xmlsignaturehelper.hxx 9 KB
Newer Older
1
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
/*
 * This file is part of the LibreOffice project.
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 *
 * This file incorporates work covered by the following license notice:
 *
 *   Licensed to the Apache Software Foundation (ASF) under one or more
 *   contributor license agreements. See the NOTICE file distributed
 *   with this work for additional information regarding copyright
 *   ownership. The ASF licenses this file to you under the Apache
 *   License, Version 2.0 (the "License"); you may not use this file
 *   except in compliance with the License. You may obtain a copy of
 *   the License at http://www.apache.org/licenses/LICENSE-2.0 .
 */
Malte Timmermann's avatar
Malte Timmermann committed
19

20 21
#ifndef INCLUDED_XMLSECURITY_INC_XMLSIGNATUREHELPER_HXX
#define INCLUDED_XMLSECURITY_INC_XMLSIGNATUREHELPER_HXX
Malte Timmermann's avatar
Malte Timmermann committed
22 23 24

#include <tools/link.hxx>
#include <rtl/ustring.hxx>
25
#include <rtl/ref.hxx>
26
#include <svl/sigstruct.hxx>
27
#include "xmlsecuritydllapi.h"
28
#include "xmlsignaturehelper.hxx"
29
#include "xsecctl.hxx"
Malte Timmermann's avatar
Malte Timmermann committed
30

31
class DateTime;
32
class UriBindingHelper;
Malte Timmermann's avatar
Malte Timmermann committed
33 34 35 36 37 38 39 40 41 42 43

namespace com {
namespace sun {
namespace star {
namespace io {
    class XOutputStream;
    class XInputStream; }
namespace embed {
    class XStorage; }
}}}

44 45 46 47 48 49
namespace com { namespace sun { namespace star { namespace graphic { class XGraphic; } } } }
namespace com { namespace sun { namespace star { namespace uno { class XComponentContext; } } } }
namespace com { namespace sun { namespace star { namespace xml { namespace crypto { class XXMLSecurityContext; } } } } }
namespace com { namespace sun { namespace star { namespace xml { namespace sax { class XDocumentHandler; } } } } }
namespace com { namespace sun { namespace star { namespace xml { namespace sax { class XWriter; } } } } }

Malte Timmermann's avatar
Malte Timmermann committed
50 51 52 53 54 55 56 57 58 59 60 61 62
/**********************************************************
 XMLSignatureHelper

 Helper class for the XML Security framework

 Functions:
 1. help to create a security context;
 2. help to listen signature creation result;
 3. help to listen signature verify result;
 4. help to indicate which signature to verify.

 **********************************************************/

63
class XMLSECURITY_DLLPUBLIC XMLSignatureHelper
Malte Timmermann's avatar
Malte Timmermann committed
64 65
{
private:
66
    css::uno::Reference< css::uno::XComponentContext > mxCtx;
67
    rtl::Reference<UriBindingHelper> mxUriBinding;
Malte Timmermann's avatar
Malte Timmermann committed
68

69
    rtl::Reference<XSecController> mpXSecController;
Malte Timmermann's avatar
Malte Timmermann committed
70
    bool                        mbError;
71
    bool mbODFPre1_2;
Noel Grandin's avatar
Noel Grandin committed
72
    Link<LinkParamNone*,bool>   maStartVerifySignatureHdl;
Malte Timmermann's avatar
Malte Timmermann committed
73 74

private:
75
    XMLSignatureHelper(const XMLSignatureHelper&) = delete;
Malte Timmermann's avatar
Malte Timmermann committed
76 77

public:
78
    XMLSignatureHelper(const css::uno::Reference< css::uno::XComponentContext >& mrCtx );
Malte Timmermann's avatar
Malte Timmermann committed
79 80
    ~XMLSignatureHelper();

81 82
    void StartVerifySignatureElement();

83
    // Set the storage which should be used by the default UriBinding
Andrea Gelmini's avatar
Andrea Gelmini committed
84
    // Must be set before StartMission().
85
    //sODFVersion indicates  the ODF version
86
    void        SetStorage( const css::uno::Reference < css::embed::XStorage >& rxStorage, const OUString& sODFVersion );
Malte Timmermann's avatar
Malte Timmermann committed
87 88 89

                // Argument for the Link is a uno::Reference< xml::sax::XAttributeList >*
                // Return 1 to verify, 0 to skip.
Malte Timmermann's avatar
Malte Timmermann committed
90
                // Default handler will verify all.
Noel Grandin's avatar
Noel Grandin committed
91
    void        SetStartVerifySignatureHdl( const Link<LinkParamNone*,bool>& rLink );
Malte Timmermann's avatar
Malte Timmermann committed
92

Andrea Gelmini's avatar
Andrea Gelmini committed
93
                // After signing/verifying, get information about signatures
94
    SignatureInformation  GetSignatureInformation( sal_Int32 nSecurityId ) const;
Malte Timmermann's avatar
Malte Timmermann committed
95 96 97
    SignatureInformations GetSignatureInformations() const;

                // See XSecController for documentation
98
    void        StartMission(const css::uno::Reference<css::xml::crypto::XXMLSecurityContext>& xSecurityContext);
Malte Timmermann's avatar
Malte Timmermann committed
99 100
    void        EndMission();
    sal_Int32   GetNewSecurityId();
101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118
    /** sets data that describes the certificate.

        It is absolutely necessary that the parameter ouX509IssuerName is set. It contains
        the base64 encoded certificate, which is DER encoded. The XMLSec needs it to find
        the private key. Although issuer name and certificate should be sufficient to identify
        the certificate the implementation in XMLSec is broken, both for Windows and mozilla.
        The reason is that they use functions to find the certificate which take as parameter
        the DER encoded ASN.1 issuer name. The issuer name is a DName, where most attributes
        are of type DirectoryName, which is a choice of 5 string types. This information is
        not contained in the issuer string and while it is converted to the ASN.1 name the
        conversion function must assume a particular type, which is often wrong. For example,
        the Windows function CertStrToName will use a T.61 string if the string does not contain
        special characters. So if the certificate uses simple characters but encodes the
        issuer attributes in Utf8, then CertStrToName will use T.61. The resulting DER encoded
        ASN.1 name now contains different bytes which indicate the string type. The functions
        for finding the certificate apparently use memcmp - hence they fail to find the
        certificate.
     */
119
    void SetX509Certificate(sal_Int32 nSecurityId, const OUString& ouX509IssuerName,
120 121
        const OUString& ouX509SerialNumber, const OUString& ouX509Cert, const OUString& ouX509CertDigest,
        svl::crypto::SignatureMethodAlgorithm eAlgorithmID);
122

123 124
    void AddEncapsulatedX509Certificate(const OUString& ouEncapsulatedX509Certificate);

125
    void SetGpgCertificate(sal_Int32 nSecurityId, const OUString& ouGpgCertDigest,
126
        const OUString& ouGpgCert, const OUString& ouGpgOwner);
127

128
    void        SetDateTime( sal_Int32 nSecurityId, const DateTime& rDateTime );
129
    void SetDescription(sal_Int32 nSecurityId, const OUString& rDescription);
130
    void SetSignatureLineId(sal_Int32 nSecurityId, const OUString& rSignatureLineId);
131 132 133 134 135
    void
    SetSignatureLineValidGraphic(sal_Int32 nSecurityId,
                                 const css::uno::Reference<css::graphic::XGraphic>& xValidGraphic);
    void SetSignatureLineInvalidGraphic(
        sal_Int32 nSecurityId, const css::uno::Reference<css::graphic::XGraphic>& xInvalidGraphic);
Malte Timmermann's avatar
Malte Timmermann committed
136

137
    void        AddForSigning( sal_Int32 securityId, const OUString& uri, bool bBinary, bool bXAdESCompliantIfODF );
138
    void        CreateAndWriteSignature( const css::uno::Reference< css::xml::sax::XDocumentHandler >& xDocumentHandler, bool bXAdESCompliantIfODF );
139
    bool        ReadAndVerifySignature( const css::uno::Reference< css::io::XInputStream >& xInputStream );
Malte Timmermann's avatar
Malte Timmermann committed
140 141 142

    // MT: ??? I think only for adding/removing, not for new signatures...
    // MM: Yes, but if you want to insert a new signature into an existing signature file, those function
Julien Nabet's avatar
Julien Nabet committed
143
    //     will be very useful, see Mission 3 in the new "multisigdemo" program   :-)
144 145
    css::uno::Reference< css::xml::sax::XWriter> CreateDocumentHandlerWithHeader( const css::uno::Reference< css::io::XOutputStream >& xOutputStream );
    static void CloseDocumentHandler( const css::uno::Reference< css::xml::sax::XDocumentHandler>& xDocumentHandler );
146 147 148 149
    static void ExportSignature(
        const css::uno::Reference< css::xml::sax::XDocumentHandler >& xDocumentHandler,
        const SignatureInformation& signatureInfo,
        bool bXAdESCompliantIfODF );
150

151
    /// Read and verify OOXML signatures.
152
    bool ReadAndVerifySignatureStorage(const css::uno::Reference<css::embed::XStorage>& xStorage, bool bCacheLastSignature = true);
153 154
    /// Read and verify a single OOXML signature.
    bool ReadAndVerifySignatureStorageStream(const css::uno::Reference<css::io::XInputStream>& xInputStream);
155
    /// Adds or removes an OOXML digital signature relation to _rels/.rels if there wasn't any before.
156
    void EnsureSignaturesRelation(const css::uno::Reference<css::embed::XStorage>& xStorage, bool bAdd);
157
    /// Given that xStorage is an OOXML _xmlsignatures storage, create origin.sigs and its relations.
158
    void ExportSignatureRelations(const css::uno::Reference<css::embed::XStorage>& xStorage, int nSignatureCount);
159
    /// Given that xSignatureStorage is an OOXML _xmlsignatures storage, create and write a new signature.
160
    void CreateAndWriteOOXMLSignature(const css::uno::Reference<css::embed::XStorage>& xRootStorage, const css::uno::Reference<css::embed::XStorage>& xSignatureStorage, int nSignatureIndex);
161
    /// Similar to CreateAndWriteOOXMLSignature(), but used to write the signature to the persistent storage, not the temporary one.
162
    void ExportOOXMLSignature(const css::uno::Reference<css::embed::XStorage>& xRootStorage, const css::uno::Reference<css::embed::XStorage>& xSignatureStorage, const SignatureInformation& rInformation, int nSignatureIndex);
163
    /// Given that xStorage is an OOXML root storage, advertise signatures in its [Content_Types].xml stream.
164
    void ExportSignatureContentTypes(const css::uno::Reference<css::embed::XStorage>& xStorage, int nSignatureCount);
Malte Timmermann's avatar
Malte Timmermann committed
165 166
};

167
#endif // INCLUDED_XMLSECURITY_INC_XMLSIGNATUREHELPER_HXX
168 169

/* vim:set shiftwidth=4 softtabstop=4 expandtab: */