xmlsecurity: use common NSS init in PDFDocument

The custom code took care of NSS only, the shared code will handle
mscrypto as well.

Change-Id: I73b904d2e0750d2d847eaaf1ac2b02d41b37d357
Reviewed-on: https://gerrit.libreoffice.org/29763Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>

xmlsecurity/inc/pdfsignaturehelper.hxx

@@ -17,13 +17,20 @@
 
 #include <com/sun/star/io/XInputStream.hpp>
 #include <com/sun/star/security/DocumentSignatureInformation.hpp>
+#include <com/sun/star/uno/XComponentContext.hpp>
+#include <com/sun/star/xml/crypto/XSEInitializer.hpp>
+#include <com/sun/star/xml/crypto/XXMLSecurityContext.hpp>
 
 /// Handles signatures of a PDF file.
 class XMLSECURITY_DLLPUBLIC PDFSignatureHelper
 {
+    css::uno::Reference<css::uno::XComponentContext> m_xComponentContext;
+    css::uno::Reference<css::xml::crypto::XSEInitializer> m_xSEInitializer;
+    css::uno::Reference<css::xml::crypto::XXMLSecurityContext> m_xSecurityContext;
     std::vector<css::security::DocumentSignatureInformation> m_aSignatureInfos;
 
 public:
+    PDFSignatureHelper(const css::uno::Reference<css::uno::XComponentContext>& xComponentContext);
     bool ReadAndVerifySignature(const css::uno::Reference<css::io::XInputStream>& xInputStream);
     css::uno::Sequence<css::security::DocumentSignatureInformation> GetDocumentSignatureInformations();
 };

xmlsecurity/source/component/documentdigitalsignatures.cxx

@@ -263,7 +263,7 @@ DocumentDigitalSignatures::ImplVerifySignatures(
         if (xSignStream.is())
         {
             // Something not ZIP-based, try PDF.
-            PDFSignatureHelper aSignatureHelper;
+            PDFSignatureHelper aSignatureHelper(mxCtx);
             if (aSignatureHelper.ReadAndVerifySignature(xSignStream))
                 return aSignatureHelper.GetDocumentSignatureInformations();
         }

xmlsecurity/source/helper/pdfsignaturehelper.cxx

@@ -11,6 +11,8 @@
 
 #include <memory>
 
+#include <com/sun/star/xml/crypto/SEInitializer.hpp>
+
 #include <comphelper/sequence.hxx>
 #include <tools/stream.hxx>
 #include <unotools/ucbstreamhelper.hxx>
@@ -19,6 +21,15 @@
 
 using namespace ::com::sun::star;
 
+PDFSignatureHelper::PDFSignatureHelper(const uno::Reference<uno::XComponentContext>& xComponentContext)
+    : m_xComponentContext(xComponentContext)
+{
+    m_xSEInitializer = xml::crypto::SEInitializer::create(m_xComponentContext);
+    if (m_xSEInitializer.is())
+        // This initializes nss / mscrypto.
+        m_xSecurityContext = m_xSEInitializer->createSecurityContext(OUString());
+}
+
 bool PDFSignatureHelper::ReadAndVerifySignature(const uno::Reference<io::XInputStream>& xInputStream)
 {
     if (!xInputStream.is())

xmlsecurity/source/pdfio/pdfdocument.cxx

@@ -734,20 +734,8 @@ bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement* pSignat
     }
 
 #ifdef XMLSEC_CRYPTO_NSS
-    // Validate the signature.
-
-    const char* pEnv = getenv("MOZILLA_CERTIFICATE_FOLDER");
-    if (!pEnv)
-    {
-        SAL_WARN("xmlsecurity.pdfio", "PDFDocument::ValidateSignature: no mozilla cert folder");
-        return false;
-    }
-
-    if (NSS_Init(pEnv) != SECSuccess)
-    {
-        SAL_WARN("xmlsecurity.pdfio", "PDFDocument::ValidateSignature: NSS_Init() failed");
-        return false;
-    }
+    // Validate the signature. No need to call NSS_Init() here, assume that the
+    // caller did that already.
 
     SECItem aSignatureItem;
     aSignatureItem.data = aSignature.data();
@@ -875,11 +863,6 @@ bool PDFDocument::ValidateSignature(SvStream& rStream, PDFObjectElement* pSignat
     PORT_Free(pActualResultBuffer);
     HASH_Destroy(pHASHContext);
     NSS_CMSSignerInfo_Destroy(pCMSSignerInfo);
-    if (NSS_Shutdown() != SECSuccess)
-    {
-        SAL_WARN("xmlsecurity.pdfio", "PDFDocument::ValidateSignature: NSS_Shutdown() failed");
-        return false;
-    }
 
     return true;
 #else