1 /************************************************************** 2 * 3 * Licensed to the Apache Software Foundation (ASF) under one 4 * or more contributor license agreements. See the NOTICE file 5 * distributed with this work for additional information 6 * regarding copyright ownership. The ASF licenses this file 7 * to you under the Apache License, Version 2.0 (the 8 * "License"); you may not use this file except in compliance 9 * with the License. You may obtain a copy of the License at 10 * 11 * http://www.apache.org/licenses/LICENSE-2.0 12 * 13 * Unless required by applicable law or agreed to in writing, 14 * software distributed under the License is distributed on an 15 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 * KIND, either express or implied. See the License for the 17 * specific language governing permissions and limitations 18 * under the License. 19 * 20 *************************************************************/ 21 22 23 24 #ifndef _XSEC_CTL_HXX 25 #define _XSEC_CTL_HXX 26 27 #include <xmlsecurity/sigstruct.hxx> 28 29 #include <com/sun/star/uno/XComponentContext.hpp> 30 #include <com/sun/star/xml/sax/XParser.hpp> 31 #include <com/sun/star/lang/XInitialization.hpp> 32 #include <com/sun/star/xml/sax/XDocumentHandler.hpp> 33 #include <com/sun/star/xml/sax/XAttributeList.hpp> 34 #include <com/sun/star/xml/crypto/XXMLSignature.hpp> 35 #include <com/sun/star/xml/crypto/XSEInitializer.hpp> 36 #include <com/sun/star/xml/crypto/sax/XSecurityController.hpp> 37 #include <com/sun/star/xml/crypto/sax/XElementStackKeeper.hpp> 38 #include <com/sun/star/xml/crypto/sax/XSecuritySAXEventKeeper.hpp> 39 #include <com/sun/star/xml/crypto/sax/XReferenceResolvedListener.hpp> 40 #include <com/sun/star/xml/crypto/sax/XSAXEventKeeperStatusChangeListener.hpp> 41 #include <com/sun/star/xml/crypto/sax/XSignatureCreationResultListener.hpp> 42 #include <com/sun/star/xml/crypto/sax/XSignatureVerifyResultListener.hpp> 43 #include <com/sun/star/xml/wrapper/XXMLDocumentWrapper.hpp> 44 #include <com/sun/star/beans/XFastPropertySet.hpp> 45 #include <com/sun/star/io/XOutputStream.hpp> 46 #include <com/sun/star/io/XInputStream.hpp> 47 48 #include <rtl/ustrbuf.hxx> 49 50 #include <cppuhelper/implbase4.hxx> 51 52 #ifndef INCLUDED_VECTOR 53 #include <vector> 54 #define INCLUDED_VECTOR 55 #endif 56 57 /* 58 * all error information 59 */ 60 #define ERROR_CANNOTCREATEXMLSECURITYCOMPONENT "Can't create XML security components." 61 #define ERROR_SAXEXCEPTIONDURINGCREATION "A SAX exception is throwed during signature creation." 62 #define ERROR_IOEXCEPTIONDURINGCREATION "An IO exception is throwed during signature creation." 63 #define ERROR_EXCEPTIONDURINGCREATION "An exception is throwed during signature creation." 64 65 /* 66 * all stringS in signature element 67 */ 68 #define TAG_SIGNATURE "Signature" 69 #define TAG_SIGNEDINFO "SignedInfo" 70 #define TAG_CANONICALIZATIONMETHOD "CanonicalizationMethod" 71 #define TAG_SIGNATUREMETHOD "SignatureMethod" 72 #define TAG_REFERENCE "Reference" 73 #define TAG_TRANSFORMS "Transforms" 74 #define TAG_TRANSFORM "Transform" 75 #define TAG_DIGESTMETHOD "DigestMethod" 76 #define TAG_DIGESTVALUE "DigestValue" 77 #define TAG_SIGNATUREVALUE "SignatureValue" 78 #define TAG_KEYINFO "KeyInfo" 79 #define TAG_X509DATA "X509Data" 80 #define TAG_X509ISSUERSERIAL "X509IssuerSerial" 81 #define TAG_X509ISSUERNAME "X509IssuerName" 82 #define TAG_X509SERIALNUMBER "X509SerialNumber" 83 #define TAG_X509CERTIFICATE "X509Certificate" 84 #define TAG_OBJECT "Object" 85 #define TAG_SIGNATUREPROPERTIES "SignatureProperties" 86 #define TAG_SIGNATUREPROPERTY "SignatureProperty" 87 #define TAG_TIMESTAMP "timestamp" 88 #define TAG_DATE "date" 89 //#define TAG_TIME "time" 90 91 #define ATTR_XMLNS "xmlns" 92 #define ATTR_ALGORITHM "Algorithm" 93 #define ATTR_URI "URI" 94 #define ATTR_ID "Id" 95 #define ATTR_TARGET "Target" 96 97 #define NSTAG_DC "dc" 98 99 #define NS_XMLDSIG "http://www.w3.org/2000/09/xmldsig#" 100 //#define NS_DATETIME "http://www.ietf.org/rfcXXXX.txt" 101 #define NS_DC "http://purl.org/dc/elements/1.1/" 102 103 #define ALGO_C14N "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" 104 #define ALGO_RSASHA1 "http://www.w3.org/2000/09/xmldsig#rsa-sha1" 105 #define ALGO_XMLDSIGSHA1 "http://www.w3.org/2000/09/xmldsig#sha1" 106 107 #define CHAR_FRAGMENT "#" 108 #define CHAR_BLANK " " 109 110 111 /* 112 * status of security related components 113 */ 114 #define UNINITIALIZED 0 115 #define INITIALIZED 1 116 #define FAILTOINITIALIZED 2 117 118 #define RTL_ASCII_USTRINGPARAM( asciiStr ) asciiStr, strlen( asciiStr ), RTL_TEXTENCODING_ASCII_US 119 120 // forward declaration 121 class XSecParser; 122 123 class InternalSignatureInformation 124 { 125 public: 126 SignatureInformation signatureInfor; 127 128 com::sun::star::uno::Reference< 129 com::sun::star::xml::crypto::sax::XReferenceResolvedListener > 130 xReferenceResolvedListener; 131 132 ::std::vector< sal_Int32 > vKeeperIds; 133 InternalSignatureInformation(sal_Int32 nId,com::sun::star::uno::Reference<com::sun::star::xml::crypto::sax::XReferenceResolvedListener> xListener)134 InternalSignatureInformation( 135 sal_Int32 nId, 136 com::sun::star::uno::Reference< com::sun::star::xml::crypto::sax::XReferenceResolvedListener > 137 xListener) 138 :signatureInfor(nId) 139 { 140 xReferenceResolvedListener = xListener; 141 } 142 addReference(sal_Int32 type,rtl::OUString uri,sal_Int32 keeperId)143 void addReference( sal_Int32 type, rtl::OUString uri, sal_Int32 keeperId ) 144 { 145 signatureInfor.vSignatureReferenceInfors.push_back( 146 SignatureReferenceInformation(type, uri)); 147 vKeeperIds.push_back( keeperId ); 148 } 149 }; 150 151 typedef ::std::vector< InternalSignatureInformation > InternalSignatureInformations; 152 153 class XSecController : public cppu::WeakImplHelper4 154 < 155 com::sun::star::xml::crypto::sax::XSecurityController, 156 //com::sun::star::beans::XFastPropertySet, 157 com::sun::star::xml::crypto::sax::XSAXEventKeeperStatusChangeListener, 158 com::sun::star::xml::crypto::sax::XSignatureCreationResultListener, 159 com::sun::star::xml::crypto::sax::XSignatureVerifyResultListener 160 > 161 /****** XSecController.hxx/CLASS XSecController ******************************* 162 * 163 * NAME 164 * XSecController -- the xml security framework controller 165 * 166 * FUNCTION 167 * Controlls the whole xml security framework to create signatures or to 168 * verify signatures. 169 * 170 * HISTORY 171 * 05.01.2004 - Interface supported: XSecurityController, 172 * XFastPropertySet, XSAXEventKeeperStatusChangeListener, 173 * XSignatureCreationResultListener, 174 * XSignatureVerifyResultListener 175 * 176 * NOTES 177 * The XFastPropertySet interface is used to transfer common values to 178 * classes in other module, for instance, the signature id for all 179 * sessions is transferred to xmloff module through this interface. 180 * 181 * AUTHOR 182 * Michael Mi 183 * Email: michael.mi@sun.com 184 ******************************************************************************/ 185 { 186 friend class XSecParser; 187 188 private: 189 com::sun::star::uno::Reference< com::sun::star::uno::XComponentContext> mxCtx; 190 191 /* 192 * used to buffer SAX events 193 */ 194 com::sun::star::uno::Reference< 195 com::sun::star::xml::wrapper::XXMLDocumentWrapper > m_xXMLDocumentWrapper; 196 197 /* 198 * the SAX events keeper 199 */ 200 com::sun::star::uno::Reference< 201 com::sun::star::xml::crypto::sax::XSecuritySAXEventKeeper > m_xSAXEventKeeper; 202 203 /* 204 * the bridge component which creates/verifies signature 205 */ 206 com::sun::star::uno::Reference< 207 com::sun::star::xml::crypto::XXMLSignature > m_xXMLSignature; 208 209 /* 210 * the Security Context 211 */ 212 com::sun::star::uno::Reference< 213 com::sun::star::xml::crypto::XXMLSecurityContext > m_xSecurityContext; 214 215 #if 0 216 /* 217 * the signature creation result listener 218 */ 219 com::sun::star::uno::Reference< 220 com::sun::star::xml::crypto::sax::XSignatureCreationResultListener > m_xSignatureCreationResultListener; 221 /* 222 * the signature verify result listener 223 */ 224 com::sun::star::uno::Reference< 225 com::sun::star::xml::crypto::sax::XSignatureVerifyResultListener > m_xSignatureVerifyResultListener; 226 #endif 227 228 /* 229 * the security id incrementer, in order to make any security id unique 230 * to the SAXEventKeeper. 231 * Because each XSecController has its own SAXEventKeeper, so this variable 232 * is not necessary to be static. 233 */ 234 sal_Int32 m_nNextSecurityId; 235 236 /* 237 * Signature information 238 */ 239 InternalSignatureInformations m_vInternalSignatureInformations; 240 241 /* 242 * the previous node on the SAX chain. 243 * The reason that use a Reference<XInterface> type variable 244 * is that the previous components are different when exporting 245 * and importing, and there is no other common interface they 246 * can provided. 247 */ 248 com::sun::star::uno::Reference< 249 com::sun::star::uno::XInterface > m_xPreviousNodeOnSAXChain; 250 /* 251 * whether the preivous node can provide an XInitiazlize interface, 252 * use this variable in order to typecast the XInterface to the 253 * correct interface type. 254 */ 255 bool m_bIsPreviousNodeInitializable; 256 257 /* 258 * the next node on the SAX chain. 259 * it can always provide an XDocumentHandler interface. 260 */ 261 com::sun::star::uno::Reference< 262 com::sun::star::xml::sax::XDocumentHandler > m_xNextNodeOnSAXChain; 263 264 /* 265 * the ElementStackKeeper is used to reserve the key SAX events. 266 * when the SAXEventKeeper is chained on the SAX chain, it need 267 * first get all missed key SAX events in order to make sure the 268 * DOM tree it buffering has the same structure with the original 269 * document. 270 * 271 * For a given section of a SAX event stream, the key SAX events 272 * are the minimal SAX event subset of that section, which, 273 * combining with SAX events outside of this section, has the same 274 * structure with the original document. 275 * 276 * For example, sees the following dom fragment: 277 * <A> 278 * <B/> 279 * <C> 280 * <D> 281 * <E/> 282 * </D> 283 * </C> 284 * </A> 285 * 286 * If we consider the SAX event section from startElement(<A>) to 287 * startElement(<D>), then the key SAX events are: 288 * 289 * startElement(<A>), startElement(<C>), startElement(<D>) 290 * 291 * The startElement(<B>) and endElement(<B>) is ignored, because 292 * they are unimportant for the tree structure in this section. 293 * 294 * If we consider the SAX event section from startElement(<D>) to 295 * endElement(<A>), the key SAX events are: 296 * 297 * startElement(<D>), endElement(<D>), endElement(<C>), 298 * endElement(<A>). 299 */ 300 com::sun::star::uno::Reference< 301 com::sun::star::xml::crypto::sax::XElementStackKeeper > m_xElementStackKeeper; 302 303 /* 304 * a flag representing whether the SAXEventKeeper is now on the 305 * SAX chain. 306 */ 307 bool m_bIsSAXEventKeeperConnected; 308 309 /* 310 * a flag representing whether it is collecting some element, 311 * which means that the SAXEventKeeper can't be chained off the 312 * SAX chain. 313 */ 314 bool m_bIsCollectingElement; 315 316 /* 317 * a flag representing whether the SAX event stream is blocking, 318 * which also means that the SAXEventKeeper can't be chained off 319 * the SAX chain. 320 */ 321 bool m_bIsBlocking; 322 323 /* 324 * a flag representing the current status of security related 325 * components. 326 */ 327 sal_Int32 m_nStatusOfSecurityComponents; 328 329 /* 330 * a flag representing whether the SAXEventKeeper need to be 331 * on the SAX chain all the time. 332 * This flag is used to the situation when creating signature. 333 */ 334 bool m_bIsSAXEventKeeperSticky; 335 336 /* 337 * fast property vector 338 */ 339 std::vector< sal_Int32 > m_vFastPropertyIndexs; 340 std::vector< com::sun::star::uno::Any > m_vFastPropertyValues; 341 342 /* 343 * error message pointer 344 */ 345 const char *m_pErrorMessage; 346 347 /* 348 * the XSecParser which is used to parse the signature stream 349 */ 350 XSecParser *m_pXSecParser; 351 352 /* 353 * the caller assigned signature id for the next signature in the 354 * signature stream 355 */ 356 sal_Int32 m_nReservedSignatureId; 357 358 /* 359 * representing whether to verify the current signature 360 */ 361 bool m_bVerifyCurrentSignature; 362 public: 363 /* 364 * An xUriBinding is provided to map Uris to XInputStream interfaces. 365 */ 366 com::sun::star::uno::Reference< 367 com::sun::star::xml::crypto::XUriBinding > m_xUriBinding; 368 369 private: 370 371 /* 372 * Common methods 373 */ 374 sal_Bool convertNumber( sal_Int32& rValue, const rtl::OUString& rString, sal_Int32 nMin, sal_Int32 nMax ); 375 void convertDateTime( ::rtl::OUStringBuffer& rBuffer, const com::sun::star::util::DateTime& rDateTime ); 376 sal_Bool convertDateTime( com::sun::star::util::DateTime& rDateTime, const ::rtl::OUString& rString ); 377 378 void createXSecComponent( ); 379 int findSignatureInfor( sal_Int32 nSecurityId ) const; 380 bool chainOn( bool bRetrievingLastEvent ); 381 void chainOff(); 382 void checkChainingStatus(); 383 void initializeSAXChain(); 384 385 com::sun::star::uno::Reference< 386 com::sun::star::io::XInputStream > getObjectInputStream( const rtl::OUString& objectURL ); 387 388 //sal_Int32 getFastPropertyIndex(sal_Int32 nHandle) const; 389 390 /* 391 * For signature generation 392 */ 393 rtl::OUString createId(); 394 com::sun::star::uno::Reference< 395 com::sun::star::xml::crypto::sax::XReferenceResolvedListener > prepareSignatureToWrite( 396 InternalSignatureInformation& signatureInfo ); 397 398 /* 399 * For signature verification 400 */ 401 void addSignature(); 402 void addReference( const rtl::OUString& ouUri); 403 void addStreamReference( 404 const rtl::OUString& ouUri, 405 bool isBinary ); 406 void setReferenceCount() const; 407 408 void setX509IssuerName( rtl::OUString& ouX509IssuerName ); 409 void setX509SerialNumber( rtl::OUString& ouX509SerialNumber ); 410 void setX509Certificate( rtl::OUString& ouX509Certificate ); 411 void setSignatureValue( rtl::OUString& ouSignatureValue ); 412 void setDigestValue( rtl::OUString& ouDigestValue ); 413 414 void setDate( rtl::OUString& ouDate ); 415 416 void setId( rtl::OUString& ouId ); 417 void setPropertyId( rtl::OUString& ouPropertyId ); 418 419 com::sun::star::uno::Reference< 420 com::sun::star::xml::crypto::sax::XReferenceResolvedListener > prepareSignatureToRead( 421 sal_Int32 nSecurityId ); 422 423 public: 424 XSecController(const com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext>& rxCtx); 425 ~XSecController(); 426 427 sal_Int32 getNewSecurityId( ); 428 429 void startMission( const com::sun::star::uno::Reference< 430 com::sun::star::xml::crypto::XUriBinding >& xUriBinding, 431 const com::sun::star::uno::Reference< 432 com::sun::star::xml::crypto::XXMLSecurityContext >& xSecurityContext ); 433 434 void setSAXChainConnector( 435 const com::sun::star::uno::Reference< 436 com::sun::star::lang::XInitialization >& xInitialization, 437 const com::sun::star::uno::Reference< 438 com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler, 439 const com::sun::star::uno::Reference< 440 com::sun::star::xml::crypto::sax::XElementStackKeeper >& xElementStackKeeper); 441 442 void setSAXChainConnector( 443 const com::sun::star::uno::Reference< 444 com::sun::star::xml::sax::XParser >& xParser, 445 const com::sun::star::uno::Reference< 446 com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler, 447 const com::sun::star::uno::Reference< 448 com::sun::star::xml::crypto::sax::XElementStackKeeper >& xElementStackKeeper); 449 450 void clearSAXChainConnector(); 451 void endMission(); 452 const char* getErrorMessage(); 453 454 SignatureInformation getSignatureInformation( sal_Int32 nSecurityId ) const; 455 SignatureInformations getSignatureInformations() const; 456 457 void exportSignature( 458 const com::sun::star::uno::Reference< 459 com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler, 460 const SignatureInformation& signatureInfo ); 461 462 463 /* 464 * For signature generation 465 */ 466 void collectToSign( sal_Int32 securityId, const rtl::OUString& referenceId ); 467 void signAStream( sal_Int32 securityId, const rtl::OUString& uri, const rtl::OUString& objectURL, sal_Bool isBinary); 468 469 470 /** sets data that describes the certificate. 471 472 It is absolutely necessary that the parameter ouX509IssuerName is set. It contains 473 the base64 encoded certificate, which is DER encoded. The XMLSec needs it to find 474 the private key. Although issuer name and certificate should be sufficient to identify 475 the certificate the implementation in XMLSec is broken, both for Windows and mozilla. 476 The reason is that they use functions to find the certificate which take as parameter 477 the DER encoded ASN.1 issuer name. The issuer name is a DName, where most attributes 478 are of type DirectoryName, which is a choice of 5 string types. This information is 479 not contained in the issuer string and while it is converted to the ASN.1 name the 480 conversion function must assume a particular type, which is often wrong. For example, 481 the Windows function CertStrToName will use a T.61 string if the string does not contain 482 special characters. So if the certificate uses simple characters but encodes the 483 issuer attributes in Utf8, then CertStrToName will use T.61. The resulting DER encoded 484 ASN.1 name now contains different bytes which indicate the string type. The functions 485 for finding the certificate apparently use memcmp - hence they fail to find the 486 certificate. 487 */ 488 void setX509Certificate( 489 sal_Int32 nSecurityId, 490 const rtl::OUString& ouX509IssuerName, 491 const rtl::OUString& ouX509SerialNumber, 492 const rtl::OUString& ouX509Cert); 493 // see the other setX509Certifcate function 494 void setX509Certificate( 495 sal_Int32 nSecurityId, 496 const sal_Int32 nSecurityEnvironmentIndex, 497 const rtl::OUString& ouX509IssuerName, 498 const rtl::OUString& ouX509SerialNumber, 499 const rtl::OUString& ouX509Cert); 500 501 void setDate( 502 sal_Int32 nSecurityId, 503 const ::com::sun::star::util::DateTime& rDateTime ); 504 505 506 bool WriteSignature( 507 const com::sun::star::uno::Reference< 508 com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler ); 509 510 /* 511 * For signature verification 512 */ 513 void collectToVerify( const rtl::OUString& referenceId ); 514 void addSignature( sal_Int32 nSignatureId ); 515 com::sun::star::uno::Reference< com::sun::star::xml::sax::XDocumentHandler > createSignatureReader(); 516 void releaseSignatureReader(); 517 518 public: 519 /* Interface methods */ 520 521 /* 522 * XSecurityController 523 * 524 * no method in XSecurityController interface 525 */ 526 527 /* 528 * XFastPropertySet 529 */ 530 /* 531 virtual void SAL_CALL setFastPropertyValue( 532 sal_Int32 nHandle, 533 const com::sun::star::uno::Any& aValue ) 534 throw ( 535 com::sun::star::beans::UnknownPropertyException, 536 com::sun::star::beans::PropertyVetoException, 537 com::sun::star::lang::IllegalArgumentException, 538 com::sun::star::lang::WrappedTargetException, 539 com::sun::star::uno::RuntimeException); 540 virtual com::sun::star::uno::Any SAL_CALL getFastPropertyValue( 541 sal_Int32 nHandle ) 542 throw ( 543 com::sun::star::beans::UnknownPropertyException, 544 com::sun::star::lang::WrappedTargetException, 545 com::sun::star::uno::RuntimeException); 546 */ 547 548 /* 549 * XSAXEventKeeperStatusChangeListener 550 */ 551 virtual void SAL_CALL blockingStatusChanged( sal_Bool isBlocking ) 552 throw (com::sun::star::uno::RuntimeException); 553 virtual void SAL_CALL collectionStatusChanged( 554 sal_Bool isInsideCollectedElement ) 555 throw (com::sun::star::uno::RuntimeException); 556 virtual void SAL_CALL bufferStatusChanged( sal_Bool isBufferEmpty ) 557 throw (com::sun::star::uno::RuntimeException); 558 559 /* 560 * XSignatureCreationResultListener 561 */ 562 virtual void SAL_CALL signatureCreated( sal_Int32 securityId, com::sun::star::xml::crypto::SecurityOperationStatus nResult ) 563 throw (com::sun::star::uno::RuntimeException); 564 565 /* 566 * XSignatureVerifyResultListener 567 */ 568 virtual void SAL_CALL signatureVerified( sal_Int32 securityId, com::sun::star::xml::crypto::SecurityOperationStatus nResult ) 569 throw (com::sun::star::uno::RuntimeException); 570 }; 571 572 #endif 573 574