/************************************************************************* * * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * Copyright 2000, 2010 Oracle and/or its affiliates. * * OpenOffice.org - a multi-platform office productivity suite * * This file is part of OpenOffice.org. * * OpenOffice.org is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License version 3 * only, as published by the Free Software Foundation. * * OpenOffice.org is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License version 3 for more details * (a copy is included in the LICENSE file that accompanied this code). * * You should have received a copy of the GNU Lesser General Public License * version 3 along with OpenOffice.org. If not, see * * for a copy of the LGPLv3 License. * ************************************************************************/ // MARKER(update_precomp.py): autogen include statement, do not remove #include "precompiled_xmlsecurity.hxx" #include #include #include #include #include #include #include "com/sun/star/beans/XPropertySet.hpp" #include "comphelper/documentconstants.hxx" #include #include "rtl/uri.hxx" using namespace ::com::sun::star::uno; //using namespace ::com::sun::star; namespace css = ::com::sun::star; using rtl::OUString; namespace { ::rtl::OUString getElement(::rtl::OUString const & version, ::sal_Int32 * index) { while (*index < version.getLength() && version[*index] == '0') { ++*index; } return version.getToken(0, '.', *index); } // Return 1 if version1 is greater then version 2, 0 if they are equal //and -1 if version1 is less version 2 int compareVersions( ::rtl::OUString const & version1, ::rtl::OUString const & version2) { for (::sal_Int32 i1 = 0, i2 = 0; i1 >= 0 || i2 >= 0;) { ::rtl::OUString e1(getElement(version1, &i1)); ::rtl::OUString e2(getElement(version2, &i2)); if (e1.getLength() < e2.getLength()) { return -1; } else if (e1.getLength() > e2.getLength()) { return 1; } else if (e1 < e2) { return -1; } else if (e1 > e2) { return 1; } } return 0; } } //If the OOo 3.0 mode is used then we exclude //'mimetype' and all content of 'META-INF'. //If the argument 'bSigning' is true then the element list is created for a signing //operation in which case we use the latest signing algorithm. That is all elements //we find in the zip storage are added to the list. We do not support the old signatures //which did not contain all files. //If 'bSigning' is false, then we validate. If the user enabled validating according to OOo 3.0 //then mimetype and all content of META-INF must be excluded. void ImplFillElementList( std::vector< rtl::OUString >& rList, const Reference < css::embed::XStorage >& rxStore, const ::rtl::OUString rRootStorageName, const bool bRecursive, const DocumentSignatureAlgorithm mode) { ::rtl::OUString aMetaInfName( RTL_CONSTASCII_USTRINGPARAM( "META-INF" ) ); ::rtl::OUString sMimeTypeName (RTL_CONSTASCII_USTRINGPARAM("mimetype")); ::rtl::OUString aSep( RTL_CONSTASCII_USTRINGPARAM( "/" ) ); Reference < css::container::XNameAccess > xElements( rxStore, UNO_QUERY ); Sequence< ::rtl::OUString > aElements = xElements->getElementNames(); sal_Int32 nElements = aElements.getLength(); const ::rtl::OUString* pNames = aElements.getConstArray(); for ( sal_Int32 n = 0; n < nElements; n++ ) { if (mode != OOo3_2Document && (pNames[n] == aMetaInfName || pNames[n] == sMimeTypeName)) { continue; } else { ::rtl::OUString sEncName = ::rtl::Uri::encode( pNames[n], rtl_UriCharClassRelSegment, rtl_UriEncodeStrict, RTL_TEXTENCODING_UTF8); if (sEncName.getLength() == 0 && pNames[n].getLength() != 0) throw css::uno::Exception(::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM("Failed to encode element name of XStorage")), 0); if ( rxStore->isStreamElement( pNames[n] ) ) { //Exclude documentsignatures.xml! if (pNames[n].equals( DocumentSignatureHelper::GetDocumentContentSignatureDefaultStreamName())) continue; ::rtl::OUString aFullName( rRootStorageName + sEncName ); rList.push_back(aFullName); } else if ( bRecursive && rxStore->isStorageElement( pNames[n] ) ) { Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( pNames[n], css::embed::ElementModes::READ ); rtl::OUString aFullRootName( rRootStorageName + sEncName + aSep ); ImplFillElementList(rList, xSubStore, aFullRootName, bRecursive, mode); } } } } bool DocumentSignatureHelper::isODFPre_1_2(const ::rtl::OUString & sVersion) { //The property version exists only if the document is at least version 1.2 //That is, if the document has version 1.1 and sVersion is empty. //The constant is defined in comphelper/documentconstants.hxx if (compareVersions(sVersion, ODFVER_012_TEXT) == -1) return true; return false; } bool DocumentSignatureHelper::isOOo3_2_Signature(const SignatureInformation & sigInfo) { ::rtl::OUString sManifestURI(RTL_CONSTASCII_USTRINGPARAM("META-INF/manifest.xml")); bool bOOo3_2 = false; typedef ::std::vector< SignatureReferenceInformation >::const_iterator CIT; for (CIT i = sigInfo.vSignatureReferenceInfors.begin(); i < sigInfo.vSignatureReferenceInfors.end(); i++) { if (i->ouURI.equals(sManifestURI)) { bOOo3_2 = true; break; } } return bOOo3_2; } DocumentSignatureAlgorithm DocumentSignatureHelper::getDocumentAlgorithm( const ::rtl::OUString & sODFVersion, const SignatureInformation & sigInfo) { OSL_ASSERT(sODFVersion.getLength()); DocumentSignatureAlgorithm mode = OOo3_2Document; if (!isOOo3_2_Signature(sigInfo)) { if (isODFPre_1_2(sODFVersion)) mode = OOo2Document; else mode = OOo3_0Document; } return mode; } //The function creates a list of files which are to be signed or for which //the signature is to be validated. The strings are UTF8 encoded URIs which //contain '/' as path separators. // //The algorithm how document signatures are created and validated has //changed over time. The change affects only which files within the document //are changed. Document signatures created by OOo 2.x only used particular files. Since //OOo 3.0 everything except "mimetype" and "META-INF" are signed. As of OOo 3.2 everything //except META-INF/documentsignatures.xml is signed. //Signatures are validated according to the algorithm which was then used for validation. //That is, when validating a signature which was created by OOo 3.0, then mimetype and //META-INF are not used. // //When a signature is created then we always use the latest algorithm. That is, we use //that of OOo 3.2 std::vector< rtl::OUString > DocumentSignatureHelper::CreateElementList( const Reference < css::embed::XStorage >& rxStore, const ::rtl::OUString /*rRootStorageName*/, DocumentSignatureMode eMode, const DocumentSignatureAlgorithm mode) { std::vector< rtl::OUString > aElements; ::rtl::OUString aSep( RTL_CONSTASCII_USTRINGPARAM( "/" ) ); switch ( eMode ) { case SignatureModeDocumentContent: { if (mode == OOo2Document) //that is, ODF 1.0, 1.1 { // 1) Main content ImplFillElementList(aElements, rxStore, ::rtl::OUString(), false, mode); // 2) Pictures... rtl::OUString aSubStorageName( rtl::OUString::createFromAscii( "Pictures" ) ); try { Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ ); ImplFillElementList(aElements, xSubStore, aSubStorageName+aSep, true, mode); } catch(css::io::IOException& ) { ; // Doesn't have to exist... } // 3) OLE.... aSubStorageName = rtl::OUString::createFromAscii( "ObjectReplacements" ); try { Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ ); ImplFillElementList(aElements, xSubStore, aSubStorageName+aSep, true, mode); xSubStore.clear(); // Object folders... rtl::OUString aMatchStr( rtl::OUString::createFromAscii( "Object " ) ); Reference < css::container::XNameAccess > xElements( rxStore, UNO_QUERY ); Sequence< ::rtl::OUString > aElementNames = xElements->getElementNames(); sal_Int32 nElements = aElementNames.getLength(); const ::rtl::OUString* pNames = aElementNames.getConstArray(); for ( sal_Int32 n = 0; n < nElements; n++ ) { if ( ( pNames[n].match( aMatchStr ) ) && rxStore->isStorageElement( pNames[n] ) ) { Reference < css::embed::XStorage > xTmpSubStore = rxStore->openStorageElement( pNames[n], css::embed::ElementModes::READ ); ImplFillElementList(aElements, xTmpSubStore, pNames[n]+aSep, true, mode); } } } catch( com::sun::star::io::IOException& ) { ; // Doesn't have to exist... } } else { // Everything except META-INF ImplFillElementList(aElements, rxStore, ::rtl::OUString(), true, mode); } } break; case SignatureModeMacros: { // 1) Macros rtl::OUString aSubStorageName( rtl::OUString::createFromAscii( "Basic" ) ); try { Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ ); ImplFillElementList(aElements, xSubStore, aSubStorageName+aSep, true, mode); } catch( com::sun::star::io::IOException& ) { ; // Doesn't have to exist... } // 2) Dialogs aSubStorageName = rtl::OUString::createFromAscii( "Dialogs") ; try { Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ ); ImplFillElementList(aElements, xSubStore, aSubStorageName+aSep, true, mode); } catch( com::sun::star::io::IOException& ) { ; // Doesn't have to exist... } // 3) Scripts aSubStorageName = rtl::OUString::createFromAscii( "Scripts") ; try { Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ ); ImplFillElementList(aElements, xSubStore, aSubStorageName+aSep, true, mode); } catch( css::io::IOException& ) { ; // Doesn't have to exist... } } break; case SignatureModePackage: { // Everything except META-INF ImplFillElementList(aElements, rxStore, ::rtl::OUString(), true, mode); } break; } return aElements; } SignatureStreamHelper DocumentSignatureHelper::OpenSignatureStream( const Reference < css::embed::XStorage >& rxStore, sal_Int32 nOpenMode, DocumentSignatureMode eDocSigMode ) { sal_Int32 nSubStorageOpenMode = css::embed::ElementModes::READ; if ( nOpenMode & css::embed::ElementModes::WRITE ) nSubStorageOpenMode = css::embed::ElementModes::WRITE; SignatureStreamHelper aHelper; try { ::rtl::OUString aSIGStoreName( RTL_CONSTASCII_USTRINGPARAM( "META-INF" ) ); aHelper.xSignatureStorage = rxStore->openStorageElement( aSIGStoreName, nSubStorageOpenMode ); if ( aHelper.xSignatureStorage.is() ) { ::rtl::OUString aSIGStreamName; if ( eDocSigMode == SignatureModeDocumentContent ) aSIGStreamName = DocumentSignatureHelper::GetDocumentContentSignatureDefaultStreamName(); else if ( eDocSigMode == SignatureModeMacros ) aSIGStreamName = DocumentSignatureHelper::GetScriptingContentSignatureDefaultStreamName(); else aSIGStreamName = DocumentSignatureHelper::GetPackageSignatureDefaultStreamName(); aHelper.xSignatureStream = aHelper.xSignatureStorage->openStreamElement( aSIGStreamName, nOpenMode ); } } catch(css::io::IOException& ) { // Doesn't have to exist... DBG_ASSERT( nOpenMode == css::embed::ElementModes::READ, "Error creating signature stream..." ); } return aHelper; } //sElementList contains all files which are expected to be signed. Only those files must me signed, //no more, no less. //The DocumentSignatureAlgorithm indicates if the document was created with OOo 2.x. Then //the uri s in the Reference elements in the signature, were not properly encoded. // For example: bool DocumentSignatureHelper::checkIfAllFilesAreSigned( const ::std::vector< ::rtl::OUString > & sElementList, const SignatureInformation & sigInfo, const DocumentSignatureAlgorithm alg) { // Can only be valid if ALL streams are signed, which means real stream count == signed stream count unsigned int nRealCount = 0; for ( int i = sigInfo.vSignatureReferenceInfors.size(); i; ) { const SignatureReferenceInformation& rInf = sigInfo.vSignatureReferenceInfors[--i]; // There is also an extra entry of type TYPE_SAMEDOCUMENT_REFERENCE because of signature date. if ( ( rInf.nType == TYPE_BINARYSTREAM_REFERENCE ) || ( rInf.nType == TYPE_XMLSTREAM_REFERENCE ) ) { ::rtl::OUString sReferenceURI = rInf.ouURI; if (alg == OOo2Document) { //Comparing URIs is a difficult. Therefore we kind of normalize //it before comparing. We assume that our URI do not have a leading "./" //and fragments at the end (...#...) sReferenceURI = ::rtl::Uri::encode( sReferenceURI, rtl_UriCharClassPchar, rtl_UriEncodeCheckEscapes, RTL_TEXTENCODING_UTF8); } //find the file in the element list typedef ::std::vector< ::rtl::OUString >::const_iterator CIT; for (CIT aIter = sElementList.begin(); aIter < sElementList.end(); aIter++) { ::rtl::OUString sElementListURI = *aIter; if (alg == OOo2Document) { sElementListURI = ::rtl::Uri::encode( sElementListURI, rtl_UriCharClassPchar, rtl_UriEncodeCheckEscapes, RTL_TEXTENCODING_UTF8); } if (sElementListURI.equals(sReferenceURI)) { nRealCount++; break; } } } } return sElementList.size() == nRealCount; } /*Compares the Uri which are obtained from CreateElementList with the path obtained from the manifest.xml. Returns true if both strings are equal. */ bool DocumentSignatureHelper::equalsReferenceUriManifestPath( const OUString & rUri, const OUString & rPath) { bool retVal = false; //split up the uri and path into segments. Both are separated by '/' std::vector vUriSegments; sal_Int32 nIndex = 0; do { OUString aToken = rUri.getToken( 0, '/', nIndex ); vUriSegments.push_back(aToken); } while (nIndex >= 0); std::vector vPathSegments; nIndex = 0; do { OUString aToken = rPath.getToken( 0, '/', nIndex ); vPathSegments.push_back(aToken); } while (nIndex >= 0); //Now compare each segment of the uri with its counterpart from the path if (vUriSegments.size() == vPathSegments.size()) { retVal = true; typedef std::vector::const_iterator CIT; for (CIT i = vUriSegments.begin(), j = vPathSegments.begin(); i != vUriSegments.end(); i++, j++) { //Decode the uri segment, so that %20 becomes ' ', etc. OUString sDecUri = ::rtl::Uri::decode( *i, rtl_UriDecodeWithCharset, RTL_TEXTENCODING_UTF8); if (!sDecUri.equals(*j)) { retVal = false; break; } } } return retVal; } ::rtl::OUString DocumentSignatureHelper::GetDocumentContentSignatureDefaultStreamName() { return ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "documentsignatures.xml" ) ); } ::rtl::OUString DocumentSignatureHelper::GetScriptingContentSignatureDefaultStreamName() { return ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "macrosignatures.xml" ) ); } ::rtl::OUString DocumentSignatureHelper::GetPackageSignatureDefaultStreamName() { return ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "packagesignatures.xml" ) ); }