHA256Thumbprint() throw (css::uno::RuntimeException, std::exception) override;
+
         static const ::com::sun::star::uno::Sequence< sal_Int8 >& getUnoTunnelId() ;
 
         //Helper methods