1*06b3ce53SAndrew Rist /**************************************************************
2cdf0e10cSrcweir *
3*06b3ce53SAndrew Rist * Licensed to the Apache Software Foundation (ASF) under one
4*06b3ce53SAndrew Rist * or more contributor license agreements. See the NOTICE file
5*06b3ce53SAndrew Rist * distributed with this work for additional information
6*06b3ce53SAndrew Rist * regarding copyright ownership. The ASF licenses this file
7*06b3ce53SAndrew Rist * to you under the Apache License, Version 2.0 (the
8*06b3ce53SAndrew Rist * "License"); you may not use this file except in compliance
9*06b3ce53SAndrew Rist * with the License. You may obtain a copy of the License at
10*06b3ce53SAndrew Rist *
11*06b3ce53SAndrew Rist * http://www.apache.org/licenses/LICENSE-2.0
12*06b3ce53SAndrew Rist *
13*06b3ce53SAndrew Rist * Unless required by applicable law or agreed to in writing,
14*06b3ce53SAndrew Rist * software distributed under the License is distributed on an
15*06b3ce53SAndrew Rist * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16*06b3ce53SAndrew Rist * KIND, either express or implied. See the License for the
17*06b3ce53SAndrew Rist * specific language governing permissions and limitations
18*06b3ce53SAndrew Rist * under the License.
19*06b3ce53SAndrew Rist *
20*06b3ce53SAndrew Rist *************************************************************/
21*06b3ce53SAndrew Rist
22*06b3ce53SAndrew Rist
23cdf0e10cSrcweir
24cdf0e10cSrcweir // MARKER(update_precomp.py): autogen include statement, do not remove
25cdf0e10cSrcweir #include "precompiled_xmlsecurity.hxx"
26cdf0e10cSrcweir #include <sal/config.h>
27cdf0e10cSrcweir #include <rtl/uuid.h>
28cdf0e10cSrcweir
29cdf0e10cSrcweir #include "com/sun/star/xml/crypto/SecurityOperationStatus.hdl"
30cdf0e10cSrcweir #include "xmlsignature_mscryptimpl.hxx"
31cdf0e10cSrcweir
32cdf0e10cSrcweir #ifndef _XMLDOCUMENTWRAPPER_XMLSECIMPL_HXX_
33cdf0e10cSrcweir #include "xmldocumentwrapper_xmlsecimpl.hxx"
34cdf0e10cSrcweir #endif
35cdf0e10cSrcweir
36cdf0e10cSrcweir #ifndef _XMLELEMENTWRAPPER_XMLSECIMPL_HXX_
37cdf0e10cSrcweir #include "xmlelementwrapper_xmlsecimpl.hxx"
38cdf0e10cSrcweir #endif
39cdf0e10cSrcweir
40cdf0e10cSrcweir #ifndef _SECURITYENVIRONMENT_MSCRYPTIMPL_HXX_
41cdf0e10cSrcweir #include "securityenvironment_mscryptimpl.hxx"
42cdf0e10cSrcweir #endif
43cdf0e10cSrcweir #include "xmlstreamio.hxx"
44cdf0e10cSrcweir #include "errorcallback.hxx"
45cdf0e10cSrcweir
46cdf0e10cSrcweir #include "xmlsec/xmlsec.h"
47cdf0e10cSrcweir #include "xmlsec/xmldsig.h"
48cdf0e10cSrcweir #include "xmlsec/crypto.h"
49cdf0e10cSrcweir
50cdf0e10cSrcweir using namespace ::com::sun::star::uno ;
51cdf0e10cSrcweir using namespace ::com::sun::star::lang ;
52cdf0e10cSrcweir using ::com::sun::star::lang::XMultiServiceFactory ;
53cdf0e10cSrcweir using ::com::sun::star::lang::XSingleServiceFactory ;
54cdf0e10cSrcweir using ::rtl::OUString ;
55cdf0e10cSrcweir
56cdf0e10cSrcweir using ::com::sun::star::xml::wrapper::XXMLElementWrapper ;
57cdf0e10cSrcweir using ::com::sun::star::xml::wrapper::XXMLDocumentWrapper ;
58cdf0e10cSrcweir using ::com::sun::star::xml::crypto::XSecurityEnvironment ;
59cdf0e10cSrcweir using ::com::sun::star::xml::crypto::XXMLSignature ;
60cdf0e10cSrcweir using ::com::sun::star::xml::crypto::XXMLSignatureTemplate ;
61cdf0e10cSrcweir using ::com::sun::star::xml::crypto::XXMLSecurityContext ;
62cdf0e10cSrcweir using ::com::sun::star::xml::crypto::XUriBinding ;
63cdf0e10cSrcweir using ::com::sun::star::xml::crypto::XMLSignatureException ;
64cdf0e10cSrcweir
65cdf0e10cSrcweir
XMLSignature_MSCryptImpl(const Reference<XMultiServiceFactory> & aFactory)66cdf0e10cSrcweir XMLSignature_MSCryptImpl :: XMLSignature_MSCryptImpl( const Reference< XMultiServiceFactory >& aFactory ) : m_xServiceManager( aFactory ) {
67cdf0e10cSrcweir }
68cdf0e10cSrcweir
~XMLSignature_MSCryptImpl()69cdf0e10cSrcweir XMLSignature_MSCryptImpl :: ~XMLSignature_MSCryptImpl() {
70cdf0e10cSrcweir }
71cdf0e10cSrcweir
72cdf0e10cSrcweir /* XXMLSignature */
73cdf0e10cSrcweir Reference< XXMLSignatureTemplate >
generate(const Reference<XXMLSignatureTemplate> & aTemplate,const Reference<XSecurityEnvironment> & aEnvironment)74cdf0e10cSrcweir SAL_CALL XMLSignature_MSCryptImpl :: generate(
75cdf0e10cSrcweir const Reference< XXMLSignatureTemplate >& aTemplate ,
76cdf0e10cSrcweir const Reference< XSecurityEnvironment >& aEnvironment
77cdf0e10cSrcweir ) throw( com::sun::star::xml::crypto::XMLSignatureException,
78cdf0e10cSrcweir com::sun::star::uno::SecurityException )
79cdf0e10cSrcweir {
80cdf0e10cSrcweir xmlSecKeysMngrPtr pMngr = NULL ;
81cdf0e10cSrcweir xmlSecDSigCtxPtr pDsigCtx = NULL ;
82cdf0e10cSrcweir xmlNodePtr pNode = NULL ;
83cdf0e10cSrcweir
84cdf0e10cSrcweir if( !aTemplate.is() )
85cdf0e10cSrcweir throw RuntimeException() ;
86cdf0e10cSrcweir
87cdf0e10cSrcweir if( !aEnvironment.is() )
88cdf0e10cSrcweir throw RuntimeException() ;
89cdf0e10cSrcweir
90cdf0e10cSrcweir //Get Keys Manager
91cdf0e10cSrcweir Reference< XUnoTunnel > xSecTunnel( aEnvironment , UNO_QUERY ) ;
92cdf0e10cSrcweir if( !xSecTunnel.is() ) {
93cdf0e10cSrcweir throw RuntimeException() ;
94cdf0e10cSrcweir }
95cdf0e10cSrcweir
96cdf0e10cSrcweir SecurityEnvironment_MSCryptImpl* pSecEnv = ( SecurityEnvironment_MSCryptImpl* )xSecTunnel->getSomething( SecurityEnvironment_MSCryptImpl::getUnoTunnelId() ) ;
97cdf0e10cSrcweir if( pSecEnv == NULL )
98cdf0e10cSrcweir throw RuntimeException() ;
99cdf0e10cSrcweir
100cdf0e10cSrcweir //Get the xml node
101cdf0e10cSrcweir Reference< XXMLElementWrapper > xElement = aTemplate->getTemplate() ;
102cdf0e10cSrcweir if( !xElement.is() ) {
103cdf0e10cSrcweir throw RuntimeException() ;
104cdf0e10cSrcweir }
105cdf0e10cSrcweir
106cdf0e10cSrcweir Reference< XUnoTunnel > xNodTunnel( xElement , UNO_QUERY ) ;
107cdf0e10cSrcweir if( !xNodTunnel.is() ) {
108cdf0e10cSrcweir throw RuntimeException() ;
109cdf0e10cSrcweir }
110cdf0e10cSrcweir
111cdf0e10cSrcweir XMLElementWrapper_XmlSecImpl* pElement = ( XMLElementWrapper_XmlSecImpl* )xNodTunnel->getSomething( XMLElementWrapper_XmlSecImpl::getUnoTunnelImplementationId() ) ;
112cdf0e10cSrcweir if( pElement == NULL ) {
113cdf0e10cSrcweir throw RuntimeException() ;
114cdf0e10cSrcweir }
115cdf0e10cSrcweir
116cdf0e10cSrcweir pNode = pElement->getNativeElement() ;
117cdf0e10cSrcweir
118cdf0e10cSrcweir //Get the stream/URI binding
119cdf0e10cSrcweir Reference< XUriBinding > xUriBinding = aTemplate->getBinding() ;
120cdf0e10cSrcweir if( xUriBinding.is() ) {
121cdf0e10cSrcweir //Register the stream input callbacks into libxml2
122cdf0e10cSrcweir if( xmlRegisterStreamInputCallbacks( xUriBinding ) < 0 )
123cdf0e10cSrcweir throw RuntimeException() ;
124cdf0e10cSrcweir }
125cdf0e10cSrcweir
126cdf0e10cSrcweir setErrorRecorder( );
127cdf0e10cSrcweir
128cdf0e10cSrcweir pMngr = pSecEnv->createKeysManager() ; //i39448
129cdf0e10cSrcweir if( !pMngr ) {
130cdf0e10cSrcweir throw RuntimeException() ;
131cdf0e10cSrcweir }
132cdf0e10cSrcweir
133cdf0e10cSrcweir //Create Signature context
134cdf0e10cSrcweir pDsigCtx = xmlSecDSigCtxCreate( pMngr ) ;
135cdf0e10cSrcweir if( pDsigCtx == NULL )
136cdf0e10cSrcweir {
137cdf0e10cSrcweir //throw XMLSignatureException() ;
138cdf0e10cSrcweir pSecEnv->destroyKeysManager( pMngr ) ; //i39448
139cdf0e10cSrcweir clearErrorRecorder();
140cdf0e10cSrcweir return aTemplate;
141cdf0e10cSrcweir }
142cdf0e10cSrcweir
143cdf0e10cSrcweir //Sign the template
144cdf0e10cSrcweir if( xmlSecDSigCtxSign( pDsigCtx , pNode ) == 0 )
145cdf0e10cSrcweir {
146cdf0e10cSrcweir if (pDsigCtx->status == xmlSecDSigStatusSucceeded)
147cdf0e10cSrcweir aTemplate->setStatus(com::sun::star::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED);
148cdf0e10cSrcweir else
149cdf0e10cSrcweir aTemplate->setStatus(com::sun::star::xml::crypto::SecurityOperationStatus_UNKNOWN);
150cdf0e10cSrcweir }
151cdf0e10cSrcweir else
152cdf0e10cSrcweir {
153cdf0e10cSrcweir aTemplate->setStatus(com::sun::star::xml::crypto::SecurityOperationStatus_UNKNOWN);
154cdf0e10cSrcweir }
155cdf0e10cSrcweir
156cdf0e10cSrcweir
157cdf0e10cSrcweir xmlSecDSigCtxDestroy( pDsigCtx ) ;
158cdf0e10cSrcweir pSecEnv->destroyKeysManager( pMngr ) ; //i39448
159cdf0e10cSrcweir
160cdf0e10cSrcweir //Unregistered the stream/URI binding
161cdf0e10cSrcweir if( xUriBinding.is() )
162cdf0e10cSrcweir xmlUnregisterStreamInputCallbacks() ;
163cdf0e10cSrcweir
164cdf0e10cSrcweir clearErrorRecorder();
165cdf0e10cSrcweir return aTemplate ;
166cdf0e10cSrcweir }
167cdf0e10cSrcweir
168cdf0e10cSrcweir /* XXMLSignature */
169cdf0e10cSrcweir Reference< XXMLSignatureTemplate >
validate(const Reference<XXMLSignatureTemplate> & aTemplate,const Reference<XXMLSecurityContext> & aSecurityCtx)170cdf0e10cSrcweir SAL_CALL XMLSignature_MSCryptImpl :: validate(
171cdf0e10cSrcweir const Reference< XXMLSignatureTemplate >& aTemplate ,
172cdf0e10cSrcweir const Reference< XXMLSecurityContext >& aSecurityCtx
173cdf0e10cSrcweir ) throw( com::sun::star::uno::RuntimeException,
174cdf0e10cSrcweir com::sun::star::uno::SecurityException,
175cdf0e10cSrcweir com::sun::star::xml::crypto::XMLSignatureException ) {
176cdf0e10cSrcweir xmlSecKeysMngrPtr pMngr = NULL ;
177cdf0e10cSrcweir xmlSecDSigCtxPtr pDsigCtx = NULL ;
178cdf0e10cSrcweir xmlNodePtr pNode = NULL ;
179cdf0e10cSrcweir //sal_Bool valid ;
180cdf0e10cSrcweir
181cdf0e10cSrcweir if( !aTemplate.is() )
182cdf0e10cSrcweir throw RuntimeException() ;
183cdf0e10cSrcweir
184cdf0e10cSrcweir if( !aSecurityCtx.is() )
185cdf0e10cSrcweir throw RuntimeException() ;
186cdf0e10cSrcweir
187cdf0e10cSrcweir //Get Keys Manager
188cdf0e10cSrcweir Reference< XSecurityEnvironment > xSecEnv
189cdf0e10cSrcweir = aSecurityCtx->getSecurityEnvironmentByIndex(
190cdf0e10cSrcweir aSecurityCtx->getDefaultSecurityEnvironmentIndex());
191cdf0e10cSrcweir Reference< XUnoTunnel > xSecTunnel( xSecEnv , UNO_QUERY ) ;
192cdf0e10cSrcweir if( !xSecTunnel.is() ) {
193cdf0e10cSrcweir throw RuntimeException() ;
194cdf0e10cSrcweir }
195cdf0e10cSrcweir
196cdf0e10cSrcweir SecurityEnvironment_MSCryptImpl* pSecEnv = ( SecurityEnvironment_MSCryptImpl* )xSecTunnel->getSomething( SecurityEnvironment_MSCryptImpl::getUnoTunnelId() ) ;
197cdf0e10cSrcweir if( pSecEnv == NULL )
198cdf0e10cSrcweir throw RuntimeException() ;
199cdf0e10cSrcweir
200cdf0e10cSrcweir //Get the xml node
201cdf0e10cSrcweir Reference< XXMLElementWrapper > xElement = aTemplate->getTemplate() ;
202cdf0e10cSrcweir if( !xElement.is() )
203cdf0e10cSrcweir throw RuntimeException() ;
204cdf0e10cSrcweir
205cdf0e10cSrcweir Reference< XUnoTunnel > xNodTunnel( xElement , UNO_QUERY ) ;
206cdf0e10cSrcweir if( !xNodTunnel.is() ) {
207cdf0e10cSrcweir throw RuntimeException() ;
208cdf0e10cSrcweir }
209cdf0e10cSrcweir
210cdf0e10cSrcweir XMLElementWrapper_XmlSecImpl* pElement = ( XMLElementWrapper_XmlSecImpl* )xNodTunnel->getSomething( XMLElementWrapper_XmlSecImpl::getUnoTunnelImplementationId() ) ;
211cdf0e10cSrcweir if( pElement == NULL )
212cdf0e10cSrcweir throw RuntimeException() ;
213cdf0e10cSrcweir
214cdf0e10cSrcweir pNode = pElement->getNativeElement() ;
215cdf0e10cSrcweir
216cdf0e10cSrcweir //Get the stream/URI binding
217cdf0e10cSrcweir Reference< XUriBinding > xUriBinding = aTemplate->getBinding() ;
218cdf0e10cSrcweir if( xUriBinding.is() ) {
219cdf0e10cSrcweir //Register the stream input callbacks into libxml2
220cdf0e10cSrcweir if( xmlRegisterStreamInputCallbacks( xUriBinding ) < 0 )
221cdf0e10cSrcweir throw RuntimeException() ;
222cdf0e10cSrcweir }
223cdf0e10cSrcweir
224cdf0e10cSrcweir //added for test: save the result
225cdf0e10cSrcweir /*
226cdf0e10cSrcweir {
227cdf0e10cSrcweir FILE *dstFile = fopen( "c:\\1.txt", "w" ) ;
228cdf0e10cSrcweir xmlDocDump( dstFile, pNode->doc) ;
229cdf0e10cSrcweir fclose( dstFile ) ;
230cdf0e10cSrcweir }
231cdf0e10cSrcweir */
232cdf0e10cSrcweir
233cdf0e10cSrcweir setErrorRecorder( );
234cdf0e10cSrcweir
235cdf0e10cSrcweir pMngr = pSecEnv->createKeysManager() ; //i39448
236cdf0e10cSrcweir if( !pMngr ) {
237cdf0e10cSrcweir throw RuntimeException() ;
238cdf0e10cSrcweir }
239cdf0e10cSrcweir
240cdf0e10cSrcweir //Create Signature context
241cdf0e10cSrcweir pDsigCtx = xmlSecDSigCtxCreate( pMngr ) ;
242cdf0e10cSrcweir if( pDsigCtx == NULL )
243cdf0e10cSrcweir {
244cdf0e10cSrcweir pSecEnv->destroyKeysManager( pMngr ) ; //i39448
245cdf0e10cSrcweir //throw XMLSignatureException() ;
246cdf0e10cSrcweir clearErrorRecorder();
247cdf0e10cSrcweir return aTemplate;
248cdf0e10cSrcweir }
249cdf0e10cSrcweir
250cdf0e10cSrcweir //Verify signature
251cdf0e10cSrcweir //The documentation says that the signature is only valid if the return value is 0 (that is, not < 0)
252cdf0e10cSrcweir //AND pDsigCtx->status == xmlSecDSigStatusSucceeded. That is, we must not make any assumptions, if
253cdf0e10cSrcweir //the return value is < 0. Then we must regard the signature as INVALID. We cannot use the
254cdf0e10cSrcweir //error recorder feature to get the ONE error that made the verification fail, because there is no
255cdf0e10cSrcweir //documentation/specification as to how to interpret the number of recorded errors and what is the initial
256cdf0e10cSrcweir //error.
257cdf0e10cSrcweir if( xmlSecDSigCtxVerify( pDsigCtx , pNode ) == 0 )
258cdf0e10cSrcweir {
259cdf0e10cSrcweir if (pDsigCtx->status == xmlSecDSigStatusSucceeded)
260cdf0e10cSrcweir aTemplate->setStatus(com::sun::star::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED);
261cdf0e10cSrcweir else
262cdf0e10cSrcweir aTemplate->setStatus(com::sun::star::xml::crypto::SecurityOperationStatus_UNKNOWN);
263cdf0e10cSrcweir }
264cdf0e10cSrcweir else
265cdf0e10cSrcweir {
266cdf0e10cSrcweir aTemplate->setStatus(com::sun::star::xml::crypto::SecurityOperationStatus_UNKNOWN);
267cdf0e10cSrcweir }
268cdf0e10cSrcweir
269cdf0e10cSrcweir xmlSecDSigCtxDestroy( pDsigCtx ) ;
270cdf0e10cSrcweir pSecEnv->destroyKeysManager( pMngr ) ; //i39448
271cdf0e10cSrcweir
272cdf0e10cSrcweir //Unregistered the stream/URI binding
273cdf0e10cSrcweir if( xUriBinding.is() )
274cdf0e10cSrcweir xmlUnregisterStreamInputCallbacks() ;
275cdf0e10cSrcweir
276cdf0e10cSrcweir
277cdf0e10cSrcweir clearErrorRecorder();
278cdf0e10cSrcweir return aTemplate;
279cdf0e10cSrcweir }
280cdf0e10cSrcweir
281cdf0e10cSrcweir /* XInitialization */
initialize(const Sequence<Any> &)282cdf0e10cSrcweir void SAL_CALL XMLSignature_MSCryptImpl :: initialize( const Sequence< Any >& /*aArguments*/ ) throw( Exception, RuntimeException ) {
283cdf0e10cSrcweir // TBD
284cdf0e10cSrcweir } ;
285cdf0e10cSrcweir
286cdf0e10cSrcweir /* XServiceInfo */
getImplementationName()287cdf0e10cSrcweir OUString SAL_CALL XMLSignature_MSCryptImpl :: getImplementationName() throw( RuntimeException ) {
288cdf0e10cSrcweir return impl_getImplementationName() ;
289cdf0e10cSrcweir }
290cdf0e10cSrcweir
291cdf0e10cSrcweir /* XServiceInfo */
supportsService(const OUString & serviceName)292cdf0e10cSrcweir sal_Bool SAL_CALL XMLSignature_MSCryptImpl :: supportsService( const OUString& serviceName) throw( RuntimeException ) {
293cdf0e10cSrcweir Sequence< OUString > seqServiceNames = getSupportedServiceNames() ;
294cdf0e10cSrcweir const OUString* pArray = seqServiceNames.getConstArray() ;
295cdf0e10cSrcweir for( sal_Int32 i = 0 ; i < seqServiceNames.getLength() ; i ++ ) {
296cdf0e10cSrcweir if( *( pArray + i ) == serviceName )
297cdf0e10cSrcweir return sal_True ;
298cdf0e10cSrcweir }
299cdf0e10cSrcweir return sal_False ;
300cdf0e10cSrcweir }
301cdf0e10cSrcweir
302cdf0e10cSrcweir /* XServiceInfo */
getSupportedServiceNames()303cdf0e10cSrcweir Sequence< OUString > SAL_CALL XMLSignature_MSCryptImpl :: getSupportedServiceNames() throw( RuntimeException ) {
304cdf0e10cSrcweir return impl_getSupportedServiceNames() ;
305cdf0e10cSrcweir }
306cdf0e10cSrcweir
307cdf0e10cSrcweir //Helper for XServiceInfo
impl_getSupportedServiceNames()308cdf0e10cSrcweir Sequence< OUString > XMLSignature_MSCryptImpl :: impl_getSupportedServiceNames() {
309cdf0e10cSrcweir ::osl::Guard< ::osl::Mutex > aGuard( ::osl::Mutex::getGlobalMutex() ) ;
310cdf0e10cSrcweir Sequence< OUString > seqServiceNames( 1 ) ;
311cdf0e10cSrcweir seqServiceNames.getArray()[0] = OUString::createFromAscii( "com.sun.star.xml.crypto.XMLSignature" ) ;
312cdf0e10cSrcweir return seqServiceNames ;
313cdf0e10cSrcweir }
314cdf0e10cSrcweir
impl_getImplementationName()315cdf0e10cSrcweir OUString XMLSignature_MSCryptImpl :: impl_getImplementationName() throw( RuntimeException ) {
316cdf0e10cSrcweir return OUString::createFromAscii( "com.sun.star.xml.security.bridge.xmlsec.XMLSignature_MSCryptImpl" ) ;
317cdf0e10cSrcweir }
318cdf0e10cSrcweir
319cdf0e10cSrcweir //Helper for registry
impl_createInstance(const Reference<XMultiServiceFactory> & aServiceManager)320cdf0e10cSrcweir Reference< XInterface > SAL_CALL XMLSignature_MSCryptImpl :: impl_createInstance( const Reference< XMultiServiceFactory >& aServiceManager ) throw( RuntimeException ) {
321cdf0e10cSrcweir return Reference< XInterface >( *new XMLSignature_MSCryptImpl( aServiceManager ) ) ;
322cdf0e10cSrcweir }
323cdf0e10cSrcweir
impl_createFactory(const Reference<XMultiServiceFactory> & aServiceManager)324cdf0e10cSrcweir Reference< XSingleServiceFactory > XMLSignature_MSCryptImpl :: impl_createFactory( const Reference< XMultiServiceFactory >& aServiceManager ) {
325cdf0e10cSrcweir //Reference< XSingleServiceFactory > xFactory ;
326cdf0e10cSrcweir //xFactory = ::cppu::createSingleFactory( aServiceManager , impl_getImplementationName , impl_createInstance , impl_getSupportedServiceNames ) ;
327cdf0e10cSrcweir //return xFactory ;
328cdf0e10cSrcweir return ::cppu::createSingleFactory( aServiceManager , impl_getImplementationName() , impl_createInstance , impl_getSupportedServiceNames() ) ;
329cdf0e10cSrcweir }
330cdf0e10cSrcweir
331