1ec61c6edSAndrew Rist /************************************************************** 2cdf0e10cSrcweir * 3ec61c6edSAndrew Rist * Licensed to the Apache Software Foundation (ASF) under one 4ec61c6edSAndrew Rist * or more contributor license agreements. See the NOTICE file 5ec61c6edSAndrew Rist * distributed with this work for additional information 6ec61c6edSAndrew Rist * regarding copyright ownership. The ASF licenses this file 7ec61c6edSAndrew Rist * to you under the Apache License, Version 2.0 (the 8ec61c6edSAndrew Rist * "License"); you may not use this file except in compliance 9ec61c6edSAndrew Rist * with the License. You may obtain a copy of the License at 10ec61c6edSAndrew Rist * 11ec61c6edSAndrew Rist * http://www.apache.org/licenses/LICENSE-2.0 12ec61c6edSAndrew Rist * 13ec61c6edSAndrew Rist * Unless required by applicable law or agreed to in writing, 14ec61c6edSAndrew Rist * software distributed under the License is distributed on an 15ec61c6edSAndrew Rist * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16ec61c6edSAndrew Rist * KIND, either express or implied. See the License for the 17ec61c6edSAndrew Rist * specific language governing permissions and limitations 18ec61c6edSAndrew Rist * under the License. 19ec61c6edSAndrew Rist * 20ec61c6edSAndrew Rist *************************************************************/ 21ec61c6edSAndrew Rist 22ec61c6edSAndrew Rist 23cdf0e10cSrcweir 24cdf0e10cSrcweir #ifndef _XSEC_CTL_HXX 25cdf0e10cSrcweir #define _XSEC_CTL_HXX 26cdf0e10cSrcweir 27cdf0e10cSrcweir #include <xmlsecurity/sigstruct.hxx> 28cdf0e10cSrcweir 29cdf0e10cSrcweir #include <com/sun/star/uno/XComponentContext.hpp> 30cdf0e10cSrcweir #include <com/sun/star/xml/sax/XParser.hpp> 31cdf0e10cSrcweir #include <com/sun/star/lang/XInitialization.hpp> 32cdf0e10cSrcweir #include <com/sun/star/xml/sax/XDocumentHandler.hpp> 33cdf0e10cSrcweir #include <com/sun/star/xml/sax/XAttributeList.hpp> 34cdf0e10cSrcweir #include <com/sun/star/xml/crypto/XXMLSignature.hpp> 35cdf0e10cSrcweir #include <com/sun/star/xml/crypto/XSEInitializer.hpp> 36cdf0e10cSrcweir #include <com/sun/star/xml/crypto/sax/XSecurityController.hpp> 37cdf0e10cSrcweir #include <com/sun/star/xml/crypto/sax/XElementStackKeeper.hpp> 38cdf0e10cSrcweir #include <com/sun/star/xml/crypto/sax/XSecuritySAXEventKeeper.hpp> 39cdf0e10cSrcweir #include <com/sun/star/xml/crypto/sax/XReferenceResolvedListener.hpp> 40cdf0e10cSrcweir #include <com/sun/star/xml/crypto/sax/XSAXEventKeeperStatusChangeListener.hpp> 41cdf0e10cSrcweir #include <com/sun/star/xml/crypto/sax/XSignatureCreationResultListener.hpp> 42cdf0e10cSrcweir #include <com/sun/star/xml/crypto/sax/XSignatureVerifyResultListener.hpp> 43cdf0e10cSrcweir #include <com/sun/star/xml/wrapper/XXMLDocumentWrapper.hpp> 44cdf0e10cSrcweir #include <com/sun/star/beans/XFastPropertySet.hpp> 45cdf0e10cSrcweir #include <com/sun/star/io/XOutputStream.hpp> 46cdf0e10cSrcweir #include <com/sun/star/io/XInputStream.hpp> 47cdf0e10cSrcweir 48cdf0e10cSrcweir #include <rtl/ustrbuf.hxx> 49cdf0e10cSrcweir 50cdf0e10cSrcweir #include <cppuhelper/implbase4.hxx> 51cdf0e10cSrcweir 52cdf0e10cSrcweir #ifndef INCLUDED_VECTOR 53cdf0e10cSrcweir #include <vector> 54cdf0e10cSrcweir #define INCLUDED_VECTOR 55cdf0e10cSrcweir #endif 56cdf0e10cSrcweir 57cdf0e10cSrcweir /* 58cdf0e10cSrcweir * all error information 59cdf0e10cSrcweir */ 60cdf0e10cSrcweir #define ERROR_CANNOTCREATEXMLSECURITYCOMPONENT "Can't create XML security components." 61cdf0e10cSrcweir #define ERROR_SAXEXCEPTIONDURINGCREATION "A SAX exception is throwed during signature creation." 62cdf0e10cSrcweir #define ERROR_IOEXCEPTIONDURINGCREATION "An IO exception is throwed during signature creation." 63cdf0e10cSrcweir #define ERROR_EXCEPTIONDURINGCREATION "An exception is throwed during signature creation." 64cdf0e10cSrcweir 65cdf0e10cSrcweir /* 66cdf0e10cSrcweir * all stringS in signature element 67cdf0e10cSrcweir */ 68cdf0e10cSrcweir #define TAG_SIGNATURE "Signature" 69cdf0e10cSrcweir #define TAG_SIGNEDINFO "SignedInfo" 70cdf0e10cSrcweir #define TAG_CANONICALIZATIONMETHOD "CanonicalizationMethod" 71cdf0e10cSrcweir #define TAG_SIGNATUREMETHOD "SignatureMethod" 72cdf0e10cSrcweir #define TAG_REFERENCE "Reference" 73cdf0e10cSrcweir #define TAG_TRANSFORMS "Transforms" 74cdf0e10cSrcweir #define TAG_TRANSFORM "Transform" 75cdf0e10cSrcweir #define TAG_DIGESTMETHOD "DigestMethod" 76cdf0e10cSrcweir #define TAG_DIGESTVALUE "DigestValue" 77cdf0e10cSrcweir #define TAG_SIGNATUREVALUE "SignatureValue" 78cdf0e10cSrcweir #define TAG_KEYINFO "KeyInfo" 79cdf0e10cSrcweir #define TAG_X509DATA "X509Data" 80cdf0e10cSrcweir #define TAG_X509ISSUERSERIAL "X509IssuerSerial" 81cdf0e10cSrcweir #define TAG_X509ISSUERNAME "X509IssuerName" 82cdf0e10cSrcweir #define TAG_X509SERIALNUMBER "X509SerialNumber" 83cdf0e10cSrcweir #define TAG_X509CERTIFICATE "X509Certificate" 84cdf0e10cSrcweir #define TAG_OBJECT "Object" 85cdf0e10cSrcweir #define TAG_SIGNATUREPROPERTIES "SignatureProperties" 86cdf0e10cSrcweir #define TAG_SIGNATUREPROPERTY "SignatureProperty" 87cdf0e10cSrcweir #define TAG_TIMESTAMP "timestamp" 88cdf0e10cSrcweir #define TAG_DATE "date" 89cdf0e10cSrcweir //#define TAG_TIME "time" 90cdf0e10cSrcweir 91cdf0e10cSrcweir #define ATTR_XMLNS "xmlns" 92cdf0e10cSrcweir #define ATTR_ALGORITHM "Algorithm" 93cdf0e10cSrcweir #define ATTR_URI "URI" 94cdf0e10cSrcweir #define ATTR_ID "Id" 95cdf0e10cSrcweir #define ATTR_TARGET "Target" 96cdf0e10cSrcweir 97cdf0e10cSrcweir #define NSTAG_DC "dc" 98cdf0e10cSrcweir 99cdf0e10cSrcweir #define NS_XMLDSIG "http://www.w3.org/2000/09/xmldsig#" 100cdf0e10cSrcweir //#define NS_DATETIME "http://www.ietf.org/rfcXXXX.txt" 101cdf0e10cSrcweir #define NS_DC "http://purl.org/dc/elements/1.1/" 102cdf0e10cSrcweir 103cdf0e10cSrcweir #define ALGO_C14N "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" 104cdf0e10cSrcweir #define ALGO_RSASHA1 "http://www.w3.org/2000/09/xmldsig#rsa-sha1" 105cdf0e10cSrcweir #define ALGO_XMLDSIGSHA1 "http://www.w3.org/2000/09/xmldsig#sha1" 106cdf0e10cSrcweir 107cdf0e10cSrcweir #define CHAR_FRAGMENT "#" 108cdf0e10cSrcweir #define CHAR_BLANK " " 109cdf0e10cSrcweir 110cdf0e10cSrcweir 111cdf0e10cSrcweir /* 112cdf0e10cSrcweir * status of security related components 113cdf0e10cSrcweir */ 114cdf0e10cSrcweir #define UNINITIALIZED 0 115cdf0e10cSrcweir #define INITIALIZED 1 116cdf0e10cSrcweir #define FAILTOINITIALIZED 2 117cdf0e10cSrcweir 118cdf0e10cSrcweir #define RTL_ASCII_USTRINGPARAM( asciiStr ) asciiStr, strlen( asciiStr ), RTL_TEXTENCODING_ASCII_US 119cdf0e10cSrcweir 120cdf0e10cSrcweir // forward declaration 121cdf0e10cSrcweir class XSecParser; 122cdf0e10cSrcweir 123cdf0e10cSrcweir class InternalSignatureInformation 124cdf0e10cSrcweir { 125cdf0e10cSrcweir public: 126cdf0e10cSrcweir SignatureInformation signatureInfor; 127cdf0e10cSrcweir 128cdf0e10cSrcweir com::sun::star::uno::Reference< 129cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XReferenceResolvedListener > 130cdf0e10cSrcweir xReferenceResolvedListener; 131cdf0e10cSrcweir 132cdf0e10cSrcweir ::std::vector< sal_Int32 > vKeeperIds; 133cdf0e10cSrcweir InternalSignatureInformation(sal_Int32 nId,com::sun::star::uno::Reference<com::sun::star::xml::crypto::sax::XReferenceResolvedListener> xListener)134cdf0e10cSrcweir InternalSignatureInformation( 135cdf0e10cSrcweir sal_Int32 nId, 136cdf0e10cSrcweir com::sun::star::uno::Reference< com::sun::star::xml::crypto::sax::XReferenceResolvedListener > 137cdf0e10cSrcweir xListener) 138cdf0e10cSrcweir :signatureInfor(nId) 139cdf0e10cSrcweir { 140cdf0e10cSrcweir xReferenceResolvedListener = xListener; 141cdf0e10cSrcweir } 142cdf0e10cSrcweir addReference(sal_Int32 type,rtl::OUString uri,sal_Int32 keeperId)143cdf0e10cSrcweir void addReference( sal_Int32 type, rtl::OUString uri, sal_Int32 keeperId ) 144cdf0e10cSrcweir { 145cdf0e10cSrcweir signatureInfor.vSignatureReferenceInfors.push_back( 146cdf0e10cSrcweir SignatureReferenceInformation(type, uri)); 147cdf0e10cSrcweir vKeeperIds.push_back( keeperId ); 148cdf0e10cSrcweir } 149cdf0e10cSrcweir }; 150cdf0e10cSrcweir 151cdf0e10cSrcweir typedef ::std::vector< InternalSignatureInformation > InternalSignatureInformations; 152cdf0e10cSrcweir 153cdf0e10cSrcweir class XSecController : public cppu::WeakImplHelper4 154cdf0e10cSrcweir < 155cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XSecurityController, 156cdf0e10cSrcweir //com::sun::star::beans::XFastPropertySet, 157cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XSAXEventKeeperStatusChangeListener, 158cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XSignatureCreationResultListener, 159cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XSignatureVerifyResultListener 160cdf0e10cSrcweir > 161cdf0e10cSrcweir /****** XSecController.hxx/CLASS XSecController ******************************* 162cdf0e10cSrcweir * 163cdf0e10cSrcweir * NAME 164cdf0e10cSrcweir * XSecController -- the xml security framework controller 165cdf0e10cSrcweir * 166cdf0e10cSrcweir * FUNCTION 167cdf0e10cSrcweir * Controlls the whole xml security framework to create signatures or to 168cdf0e10cSrcweir * verify signatures. 169cdf0e10cSrcweir * 170cdf0e10cSrcweir * HISTORY 171cdf0e10cSrcweir * 05.01.2004 - Interface supported: XSecurityController, 172cdf0e10cSrcweir * XFastPropertySet, XSAXEventKeeperStatusChangeListener, 173cdf0e10cSrcweir * XSignatureCreationResultListener, 174cdf0e10cSrcweir * XSignatureVerifyResultListener 175cdf0e10cSrcweir * 176cdf0e10cSrcweir * NOTES 177cdf0e10cSrcweir * The XFastPropertySet interface is used to transfer common values to 178cdf0e10cSrcweir * classes in other module, for instance, the signature id for all 179cdf0e10cSrcweir * sessions is transferred to xmloff module through this interface. 180cdf0e10cSrcweir * 181cdf0e10cSrcweir * AUTHOR 182cdf0e10cSrcweir * Michael Mi 183cdf0e10cSrcweir * Email: michael.mi@sun.com 184cdf0e10cSrcweir ******************************************************************************/ 185cdf0e10cSrcweir { 186cdf0e10cSrcweir friend class XSecParser; 187cdf0e10cSrcweir 188cdf0e10cSrcweir private: 189cdf0e10cSrcweir com::sun::star::uno::Reference< com::sun::star::uno::XComponentContext> mxCtx; 190cdf0e10cSrcweir 191cdf0e10cSrcweir /* 192cdf0e10cSrcweir * used to buffer SAX events 193cdf0e10cSrcweir */ 194cdf0e10cSrcweir com::sun::star::uno::Reference< 195cdf0e10cSrcweir com::sun::star::xml::wrapper::XXMLDocumentWrapper > m_xXMLDocumentWrapper; 196cdf0e10cSrcweir 197cdf0e10cSrcweir /* 198cdf0e10cSrcweir * the SAX events keeper 199cdf0e10cSrcweir */ 200cdf0e10cSrcweir com::sun::star::uno::Reference< 201cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XSecuritySAXEventKeeper > m_xSAXEventKeeper; 202cdf0e10cSrcweir 203cdf0e10cSrcweir /* 204cdf0e10cSrcweir * the bridge component which creates/verifies signature 205cdf0e10cSrcweir */ 206cdf0e10cSrcweir com::sun::star::uno::Reference< 207cdf0e10cSrcweir com::sun::star::xml::crypto::XXMLSignature > m_xXMLSignature; 208cdf0e10cSrcweir 209cdf0e10cSrcweir /* 210cdf0e10cSrcweir * the Security Context 211cdf0e10cSrcweir */ 212cdf0e10cSrcweir com::sun::star::uno::Reference< 213cdf0e10cSrcweir com::sun::star::xml::crypto::XXMLSecurityContext > m_xSecurityContext; 214cdf0e10cSrcweir 215cdf0e10cSrcweir #if 0 216cdf0e10cSrcweir /* 217cdf0e10cSrcweir * the signature creation result listener 218cdf0e10cSrcweir */ 219cdf0e10cSrcweir com::sun::star::uno::Reference< 220cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XSignatureCreationResultListener > m_xSignatureCreationResultListener; 221cdf0e10cSrcweir /* 222cdf0e10cSrcweir * the signature verify result listener 223cdf0e10cSrcweir */ 224cdf0e10cSrcweir com::sun::star::uno::Reference< 225cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XSignatureVerifyResultListener > m_xSignatureVerifyResultListener; 226cdf0e10cSrcweir #endif 227cdf0e10cSrcweir 228cdf0e10cSrcweir /* 229cdf0e10cSrcweir * the security id incrementer, in order to make any security id unique 230cdf0e10cSrcweir * to the SAXEventKeeper. 231cdf0e10cSrcweir * Because each XSecController has its own SAXEventKeeper, so this variable 232cdf0e10cSrcweir * is not necessary to be static. 233cdf0e10cSrcweir */ 234cdf0e10cSrcweir sal_Int32 m_nNextSecurityId; 235cdf0e10cSrcweir 236cdf0e10cSrcweir /* 237cdf0e10cSrcweir * Signature information 238cdf0e10cSrcweir */ 239cdf0e10cSrcweir InternalSignatureInformations m_vInternalSignatureInformations; 240cdf0e10cSrcweir 241cdf0e10cSrcweir /* 242cdf0e10cSrcweir * the previous node on the SAX chain. 243cdf0e10cSrcweir * The reason that use a Reference<XInterface> type variable 244cdf0e10cSrcweir * is that the previous components are different when exporting 245cdf0e10cSrcweir * and importing, and there is no other common interface they 246cdf0e10cSrcweir * can provided. 247cdf0e10cSrcweir */ 248cdf0e10cSrcweir com::sun::star::uno::Reference< 249cdf0e10cSrcweir com::sun::star::uno::XInterface > m_xPreviousNodeOnSAXChain; 250cdf0e10cSrcweir /* 251cdf0e10cSrcweir * whether the preivous node can provide an XInitiazlize interface, 252cdf0e10cSrcweir * use this variable in order to typecast the XInterface to the 253cdf0e10cSrcweir * correct interface type. 254cdf0e10cSrcweir */ 255cdf0e10cSrcweir bool m_bIsPreviousNodeInitializable; 256cdf0e10cSrcweir 257cdf0e10cSrcweir /* 258cdf0e10cSrcweir * the next node on the SAX chain. 259cdf0e10cSrcweir * it can always provide an XDocumentHandler interface. 260cdf0e10cSrcweir */ 261cdf0e10cSrcweir com::sun::star::uno::Reference< 262cdf0e10cSrcweir com::sun::star::xml::sax::XDocumentHandler > m_xNextNodeOnSAXChain; 263cdf0e10cSrcweir 264cdf0e10cSrcweir /* 265cdf0e10cSrcweir * the ElementStackKeeper is used to reserve the key SAX events. 266cdf0e10cSrcweir * when the SAXEventKeeper is chained on the SAX chain, it need 267cdf0e10cSrcweir * first get all missed key SAX events in order to make sure the 268cdf0e10cSrcweir * DOM tree it buffering has the same structure with the original 269cdf0e10cSrcweir * document. 270cdf0e10cSrcweir * 271cdf0e10cSrcweir * For a given section of a SAX event stream, the key SAX events 272cdf0e10cSrcweir * are the minimal SAX event subset of that section, which, 273cdf0e10cSrcweir * combining with SAX events outside of this section, has the same 274cdf0e10cSrcweir * structure with the original document. 275cdf0e10cSrcweir * 276cdf0e10cSrcweir * For example, sees the following dom fragment: 277cdf0e10cSrcweir * <A> 278cdf0e10cSrcweir * <B/> 279cdf0e10cSrcweir * <C> 280cdf0e10cSrcweir * <D> 281cdf0e10cSrcweir * <E/> 282cdf0e10cSrcweir * </D> 283cdf0e10cSrcweir * </C> 284cdf0e10cSrcweir * </A> 285cdf0e10cSrcweir * 286cdf0e10cSrcweir * If we consider the SAX event section from startElement(<A>) to 287cdf0e10cSrcweir * startElement(<D>), then the key SAX events are: 288cdf0e10cSrcweir * 289cdf0e10cSrcweir * startElement(<A>), startElement(<C>), startElement(<D>) 290cdf0e10cSrcweir * 291cdf0e10cSrcweir * The startElement(<B>) and endElement(<B>) is ignored, because 292cdf0e10cSrcweir * they are unimportant for the tree structure in this section. 293cdf0e10cSrcweir * 294cdf0e10cSrcweir * If we consider the SAX event section from startElement(<D>) to 295cdf0e10cSrcweir * endElement(<A>), the key SAX events are: 296cdf0e10cSrcweir * 297cdf0e10cSrcweir * startElement(<D>), endElement(<D>), endElement(<C>), 298cdf0e10cSrcweir * endElement(<A>). 299cdf0e10cSrcweir */ 300cdf0e10cSrcweir com::sun::star::uno::Reference< 301cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XElementStackKeeper > m_xElementStackKeeper; 302cdf0e10cSrcweir 303cdf0e10cSrcweir /* 304cdf0e10cSrcweir * a flag representing whether the SAXEventKeeper is now on the 305cdf0e10cSrcweir * SAX chain. 306cdf0e10cSrcweir */ 307cdf0e10cSrcweir bool m_bIsSAXEventKeeperConnected; 308cdf0e10cSrcweir 309cdf0e10cSrcweir /* 310cdf0e10cSrcweir * a flag representing whether it is collecting some element, 311cdf0e10cSrcweir * which means that the SAXEventKeeper can't be chained off the 312cdf0e10cSrcweir * SAX chain. 313cdf0e10cSrcweir */ 314cdf0e10cSrcweir bool m_bIsCollectingElement; 315cdf0e10cSrcweir 316cdf0e10cSrcweir /* 317cdf0e10cSrcweir * a flag representing whether the SAX event stream is blocking, 318cdf0e10cSrcweir * which also means that the SAXEventKeeper can't be chained off 319cdf0e10cSrcweir * the SAX chain. 320cdf0e10cSrcweir */ 321cdf0e10cSrcweir bool m_bIsBlocking; 322cdf0e10cSrcweir 323cdf0e10cSrcweir /* 324cdf0e10cSrcweir * a flag representing the current status of security related 325cdf0e10cSrcweir * components. 326cdf0e10cSrcweir */ 327cdf0e10cSrcweir sal_Int32 m_nStatusOfSecurityComponents; 328cdf0e10cSrcweir 329cdf0e10cSrcweir /* 330cdf0e10cSrcweir * a flag representing whether the SAXEventKeeper need to be 331cdf0e10cSrcweir * on the SAX chain all the time. 332cdf0e10cSrcweir * This flag is used to the situation when creating signature. 333cdf0e10cSrcweir */ 334cdf0e10cSrcweir bool m_bIsSAXEventKeeperSticky; 335cdf0e10cSrcweir 336cdf0e10cSrcweir /* 337cdf0e10cSrcweir * fast property vector 338cdf0e10cSrcweir */ 339cdf0e10cSrcweir std::vector< sal_Int32 > m_vFastPropertyIndexs; 340cdf0e10cSrcweir std::vector< com::sun::star::uno::Any > m_vFastPropertyValues; 341cdf0e10cSrcweir 342cdf0e10cSrcweir /* 343cdf0e10cSrcweir * error message pointer 344cdf0e10cSrcweir */ 345cdf0e10cSrcweir const char *m_pErrorMessage; 346cdf0e10cSrcweir 347cdf0e10cSrcweir /* 348cdf0e10cSrcweir * the XSecParser which is used to parse the signature stream 349cdf0e10cSrcweir */ 350cdf0e10cSrcweir XSecParser *m_pXSecParser; 351cdf0e10cSrcweir 352cdf0e10cSrcweir /* 353cdf0e10cSrcweir * the caller assigned signature id for the next signature in the 354cdf0e10cSrcweir * signature stream 355cdf0e10cSrcweir */ 356cdf0e10cSrcweir sal_Int32 m_nReservedSignatureId; 357cdf0e10cSrcweir 358cdf0e10cSrcweir /* 359cdf0e10cSrcweir * representing whether to verify the current signature 360cdf0e10cSrcweir */ 361cdf0e10cSrcweir bool m_bVerifyCurrentSignature; 362cdf0e10cSrcweir public: 363cdf0e10cSrcweir /* 364cdf0e10cSrcweir * An xUriBinding is provided to map Uris to XInputStream interfaces. 365cdf0e10cSrcweir */ 366cdf0e10cSrcweir com::sun::star::uno::Reference< 367cdf0e10cSrcweir com::sun::star::xml::crypto::XUriBinding > m_xUriBinding; 368cdf0e10cSrcweir 369cdf0e10cSrcweir private: 370cdf0e10cSrcweir 371cdf0e10cSrcweir /* 372cdf0e10cSrcweir * Common methods 373cdf0e10cSrcweir */ 374cdf0e10cSrcweir sal_Bool convertNumber( sal_Int32& rValue, const rtl::OUString& rString, sal_Int32 nMin, sal_Int32 nMax ); 375cdf0e10cSrcweir void convertDateTime( ::rtl::OUStringBuffer& rBuffer, const com::sun::star::util::DateTime& rDateTime ); 376cdf0e10cSrcweir sal_Bool convertDateTime( com::sun::star::util::DateTime& rDateTime, const ::rtl::OUString& rString ); 377cdf0e10cSrcweir 378cdf0e10cSrcweir void createXSecComponent( ); 379cdf0e10cSrcweir int findSignatureInfor( sal_Int32 nSecurityId ) const; 380cdf0e10cSrcweir bool chainOn( bool bRetrievingLastEvent ); 381cdf0e10cSrcweir void chainOff(); 382cdf0e10cSrcweir void checkChainingStatus(); 383cdf0e10cSrcweir void initializeSAXChain(); 384cdf0e10cSrcweir 385cdf0e10cSrcweir com::sun::star::uno::Reference< 386cdf0e10cSrcweir com::sun::star::io::XInputStream > getObjectInputStream( const rtl::OUString& objectURL ); 387cdf0e10cSrcweir 388cdf0e10cSrcweir //sal_Int32 getFastPropertyIndex(sal_Int32 nHandle) const; 389cdf0e10cSrcweir 390cdf0e10cSrcweir /* 391cdf0e10cSrcweir * For signature generation 392cdf0e10cSrcweir */ 393cdf0e10cSrcweir rtl::OUString createId(); 394cdf0e10cSrcweir com::sun::star::uno::Reference< 395cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XReferenceResolvedListener > prepareSignatureToWrite( 396cdf0e10cSrcweir InternalSignatureInformation& signatureInfo ); 397cdf0e10cSrcweir 398cdf0e10cSrcweir /* 399cdf0e10cSrcweir * For signature verification 400cdf0e10cSrcweir */ 401cdf0e10cSrcweir void addSignature(); 402cdf0e10cSrcweir void addReference( const rtl::OUString& ouUri); 403cdf0e10cSrcweir void addStreamReference( 404cdf0e10cSrcweir const rtl::OUString& ouUri, 405cdf0e10cSrcweir bool isBinary ); 406cdf0e10cSrcweir void setReferenceCount() const; 407cdf0e10cSrcweir 408*716d67a2SArrigo Marchiori /** Set a variable unless already set with a different value. 409*716d67a2SArrigo Marchiori * 410*716d67a2SArrigo Marchiori * @param variable variable to set. 411*716d67a2SArrigo Marchiori * @param value value to set. 412*716d67a2SArrigo Marchiori * 413*716d67a2SArrigo Marchiori * @throw com::sun::star::uno::RuntimeException if the variable is not 414*716d67a2SArrigo Marchiori * empty and its contents are different from value. 415*716d67a2SArrigo Marchiori */ 416*716d67a2SArrigo Marchiori void setIfEmpty(rtl::OUString &variable, const rtl::OUString &value); 417*716d67a2SArrigo Marchiori /** Set the X509 issuer name 418*716d67a2SArrigo Marchiori * 419*716d67a2SArrigo Marchiori * @param ouX509IssuerName value to set. 420*716d67a2SArrigo Marchiori * 421*716d67a2SArrigo Marchiori * This method should be called not more than once. 422*716d67a2SArrigo Marchiori * 423*716d67a2SArrigo Marchiori * @throw com::sun:star::uno::RuntimeException if a tampering is 424*716d67a2SArrigo Marchiori * detected. 425*716d67a2SArrigo Marchiori */ 426cdf0e10cSrcweir void setX509IssuerName( rtl::OUString& ouX509IssuerName ); 427*716d67a2SArrigo Marchiori /** Set the X509 serial number. 428*716d67a2SArrigo Marchiori * 429*716d67a2SArrigo Marchiori * @param ouX509SerialNumber value to set. 430*716d67a2SArrigo Marchiori * 431*716d67a2SArrigo Marchiori * This method should be called not more than once. 432*716d67a2SArrigo Marchiori * 433*716d67a2SArrigo Marchiori * @throw com::sun:star::uno::RuntimeException if a tampering is 434*716d67a2SArrigo Marchiori * detected. 435*716d67a2SArrigo Marchiori */ 436cdf0e10cSrcweir void setX509SerialNumber( rtl::OUString& ouX509SerialNumber ); 437*716d67a2SArrigo Marchiori /** Set the X509 certificate. 438*716d67a2SArrigo Marchiori * 439*716d67a2SArrigo Marchiori * @param ouX509Certificate value to set. 440*716d67a2SArrigo Marchiori * 441*716d67a2SArrigo Marchiori * This method should be called not more than once. 442*716d67a2SArrigo Marchiori * 443*716d67a2SArrigo Marchiori * @throw com::sun:star::uno::RuntimeException if a tampering is 444*716d67a2SArrigo Marchiori * detected. 445*716d67a2SArrigo Marchiori */ 446cdf0e10cSrcweir void setX509Certificate( rtl::OUString& ouX509Certificate ); 447cdf0e10cSrcweir void setSignatureValue( rtl::OUString& ouSignatureValue ); 448cdf0e10cSrcweir void setDigestValue( rtl::OUString& ouDigestValue ); 449cdf0e10cSrcweir 450*716d67a2SArrigo Marchiori /** Set the signature date. 451*716d67a2SArrigo Marchiori * 452*716d67a2SArrigo Marchiori * @param ouDate value to set. 453*716d67a2SArrigo Marchiori * 454*716d67a2SArrigo Marchiori * This method should be called not more than once. 455*716d67a2SArrigo Marchiori * 456*716d67a2SArrigo Marchiori * @throw com::sun:star::uno::RuntimeException if a tampering is 457*716d67a2SArrigo Marchiori * detected. 458*716d67a2SArrigo Marchiori */ 459cdf0e10cSrcweir void setDate( rtl::OUString& ouDate ); 460cdf0e10cSrcweir 461cdf0e10cSrcweir void setId( rtl::OUString& ouId ); 462cdf0e10cSrcweir void setPropertyId( rtl::OUString& ouPropertyId ); 463cdf0e10cSrcweir 464cdf0e10cSrcweir com::sun::star::uno::Reference< 465cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XReferenceResolvedListener > prepareSignatureToRead( 466cdf0e10cSrcweir sal_Int32 nSecurityId ); 467cdf0e10cSrcweir 468cdf0e10cSrcweir public: 469cdf0e10cSrcweir XSecController(const com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext>& rxCtx); 470cdf0e10cSrcweir ~XSecController(); 471cdf0e10cSrcweir 472cdf0e10cSrcweir sal_Int32 getNewSecurityId( ); 473cdf0e10cSrcweir 474cdf0e10cSrcweir void startMission( const com::sun::star::uno::Reference< 475cdf0e10cSrcweir com::sun::star::xml::crypto::XUriBinding >& xUriBinding, 476cdf0e10cSrcweir const com::sun::star::uno::Reference< 477cdf0e10cSrcweir com::sun::star::xml::crypto::XXMLSecurityContext >& xSecurityContext ); 478cdf0e10cSrcweir 479cdf0e10cSrcweir void setSAXChainConnector( 480cdf0e10cSrcweir const com::sun::star::uno::Reference< 481cdf0e10cSrcweir com::sun::star::lang::XInitialization >& xInitialization, 482cdf0e10cSrcweir const com::sun::star::uno::Reference< 483cdf0e10cSrcweir com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler, 484cdf0e10cSrcweir const com::sun::star::uno::Reference< 485cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XElementStackKeeper >& xElementStackKeeper); 486cdf0e10cSrcweir 487cdf0e10cSrcweir void setSAXChainConnector( 488cdf0e10cSrcweir const com::sun::star::uno::Reference< 489cdf0e10cSrcweir com::sun::star::xml::sax::XParser >& xParser, 490cdf0e10cSrcweir const com::sun::star::uno::Reference< 491cdf0e10cSrcweir com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler, 492cdf0e10cSrcweir const com::sun::star::uno::Reference< 493cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XElementStackKeeper >& xElementStackKeeper); 494cdf0e10cSrcweir 495cdf0e10cSrcweir void clearSAXChainConnector(); 496cdf0e10cSrcweir void endMission(); 497cdf0e10cSrcweir const char* getErrorMessage(); 498cdf0e10cSrcweir 499cdf0e10cSrcweir SignatureInformation getSignatureInformation( sal_Int32 nSecurityId ) const; 500cdf0e10cSrcweir SignatureInformations getSignatureInformations() const; 501cdf0e10cSrcweir 502cdf0e10cSrcweir void exportSignature( 503cdf0e10cSrcweir const com::sun::star::uno::Reference< 504cdf0e10cSrcweir com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler, 505cdf0e10cSrcweir const SignatureInformation& signatureInfo ); 506cdf0e10cSrcweir 507cdf0e10cSrcweir 508cdf0e10cSrcweir /* 509cdf0e10cSrcweir * For signature generation 510cdf0e10cSrcweir */ 511cdf0e10cSrcweir void collectToSign( sal_Int32 securityId, const rtl::OUString& referenceId ); 512cdf0e10cSrcweir void signAStream( sal_Int32 securityId, const rtl::OUString& uri, const rtl::OUString& objectURL, sal_Bool isBinary); 513cdf0e10cSrcweir 514cdf0e10cSrcweir 515cdf0e10cSrcweir /** sets data that describes the certificate. 516cdf0e10cSrcweir 517cdf0e10cSrcweir It is absolutely necessary that the parameter ouX509IssuerName is set. It contains 518cdf0e10cSrcweir the base64 encoded certificate, which is DER encoded. The XMLSec needs it to find 519cdf0e10cSrcweir the private key. Although issuer name and certificate should be sufficient to identify 520cdf0e10cSrcweir the certificate the implementation in XMLSec is broken, both for Windows and mozilla. 521cdf0e10cSrcweir The reason is that they use functions to find the certificate which take as parameter 522cdf0e10cSrcweir the DER encoded ASN.1 issuer name. The issuer name is a DName, where most attributes 523cdf0e10cSrcweir are of type DirectoryName, which is a choice of 5 string types. This information is 524cdf0e10cSrcweir not contained in the issuer string and while it is converted to the ASN.1 name the 525cdf0e10cSrcweir conversion function must assume a particular type, which is often wrong. For example, 526cdf0e10cSrcweir the Windows function CertStrToName will use a T.61 string if the string does not contain 527cdf0e10cSrcweir special characters. So if the certificate uses simple characters but encodes the 528cdf0e10cSrcweir issuer attributes in Utf8, then CertStrToName will use T.61. The resulting DER encoded 529cdf0e10cSrcweir ASN.1 name now contains different bytes which indicate the string type. The functions 530cdf0e10cSrcweir for finding the certificate apparently use memcmp - hence they fail to find the 531cdf0e10cSrcweir certificate. 532cdf0e10cSrcweir */ 533cdf0e10cSrcweir void setX509Certificate( 534cdf0e10cSrcweir sal_Int32 nSecurityId, 535cdf0e10cSrcweir const rtl::OUString& ouX509IssuerName, 536cdf0e10cSrcweir const rtl::OUString& ouX509SerialNumber, 537cdf0e10cSrcweir const rtl::OUString& ouX509Cert); 538cdf0e10cSrcweir // see the other setX509Certifcate function 539cdf0e10cSrcweir void setX509Certificate( 540cdf0e10cSrcweir sal_Int32 nSecurityId, 541cdf0e10cSrcweir const sal_Int32 nSecurityEnvironmentIndex, 542cdf0e10cSrcweir const rtl::OUString& ouX509IssuerName, 543cdf0e10cSrcweir const rtl::OUString& ouX509SerialNumber, 544cdf0e10cSrcweir const rtl::OUString& ouX509Cert); 545cdf0e10cSrcweir 546cdf0e10cSrcweir void setDate( 547cdf0e10cSrcweir sal_Int32 nSecurityId, 548cdf0e10cSrcweir const ::com::sun::star::util::DateTime& rDateTime ); 549cdf0e10cSrcweir 550cdf0e10cSrcweir 551cdf0e10cSrcweir bool WriteSignature( 552cdf0e10cSrcweir const com::sun::star::uno::Reference< 553cdf0e10cSrcweir com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler ); 554cdf0e10cSrcweir 555cdf0e10cSrcweir /* 556cdf0e10cSrcweir * For signature verification 557cdf0e10cSrcweir */ 558cdf0e10cSrcweir void collectToVerify( const rtl::OUString& referenceId ); 559cdf0e10cSrcweir void addSignature( sal_Int32 nSignatureId ); 560cdf0e10cSrcweir com::sun::star::uno::Reference< com::sun::star::xml::sax::XDocumentHandler > createSignatureReader(); 561cdf0e10cSrcweir void releaseSignatureReader(); 562cdf0e10cSrcweir 563cdf0e10cSrcweir public: 564cdf0e10cSrcweir /* Interface methods */ 565cdf0e10cSrcweir 566cdf0e10cSrcweir /* 567cdf0e10cSrcweir * XSecurityController 568cdf0e10cSrcweir * 569cdf0e10cSrcweir * no method in XSecurityController interface 570cdf0e10cSrcweir */ 571cdf0e10cSrcweir 572cdf0e10cSrcweir /* 573cdf0e10cSrcweir * XFastPropertySet 574cdf0e10cSrcweir */ 575cdf0e10cSrcweir /* 576cdf0e10cSrcweir virtual void SAL_CALL setFastPropertyValue( 577cdf0e10cSrcweir sal_Int32 nHandle, 578cdf0e10cSrcweir const com::sun::star::uno::Any& aValue ) 579cdf0e10cSrcweir throw ( 580cdf0e10cSrcweir com::sun::star::beans::UnknownPropertyException, 581cdf0e10cSrcweir com::sun::star::beans::PropertyVetoException, 582cdf0e10cSrcweir com::sun::star::lang::IllegalArgumentException, 583cdf0e10cSrcweir com::sun::star::lang::WrappedTargetException, 584cdf0e10cSrcweir com::sun::star::uno::RuntimeException); 585cdf0e10cSrcweir virtual com::sun::star::uno::Any SAL_CALL getFastPropertyValue( 586cdf0e10cSrcweir sal_Int32 nHandle ) 587cdf0e10cSrcweir throw ( 588cdf0e10cSrcweir com::sun::star::beans::UnknownPropertyException, 589cdf0e10cSrcweir com::sun::star::lang::WrappedTargetException, 590cdf0e10cSrcweir com::sun::star::uno::RuntimeException); 591cdf0e10cSrcweir */ 592cdf0e10cSrcweir 593cdf0e10cSrcweir /* 594cdf0e10cSrcweir * XSAXEventKeeperStatusChangeListener 595cdf0e10cSrcweir */ 596cdf0e10cSrcweir virtual void SAL_CALL blockingStatusChanged( sal_Bool isBlocking ) 597cdf0e10cSrcweir throw (com::sun::star::uno::RuntimeException); 598cdf0e10cSrcweir virtual void SAL_CALL collectionStatusChanged( 599cdf0e10cSrcweir sal_Bool isInsideCollectedElement ) 600cdf0e10cSrcweir throw (com::sun::star::uno::RuntimeException); 601cdf0e10cSrcweir virtual void SAL_CALL bufferStatusChanged( sal_Bool isBufferEmpty ) 602cdf0e10cSrcweir throw (com::sun::star::uno::RuntimeException); 603cdf0e10cSrcweir 604cdf0e10cSrcweir /* 605cdf0e10cSrcweir * XSignatureCreationResultListener 606cdf0e10cSrcweir */ 607cdf0e10cSrcweir virtual void SAL_CALL signatureCreated( sal_Int32 securityId, com::sun::star::xml::crypto::SecurityOperationStatus nResult ) 608cdf0e10cSrcweir throw (com::sun::star::uno::RuntimeException); 609cdf0e10cSrcweir 610cdf0e10cSrcweir /* 611cdf0e10cSrcweir * XSignatureVerifyResultListener 612cdf0e10cSrcweir */ 613cdf0e10cSrcweir virtual void SAL_CALL signatureVerified( sal_Int32 securityId, com::sun::star::xml::crypto::SecurityOperationStatus nResult ) 614cdf0e10cSrcweir throw (com::sun::star::uno::RuntimeException); 615cdf0e10cSrcweir }; 616cdf0e10cSrcweir 617cdf0e10cSrcweir #endif 618cdf0e10cSrcweir 619