webdav: SerfSession.cxx SerfTypes.hxx SerfUri.hxx

orw Tue, 21 Jan 2014 08:33:45 -0800

Author: orw
Date: Tue Jan 21 16:32:58 2014
New Revision: 1560071

URL: http://svn.apache.org/r1560071
Log:
123744: method <SerfSession::verifySerfCertificateChain(..)> - consider 
certificate's Subject Alternative Name field when searching for matching 
certificate host name



Modified:
    openoffice/trunk/main/ucb/source/ucp/webdav/SerfSession.cxx
    openoffice/trunk/main/ucb/source/ucp/webdav/SerfTypes.hxx
    openoffice/trunk/main/ucb/source/ucp/webdav/SerfUri.hxx

Modified: openoffice/trunk/main/ucb/source/ucp/webdav/SerfSession.cxx
URL: 
http://svn.apache.org/viewvc/openoffice/trunk/main/ucb/source/ucp/webdav/SerfSession.cxx?rev=1560071&r1=1560070&r2=1560071&view=diff
==============================================================================
--- openoffice/trunk/main/ucb/source/ucp/webdav/SerfSession.cxx (original)
+++ openoffice/trunk/main/ucb/source/ucp/webdav/SerfSession.cxx Tue Jan 21 
16:32:58 2014
@@ -30,7 +30,7 @@
 #include "ucbhelper/simplecertificatevalidationrequest.hxx"
 
 #include "AprEnv.hxx"
-#include <apr_strings.h>
+#include <apr/apr_strings.h>
 
 #include "DAVAuthListener.hxx"
 #include "SerfTypes.hxx"
@@ -47,6 +47,10 @@
 #include <com/sun/star/security/CertificateContainerStatus.hpp>
 #include <com/sun/star/security/CertificateContainer.hpp>
 #include <com/sun/star/security/XCertificateContainer.hpp>
+#include <com/sun/star/security/CertAltNameEntry.hpp>
+#include <com/sun/star/security/XSanExtension.hpp>
+#define OID_SUBJECT_ALTERNATIVE_NAME "2.5.29.17"
+
 #include <com/sun/star/ucb/Lock.hpp>
 #include <com/sun/star/xml/crypto/XSEInitializer.hpp>
 
@@ -479,7 +483,40 @@ apr_status_t SerfSession::verifySerfCert
 
     // When the certificate matches the host name then we can use the
     // result of the verification.
-    if (isDomainMatch(sServerCertificateSubject))
+    bool bHostnameMatchesCertHostnames = false;
+    {
+        uno::Sequence< uno::Reference< security::XCertificateExtension > > 
extensions = xServerCertificate->getExtensions();
+        uno::Sequence< security::CertAltNameEntry > altNames;
+        for (sal_Int32 i = 0 ; i < extensions.getLength(); ++i)
+        {
+            uno::Reference< security::XCertificateExtension >element = 
extensions[i];
+
+            const rtl::OString aId ( (const sal_Char 
*)element->getExtensionId().getArray(), element->getExtensionId().getLength());
+            if ( aId.equals( OID_SUBJECT_ALTERNATIVE_NAME ) )
+            {
+                uno::Reference< security::XSanExtension > sanExtension ( 
element, uno::UNO_QUERY );
+                altNames =  sanExtension->getAlternativeNames();
+                break;
+            }
+        }
+
+        uno::Sequence< ::rtl::OUString > certHostNames(altNames.getLength() + 
1);
+        certHostNames[0] = sServerCertificateSubject;
+        for( int n = 0; n < altNames.getLength(); ++n )
+        {
+            if (altNames[n].Type ==  security::ExtAltNameType_DNS_NAME)
+            {
+                altNames[n].Value >>= certHostNames[n+1];
+            }
+        }
+
+        for ( int i = 0; i < certHostNames.getLength() && 
!bHostnameMatchesCertHostnames; ++i )
+        {
+            bHostnameMatchesCertHostnames = isDomainMatch( certHostNames[i] );
+        }
+
+    }
+    if ( bHostnameMatchesCertHostnames )
     {
 
         if (nVerificationResult == 0)
@@ -526,8 +563,7 @@ apr_status_t SerfSession::verifySerfCert
 
             if ( xSelection.is() )
             {
-                uno::Reference< task::XInteractionApprove > xApprove(
-                    xSelection.get(), uno::UNO_QUERY );
+                uno::Reference< task::XInteractionApprove > xApprove( 
xSelection.get(), uno::UNO_QUERY );
                 if ( xApprove.is() )
                 {
                     xCertificateContainer->addCertificate( getHostName(), 
sServerCertificateSubject,  sal_True );

Modified: openoffice/trunk/main/ucb/source/ucp/webdav/SerfTypes.hxx
URL: 
http://svn.apache.org/viewvc/openoffice/trunk/main/ucb/source/ucp/webdav/SerfTypes.hxx?rev=1560071&r1=1560070&r2=1560071&view=diff
==============================================================================
--- openoffice/trunk/main/ucb/source/ucp/webdav/SerfTypes.hxx (original)
+++ openoffice/trunk/main/ucb/source/ucp/webdav/SerfTypes.hxx Tue Jan 21 
16:32:58 2014
@@ -24,7 +24,7 @@
 #ifndef INCLUDED_SERFTYPES_HXX
 #define INCLUDED_SERFTYPES_HXX
 
-#include <serf.h>
+#include <serf/serf.h>
 
 typedef serf_connection_t SerfConnection;
 

Modified: openoffice/trunk/main/ucb/source/ucp/webdav/SerfUri.hxx
URL: 
http://svn.apache.org/viewvc/openoffice/trunk/main/ucb/source/ucp/webdav/SerfUri.hxx?rev=1560071&r1=1560070&r2=1560071&view=diff
==============================================================================
--- openoffice/trunk/main/ucb/source/ucp/webdav/SerfUri.hxx (original)
+++ openoffice/trunk/main/ucb/source/ucp/webdav/SerfUri.hxx Tue Jan 21 16:32:58 
2014
@@ -23,7 +23,7 @@
 #ifndef INCLUDED_SERFURI_HXX
 #define INCLUDED_SERFURI_HXX
 
-#include <apr_uri.h>
+#include <apr-util/apr_uri.h>
 #include <rtl/ustring.hxx>
 #include "DAVException.hxx"

svn commit: r1560071 - in /openoffice/trunk/main/ucb/source/ucp/webdav: SerfSession.cxx SerfTypes.hxx SerfUri.hxx

Reply via email to