1 /**************************************************************
2  *
3  * Licensed to the Apache Software Foundation (ASF) under one
4  * or more contributor license agreements.  See the NOTICE file
5  * distributed with this work for additional information
6  * regarding copyright ownership.  The ASF licenses this file
7  * to you under the Apache License, Version 2.0 (the
8  * "License"); you may not use this file except in compliance
9  * with the License.  You may obtain a copy of the License at
10  *
11  *   http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing,
14  * software distributed under the License is distributed on an
15  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16  * KIND, either express or implied.  See the License for the
17  * specific language governing permissions and limitations
18  * under the License.
19  *
20  *************************************************************/
21 
22 
23 
24 #ifndef _XMLSECURITY_XMLSIGNATUREHELPER_HXX
25 #define _XMLSECURITY_XMLSIGNATUREHELPER_HXX
26 
27 #ifndef _STLP_VECTOR
28 #include <vector>
29 #endif
30 
31 #include <tools/link.hxx>
32 
33 #include <rtl/ustring.hxx>
34 
35 #include <xmlsecurity/sigstruct.hxx>
36 
37 #include <com/sun/star/uno/XComponentContext.hpp>
38 #include <com/sun/star/xml/sax/XDocumentHandler.hpp>
39 #include <com/sun/star/xml/crypto/XUriBinding.hpp>
40 #include <com/sun/star/xml/crypto/XSEInitializer.hpp>
41 #include <com/sun/star/xml/crypto/sax/XSecurityController.hpp>
42 #include <com/sun/star/xml/crypto/sax/XSignatureCreationResultListener.hpp>
43 #include <com/sun/star/xml/crypto/sax/XSignatureVerifyResultListener.hpp>
44 
45 class XSecController;
46 class Date;
47 class Time;
48 
49 namespace com {
50 namespace sun {
51 namespace star {
52 namespace io {
53     class XOutputStream;
54     class XInputStream; }
55 namespace embed {
56     class XStorage; }
57 }}}
58 
59 struct XMLSignatureCreationResult
60 {
61     sal_Int32 nSecurityId;
62     com::sun::star::xml::crypto::SecurityOperationStatus nSignatureCreationResult;
63 
XMLSignatureCreationResultXMLSignatureCreationResult64     XMLSignatureCreationResult( sal_Int32 nId, com::sun::star::xml::crypto::SecurityOperationStatus nResult )
65     {
66         nSecurityId = nId;
67         nSignatureCreationResult = nResult;
68     }
69 };
70 
71 struct XMLSignatureVerifyResult
72 {
73     sal_Int32 nSecurityId;
74     com::sun::star::xml::crypto::SecurityOperationStatus nSignatureVerifyResult;
75 
XMLSignatureVerifyResultXMLSignatureVerifyResult76     XMLSignatureVerifyResult( sal_Int32 nId, com::sun::star::xml::crypto::SecurityOperationStatus nResult )
77     {
78         nSecurityId = nId;
79         nSignatureVerifyResult = nResult;
80     }
81 };
82 
83 typedef ::std::vector<XMLSignatureCreationResult> XMLSignatureCreationResults;
84 typedef ::std::vector<XMLSignatureVerifyResult> XMLSignatureVerifyResults;
85 
86 
87 
88 /**********************************************************
89  XMLSignatureHelper
90 
91  Helper class for the XML Security framework
92 
93  Functions:
94  1. help to create a security context;
95  2. help to listen signature creation result;
96  3. help to listen signature verify result;
97  4. help to indicate which signature to verify.
98 
99  **********************************************************/
100 
101 class XMLSignatureHelper
102 {
103 private:
104     ::com::sun::star::uno::Reference< com::sun::star::uno::XComponentContext > mxCtx;
105     ::com::sun::star::uno::Reference< com::sun::star::xml::crypto::sax::XSecurityController > mxSecurityController;
106     ::com::sun::star::uno::Reference< com::sun::star::xml::crypto::XUriBinding > mxUriBinding;
107 
108     ::com::sun::star::uno::Reference< com::sun::star::xml::crypto::XSEInitializer > mxSEInitializer;
109     ::com::sun::star::uno::Reference< com::sun::star::xml::crypto::XXMLSecurityContext > mxSecurityContext;
110 
111     XMLSignatureCreationResults maCreationResults;
112     XMLSignatureVerifyResults   maVerifyResults;
113     XSecController*             mpXSecController;
114     bool                        mbError;
115     bool mbODFPre1_2;
116     Link                        maStartVerifySignatureHdl;
117 
118 private:
119     void        ImplCreateSEInitializer();
120     DECL_LINK(  SignatureCreationResultListener, XMLSignatureCreationResult*);
121     DECL_LINK(  SignatureVerifyResultListener, XMLSignatureVerifyResult* );
122     DECL_LINK(  StartVerifySignatureElement, const com::sun::star::uno::Reference< com::sun::star::xml::sax::XAttributeList >* );
123 
124     // Not allowed:
125     XMLSignatureHelper(const XMLSignatureHelper&);
126 
127 public:
128     XMLSignatureHelper(const com::sun::star::uno::Reference< com::sun::star::uno::XComponentContext >& mrCtx );
129     ~XMLSignatureHelper();
130 
131     // Initialize the security context with default crypto token.
132     // Returns true for success.
133     bool        Init();
134 
135                 // Set UriBinding to create input streams to open files.
136                 // Default implementation is capable to open files from disk.
137     void        SetUriBinding( com::sun::star::uno::Reference< com::sun::star::xml::crypto::XUriBinding >& rxUriBinding );
138     com::sun::star::uno::Reference< com::sun::star::xml::crypto::XUriBinding > GetUriBinding() const;
139 
140     // Set the storage which should be used by the default UriBinding
141     // Must be set before StatrtMission().
142     //sODFVersion indicates  the ODF version
143     void        SetStorage( const com::sun::star::uno::Reference < com::sun::star::embed::XStorage >& rxStorage, ::rtl::OUString sODFVersion );
144 
145                 // Argument for the Link is a uno::Reference< xml::sax::XAttributeList >*
146                 // Return 1 to verify, 0 to skip.
147                 // Default handler will verify all.
148     void        SetStartVerifySignatureHdl( const Link& rLink );
149 
150                 // Get the security environment
151     ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XSecurityEnvironment > GetSecurityEnvironment();
152     ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XSecurityEnvironment > GetSecurityEnvironmentByIndex(sal_Int32 nId);
153 	sal_Int32 GetSecurityEnvironmentNumber();
154 
155                 // After signing/veryfieng, get information about signatures
156     SignatureInformation  GetSignatureInformation( sal_Int32 nSecurityId ) const;
157     SignatureInformations GetSignatureInformations() const;
158 
159                 // See XSecController for documentation
160     void        StartMission();
161     void        EndMission();
162     sal_Int32   GetNewSecurityId();
163     /** sets data that describes the certificate.
164 
165         It is absolutely necessary that the parameter ouX509IssuerName is set. It contains
166         the base64 encoded certificate, which is DER encoded. The XMLSec needs it to find
167         the private key. Although issuer name and certificate should be sufficient to identify
168         the certificate the implementation in XMLSec is broken, both for Windows and mozilla.
169         The reason is that they use functions to find the certificate which take as parameter
170         the DER encoded ASN.1 issuer name. The issuer name is a DName, where most attributes
171         are of type DirectoryName, which is a choice of 5 string types. This information is
172         not contained in the issuer string and while it is converted to the ASN.1 name the
173         conversion function must assume a particular type, which is often wrong. For example,
174         the Windows function CertStrToName will use a T.61 string if the string does not contain
175         special characters. So if the certificate uses simple characters but encodes the
176         issuer attributes in Utf8, then CertStrToName will use T.61. The resulting DER encoded
177         ASN.1 name now contains different bytes which indicate the string type. The functions
178         for finding the certificate apparently use memcmp - hence they fail to find the
179         certificate.
180      */
181     void SetX509Certificate(sal_Int32 nSecurityId, const rtl::OUString& ouX509IssuerName,
182 		const rtl::OUString& ouX509SerialNumber, const rtl::OUString& ouX509Cert);
183 
184     void SetX509Certificate(sal_Int32 nSecurityId, sal_Int32 nSecurityEnvironmentIndex,
185 		const rtl::OUString& ouX509IssuerName,	const rtl::OUString& ouX509SerialNumber,
186 		const rtl::OUString& ouX509Cert);
187     void	    SetDateTime( sal_Int32 nSecurityId, const Date& rDate, const Time& rTime );
188 
189     void        AddForSigning( sal_Int32 securityId, const rtl::OUString& uri, const rtl::OUString& objectURL, sal_Bool bBinary );
190     bool        CreateAndWriteSignature( const com::sun::star::uno::Reference< com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler );
191     bool        CreateAndWriteSignature( const com::sun::star::uno::Reference< com::sun::star::io::XOutputStream >& xOutputStream );
192     bool        ReadAndVerifySignature( const com::sun::star::uno::Reference< com::sun::star::io::XInputStream >& xInputStream );
193 
194 	// MT: ??? I think only for adding/removing, not for new signatures...
195     // MM: Yes, but if you want to insert a new signature into an existing signature file, those function
196     //     will be very usefull, see Mission 3 in the new "multisigdemo" program   :-)
197 	::com::sun::star::uno::Reference< ::com::sun::star::xml::sax::XDocumentHandler> CreateDocumentHandlerWithHeader( const com::sun::star::uno::Reference< com::sun::star::io::XOutputStream >& xOutputStream );
198 	void CloseDocumentHandler( const ::com::sun::star::uno::Reference< com::sun::star::xml::sax::XDocumentHandler>& xDocumentHandler );
199 	void ExportSignature( const com::sun::star::uno::Reference< com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler, const SignatureInformation& signatureInfo );
200 };
201 
202 #endif // _XMLSECURITY_XMLSIGNATUREHELPER_HXX
203