1*06b3ce53SAndrew Rist /**************************************************************
2cdf0e10cSrcweir *
3*06b3ce53SAndrew Rist * Licensed to the Apache Software Foundation (ASF) under one
4*06b3ce53SAndrew Rist * or more contributor license agreements. See the NOTICE file
5*06b3ce53SAndrew Rist * distributed with this work for additional information
6*06b3ce53SAndrew Rist * regarding copyright ownership. The ASF licenses this file
7*06b3ce53SAndrew Rist * to you under the Apache License, Version 2.0 (the
8*06b3ce53SAndrew Rist * "License"); you may not use this file except in compliance
9*06b3ce53SAndrew Rist * with the License. You may obtain a copy of the License at
10*06b3ce53SAndrew Rist *
11*06b3ce53SAndrew Rist * http://www.apache.org/licenses/LICENSE-2.0
12*06b3ce53SAndrew Rist *
13*06b3ce53SAndrew Rist * Unless required by applicable law or agreed to in writing,
14*06b3ce53SAndrew Rist * software distributed under the License is distributed on an
15*06b3ce53SAndrew Rist * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16*06b3ce53SAndrew Rist * KIND, either express or implied. See the License for the
17*06b3ce53SAndrew Rist * specific language governing permissions and limitations
18*06b3ce53SAndrew Rist * under the License.
19*06b3ce53SAndrew Rist *
20*06b3ce53SAndrew Rist *************************************************************/
21*06b3ce53SAndrew Rist
22*06b3ce53SAndrew Rist
23cdf0e10cSrcweir
24cdf0e10cSrcweir // MARKER(update_precomp.py): autogen include statement, do not remove
25cdf0e10cSrcweir
26cdf0e10cSrcweir #include "precompiled_xmlsecurity.hxx"
27cdf0e10cSrcweir
28cdf0e10cSrcweir #include <documentdigitalsignatures.hxx>
29cdf0e10cSrcweir #include <xmlsecurity/digitalsignaturesdialog.hxx>
30cdf0e10cSrcweir #include <xmlsecurity/certificateviewer.hxx>
31cdf0e10cSrcweir #include <xmlsecurity/macrosecurity.hxx>
32cdf0e10cSrcweir #include <xmlsecurity/biginteger.hxx>
33cdf0e10cSrcweir #include <xmlsecurity/global.hrc>
34cdf0e10cSrcweir
35cdf0e10cSrcweir #include <xmloff/xmluconv.hxx>
36cdf0e10cSrcweir
37cdf0e10cSrcweir #include <../dialogs/resourcemanager.hxx>
38cdf0e10cSrcweir #include <com/sun/star/embed/XStorage.hpp>
39cdf0e10cSrcweir #include <com/sun/star/embed/XTransactedObject.hpp>
40cdf0e10cSrcweir #include <com/sun/star/embed/ElementModes.hpp>
41cdf0e10cSrcweir #include <com/sun/star/ucb/XContent.hpp>
42cdf0e10cSrcweir #include <com/sun/star/ucb/XContentProvider.hpp>
43cdf0e10cSrcweir #include <com/sun/star/ucb/XContentIdentifierFactory.hpp>
44cdf0e10cSrcweir #include <com/sun/star/ucb/XCommandEnvironment.hpp>
45cdf0e10cSrcweir #include <com/sun/star/ucb/XCommandProcessor.hpp>
46cdf0e10cSrcweir #include <com/sun/star/ucb/Command.hpp>
47cdf0e10cSrcweir #include <tools/urlobj.hxx>
48cdf0e10cSrcweir #include <vcl/msgbox.hxx>
49cdf0e10cSrcweir #include <unotools/securityoptions.hxx>
50cdf0e10cSrcweir #include <com/sun/star/security/CertificateValidity.hpp>
51cdf0e10cSrcweir #include <com/sun/star/security/SerialNumberAdapter.hpp>
52cdf0e10cSrcweir #include <ucbhelper/contentbroker.hxx>
53cdf0e10cSrcweir #include <unotools/ucbhelper.hxx>
54cdf0e10cSrcweir #include <comphelper/componentcontext.hxx>
55cdf0e10cSrcweir #include "comphelper/documentconstants.hxx"
56cdf0e10cSrcweir
57cdf0e10cSrcweir #include "com/sun/star/lang/IllegalArgumentException.hpp"
58cdf0e10cSrcweir
59cdf0e10cSrcweir #include <stdio.h>
60cdf0e10cSrcweir
61cdf0e10cSrcweir
62cdf0e10cSrcweir using namespace ::com::sun::star;
63cdf0e10cSrcweir using namespace ::com::sun::star::uno;
64cdf0e10cSrcweir namespace css = ::com::sun::star;
65cdf0e10cSrcweir
66cdf0e10cSrcweir #define OUSTR(x) ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM(x) )
67cdf0e10cSrcweir
DocumentDigitalSignatures(const Reference<XComponentContext> & rxCtx)68cdf0e10cSrcweir DocumentDigitalSignatures::DocumentDigitalSignatures( const Reference< XComponentContext >& rxCtx ):
69cdf0e10cSrcweir mxCtx(rxCtx),
70cdf0e10cSrcweir m_sODFVersion(ODFVER_012_TEXT),
71cdf0e10cSrcweir m_nArgumentsCount(0),
72cdf0e10cSrcweir m_bHasDocumentSignature(false)
73cdf0e10cSrcweir {
74cdf0e10cSrcweir }
75cdf0e10cSrcweir
initialize(const Sequence<Any> & aArguments)76cdf0e10cSrcweir void DocumentDigitalSignatures::initialize( const Sequence< Any >& aArguments)
77cdf0e10cSrcweir throw (css::uno::Exception, css::uno::RuntimeException)
78cdf0e10cSrcweir {
79cdf0e10cSrcweir if (aArguments.getLength() == 0 || aArguments.getLength() > 2)
80cdf0e10cSrcweir throw css::lang::IllegalArgumentException(
81cdf0e10cSrcweir OUSTR("DocumentDigitalSignatures::initialize requires one or two arguments"),
82cdf0e10cSrcweir Reference<XInterface>(static_cast<XInitialization*>(this), UNO_QUERY), 0);
83cdf0e10cSrcweir
84cdf0e10cSrcweir m_nArgumentsCount = aArguments.getLength();
85cdf0e10cSrcweir
86cdf0e10cSrcweir if (!(aArguments[0] >>= m_sODFVersion))
87cdf0e10cSrcweir throw css::lang::IllegalArgumentException(
88cdf0e10cSrcweir OUSTR("DocumentDigitalSignatures::initialize: the first arguments must be a string"),
89cdf0e10cSrcweir Reference<XInterface>(static_cast<XInitialization*>(this), UNO_QUERY), 0);
90cdf0e10cSrcweir
91cdf0e10cSrcweir if (aArguments.getLength() == 2
92cdf0e10cSrcweir && !(aArguments[1] >>= m_bHasDocumentSignature))
93cdf0e10cSrcweir throw css::lang::IllegalArgumentException(
94cdf0e10cSrcweir OUSTR("DocumentDigitalSignatures::initialize: the second arguments must be a bool"),
95cdf0e10cSrcweir Reference<XInterface>(static_cast<XInitialization*>(this), UNO_QUERY), 1);
96cdf0e10cSrcweir
97cdf0e10cSrcweir //the Version is supported as of ODF1.2, so for and 1.1 document or older we will receive the
98cdf0e10cSrcweir //an empty string. In this case we set it to ODFVER_010_TEXT. Then we can later check easily
99cdf0e10cSrcweir //if initialize was called. Only then m_sODFVersion.getLength() is greater than 0
100cdf0e10cSrcweir if (m_sODFVersion.getLength() == 0)
101cdf0e10cSrcweir m_sODFVersion = ODFVER_010_TEXT;
102cdf0e10cSrcweir }
103cdf0e10cSrcweir
signDocumentContent(const Reference<css::embed::XStorage> & rxStorage,const Reference<css::io::XStream> & xSignStream)104cdf0e10cSrcweir sal_Bool DocumentDigitalSignatures::signDocumentContent(
105cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage,
106cdf0e10cSrcweir const Reference< css::io::XStream >& xSignStream)
107cdf0e10cSrcweir throw (RuntimeException)
108cdf0e10cSrcweir {
109cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(), "DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
110cdf0e10cSrcweir return ImplViewSignatures( rxStorage, xSignStream, SignatureModeDocumentContent, false );
111cdf0e10cSrcweir }
112cdf0e10cSrcweir
113cdf0e10cSrcweir Sequence< css::security::DocumentSignatureInformation >
verifyDocumentContentSignatures(const Reference<css::embed::XStorage> & rxStorage,const Reference<css::io::XInputStream> & xSignInStream)114cdf0e10cSrcweir DocumentDigitalSignatures::verifyDocumentContentSignatures(
115cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage,
116cdf0e10cSrcweir const Reference< css::io::XInputStream >& xSignInStream ) throw (RuntimeException)
117cdf0e10cSrcweir {
118cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
119cdf0e10cSrcweir return ImplVerifySignatures( rxStorage, xSignInStream, SignatureModeDocumentContent );
120cdf0e10cSrcweir }
121cdf0e10cSrcweir
showDocumentContentSignatures(const Reference<css::embed::XStorage> & rxStorage,const Reference<css::io::XInputStream> & xSignInStream)122cdf0e10cSrcweir void DocumentDigitalSignatures::showDocumentContentSignatures(
123cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage,
124cdf0e10cSrcweir const Reference< css::io::XInputStream >& xSignInStream ) throw (RuntimeException)
125cdf0e10cSrcweir {
126cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
127cdf0e10cSrcweir ImplViewSignatures( rxStorage, xSignInStream, SignatureModeDocumentContent, true );
128cdf0e10cSrcweir }
129cdf0e10cSrcweir
getDocumentContentSignatureDefaultStreamName()130cdf0e10cSrcweir ::rtl::OUString DocumentDigitalSignatures::getDocumentContentSignatureDefaultStreamName()
131cdf0e10cSrcweir throw (css::uno::RuntimeException)
132cdf0e10cSrcweir {
133cdf0e10cSrcweir return DocumentSignatureHelper::GetDocumentContentSignatureDefaultStreamName();
134cdf0e10cSrcweir }
135cdf0e10cSrcweir
signScriptingContent(const Reference<css::embed::XStorage> & rxStorage,const Reference<css::io::XStream> & xSignStream)136cdf0e10cSrcweir sal_Bool DocumentDigitalSignatures::signScriptingContent(
137cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage,
138cdf0e10cSrcweir const Reference< css::io::XStream >& xSignStream ) throw (RuntimeException)
139cdf0e10cSrcweir {
140cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
141cdf0e10cSrcweir OSL_ENSURE(m_nArgumentsCount == 2, "DocumentDigitalSignatures: Service was not initialized properly");
142cdf0e10cSrcweir return ImplViewSignatures( rxStorage, xSignStream, SignatureModeMacros, false );
143cdf0e10cSrcweir }
144cdf0e10cSrcweir
145cdf0e10cSrcweir Sequence< css::security::DocumentSignatureInformation >
verifyScriptingContentSignatures(const Reference<css::embed::XStorage> & rxStorage,const Reference<css::io::XInputStream> & xSignInStream)146cdf0e10cSrcweir DocumentDigitalSignatures::verifyScriptingContentSignatures(
147cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage,
148cdf0e10cSrcweir const Reference< css::io::XInputStream >& xSignInStream ) throw (RuntimeException)
149cdf0e10cSrcweir {
150cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
151cdf0e10cSrcweir return ImplVerifySignatures( rxStorage, xSignInStream, SignatureModeMacros );
152cdf0e10cSrcweir }
153cdf0e10cSrcweir
showScriptingContentSignatures(const Reference<css::embed::XStorage> & rxStorage,const Reference<css::io::XInputStream> & xSignInStream)154cdf0e10cSrcweir void DocumentDigitalSignatures::showScriptingContentSignatures(
155cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage,
156cdf0e10cSrcweir const Reference< css::io::XInputStream >& xSignInStream ) throw (RuntimeException)
157cdf0e10cSrcweir {
158cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
159cdf0e10cSrcweir ImplViewSignatures( rxStorage, xSignInStream, SignatureModeMacros, true );
160cdf0e10cSrcweir }
161cdf0e10cSrcweir
getScriptingContentSignatureDefaultStreamName()162cdf0e10cSrcweir ::rtl::OUString DocumentDigitalSignatures::getScriptingContentSignatureDefaultStreamName()
163cdf0e10cSrcweir throw (css::uno::RuntimeException)
164cdf0e10cSrcweir {
165cdf0e10cSrcweir return DocumentSignatureHelper::GetScriptingContentSignatureDefaultStreamName();
166cdf0e10cSrcweir }
167cdf0e10cSrcweir
168cdf0e10cSrcweir
signPackage(const Reference<css::embed::XStorage> & rxStorage,const Reference<css::io::XStream> & xSignStream)169cdf0e10cSrcweir sal_Bool DocumentDigitalSignatures::signPackage(
170cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage,
171cdf0e10cSrcweir const Reference< css::io::XStream >& xSignStream ) throw (RuntimeException)
172cdf0e10cSrcweir {
173cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
174cdf0e10cSrcweir return ImplViewSignatures( rxStorage, xSignStream, SignatureModePackage, false );
175cdf0e10cSrcweir }
176cdf0e10cSrcweir
177cdf0e10cSrcweir Sequence< css::security::DocumentSignatureInformation >
verifyPackageSignatures(const Reference<css::embed::XStorage> & rxStorage,const Reference<css::io::XInputStream> & xSignInStream)178cdf0e10cSrcweir DocumentDigitalSignatures::verifyPackageSignatures(
179cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage,
180cdf0e10cSrcweir const Reference< css::io::XInputStream >& xSignInStream ) throw (RuntimeException)
181cdf0e10cSrcweir {
182cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
183cdf0e10cSrcweir return ImplVerifySignatures( rxStorage, xSignInStream, SignatureModePackage );
184cdf0e10cSrcweir }
185cdf0e10cSrcweir
showPackageSignatures(const Reference<css::embed::XStorage> & rxStorage,const Reference<css::io::XInputStream> & xSignInStream)186cdf0e10cSrcweir void DocumentDigitalSignatures::showPackageSignatures(
187cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage,
188cdf0e10cSrcweir const Reference< css::io::XInputStream >& xSignInStream ) throw (RuntimeException)
189cdf0e10cSrcweir {
190cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
191cdf0e10cSrcweir ImplViewSignatures( rxStorage, xSignInStream, SignatureModePackage, true );
192cdf0e10cSrcweir }
193cdf0e10cSrcweir
getPackageSignatureDefaultStreamName()194cdf0e10cSrcweir ::rtl::OUString DocumentDigitalSignatures::getPackageSignatureDefaultStreamName( )
195cdf0e10cSrcweir throw (::com::sun::star::uno::RuntimeException)
196cdf0e10cSrcweir {
197cdf0e10cSrcweir return DocumentSignatureHelper::GetPackageSignatureDefaultStreamName();
198cdf0e10cSrcweir }
199cdf0e10cSrcweir
200cdf0e10cSrcweir
ImplViewSignatures(const Reference<css::embed::XStorage> & rxStorage,const Reference<css::io::XInputStream> & xSignStream,DocumentSignatureMode eMode,bool bReadOnly)201cdf0e10cSrcweir sal_Bool DocumentDigitalSignatures::ImplViewSignatures(
202cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage,
203cdf0e10cSrcweir const Reference< css::io::XInputStream >& xSignStream,
204cdf0e10cSrcweir DocumentSignatureMode eMode, bool bReadOnly ) throw (RuntimeException)
205cdf0e10cSrcweir {
206cdf0e10cSrcweir Reference< io::XStream > xStream;
207cdf0e10cSrcweir if ( xSignStream.is() )
208cdf0e10cSrcweir xStream = Reference< io::XStream >( xSignStream, UNO_QUERY );
209cdf0e10cSrcweir return ImplViewSignatures( rxStorage, xStream, eMode, bReadOnly );
210cdf0e10cSrcweir }
211cdf0e10cSrcweir
ImplViewSignatures(const Reference<css::embed::XStorage> & rxStorage,const Reference<css::io::XStream> & xSignStream,DocumentSignatureMode eMode,bool bReadOnly)212cdf0e10cSrcweir sal_Bool DocumentDigitalSignatures::ImplViewSignatures(
213cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, const Reference< css::io::XStream >& xSignStream,
214cdf0e10cSrcweir DocumentSignatureMode eMode, bool bReadOnly ) throw (RuntimeException)
215cdf0e10cSrcweir {
216cdf0e10cSrcweir sal_Bool bChanges = sal_False;
217cdf0e10cSrcweir DigitalSignaturesDialog aSignaturesDialog(
218cdf0e10cSrcweir NULL, mxCtx, eMode, bReadOnly, m_sODFVersion, m_bHasDocumentSignature);
219cdf0e10cSrcweir bool bInit = aSignaturesDialog.Init();
220cdf0e10cSrcweir DBG_ASSERT( bInit, "Error initializing security context!" );
221cdf0e10cSrcweir if ( bInit )
222cdf0e10cSrcweir {
223cdf0e10cSrcweir aSignaturesDialog.SetStorage( rxStorage );
224cdf0e10cSrcweir aSignaturesDialog.SetSignatureStream( xSignStream );
225cdf0e10cSrcweir if ( aSignaturesDialog.Execute() )
226cdf0e10cSrcweir {
227cdf0e10cSrcweir if ( aSignaturesDialog.SignaturesChanged() )
228cdf0e10cSrcweir {
229cdf0e10cSrcweir bChanges = sal_True;
230cdf0e10cSrcweir // If we have a storage and no stream, we are responsible for commit
231cdf0e10cSrcweir if ( rxStorage.is() && !xSignStream.is() )
232cdf0e10cSrcweir {
233cdf0e10cSrcweir uno::Reference< embed::XTransactedObject > xTrans( rxStorage, uno::UNO_QUERY );
234cdf0e10cSrcweir xTrans->commit();
235cdf0e10cSrcweir }
236cdf0e10cSrcweir }
237cdf0e10cSrcweir }
238cdf0e10cSrcweir }
239cdf0e10cSrcweir else
240cdf0e10cSrcweir {
241cdf0e10cSrcweir WarningBox aBox( NULL, XMLSEC_RES( RID_XMLSECWB_NO_MOZILLA_PROFILE ) );
242cdf0e10cSrcweir aBox.Execute();
243cdf0e10cSrcweir }
244cdf0e10cSrcweir
245cdf0e10cSrcweir return bChanges;
246cdf0e10cSrcweir }
247cdf0e10cSrcweir
248cdf0e10cSrcweir Sequence< css::security::DocumentSignatureInformation >
ImplVerifySignatures(const Reference<css::embed::XStorage> & rxStorage,const Reference<css::io::XInputStream> & xSignStream,DocumentSignatureMode eMode)249cdf0e10cSrcweir DocumentDigitalSignatures::ImplVerifySignatures(
250cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage,
251cdf0e10cSrcweir const Reference< css::io::XInputStream >& xSignStream, DocumentSignatureMode eMode ) throw (RuntimeException)
252cdf0e10cSrcweir {
253cdf0e10cSrcweir if (!rxStorage.is())
254cdf0e10cSrcweir {
255cdf0e10cSrcweir DBG_ASSERT(0, "Error, no XStorage provided");
256cdf0e10cSrcweir return Sequence<css::security::DocumentSignatureInformation>();
257cdf0e10cSrcweir }
258cdf0e10cSrcweir // First check for the InputStream, to avoid unnecessary initialization of the security environemnt...
259cdf0e10cSrcweir SignatureStreamHelper aStreamHelper;
260cdf0e10cSrcweir Reference< io::XInputStream > xInputStream = xSignStream;
261cdf0e10cSrcweir
262cdf0e10cSrcweir if ( !xInputStream.is() )
263cdf0e10cSrcweir {
264cdf0e10cSrcweir aStreamHelper = DocumentSignatureHelper::OpenSignatureStream( rxStorage, embed::ElementModes::READ, eMode );
265cdf0e10cSrcweir if ( aStreamHelper.xSignatureStream.is() )
266cdf0e10cSrcweir xInputStream = Reference< io::XInputStream >( aStreamHelper.xSignatureStream, UNO_QUERY );
267cdf0e10cSrcweir }
268cdf0e10cSrcweir
269cdf0e10cSrcweir if ( !xInputStream.is() )
270cdf0e10cSrcweir return Sequence< ::com::sun::star::security::DocumentSignatureInformation >(0);
271cdf0e10cSrcweir
272cdf0e10cSrcweir
273cdf0e10cSrcweir XMLSignatureHelper aSignatureHelper( mxCtx );
274cdf0e10cSrcweir
275cdf0e10cSrcweir bool bInit = aSignatureHelper.Init();
276cdf0e10cSrcweir
277cdf0e10cSrcweir DBG_ASSERT( bInit, "Error initializing security context!" );
278cdf0e10cSrcweir
279cdf0e10cSrcweir if ( !bInit )
280cdf0e10cSrcweir return Sequence< ::com::sun::star::security::DocumentSignatureInformation >(0);
281cdf0e10cSrcweir
282cdf0e10cSrcweir aSignatureHelper.SetStorage(rxStorage, m_sODFVersion);
283cdf0e10cSrcweir
284cdf0e10cSrcweir aSignatureHelper.StartMission();
285cdf0e10cSrcweir
286cdf0e10cSrcweir aSignatureHelper.ReadAndVerifySignature( xInputStream );
287cdf0e10cSrcweir
288cdf0e10cSrcweir aSignatureHelper.EndMission();
289cdf0e10cSrcweir
290cdf0e10cSrcweir Reference< ::com::sun::star::xml::crypto::XSecurityEnvironment > xSecEnv = aSignatureHelper.GetSecurityEnvironment();
291cdf0e10cSrcweir
292cdf0e10cSrcweir SignatureInformations aSignInfos = aSignatureHelper.GetSignatureInformations();
293cdf0e10cSrcweir int nInfos = aSignInfos.size();
294cdf0e10cSrcweir Sequence< css::security::DocumentSignatureInformation > aInfos(nInfos);
295cdf0e10cSrcweir css::security::DocumentSignatureInformation* arInfos = aInfos.getArray();
296cdf0e10cSrcweir
297cdf0e10cSrcweir if ( nInfos )
298cdf0e10cSrcweir {
299cdf0e10cSrcweir Reference<security::XSerialNumberAdapter> xSerialNumberAdapter =
300cdf0e10cSrcweir ::com::sun::star::security::SerialNumberAdapter::create(mxCtx);
301cdf0e10cSrcweir
302cdf0e10cSrcweir for( int n = 0; n < nInfos; ++n )
303cdf0e10cSrcweir {
304cdf0e10cSrcweir DocumentSignatureAlgorithm mode = DocumentSignatureHelper::getDocumentAlgorithm(
305cdf0e10cSrcweir m_sODFVersion, aSignInfos[n]);
306cdf0e10cSrcweir const std::vector< rtl::OUString > aElementsToBeVerified =
307cdf0e10cSrcweir DocumentSignatureHelper::CreateElementList(
308cdf0e10cSrcweir rxStorage, ::rtl::OUString(), eMode, mode);
309cdf0e10cSrcweir
310cdf0e10cSrcweir const SignatureInformation& rInfo = aSignInfos[n];
311cdf0e10cSrcweir css::security::DocumentSignatureInformation& rSigInfo = arInfos[n];
312cdf0e10cSrcweir
313cdf0e10cSrcweir if (rInfo.ouX509Certificate.getLength())
314cdf0e10cSrcweir rSigInfo.Signer = xSecEnv->createCertificateFromAscii( rInfo.ouX509Certificate ) ;
315cdf0e10cSrcweir if (!rSigInfo.Signer.is())
316cdf0e10cSrcweir rSigInfo.Signer = xSecEnv->getCertificate( rInfo.ouX509IssuerName, xSerialNumberAdapter->toSequence( rInfo.ouX509SerialNumber ) );
317cdf0e10cSrcweir
318cdf0e10cSrcweir // --> PB 2004-12-14 #i38744# time support again
319cdf0e10cSrcweir Date aDate( rInfo.stDateTime.Day, rInfo.stDateTime.Month, rInfo.stDateTime.Year );
320cdf0e10cSrcweir Time aTime( rInfo.stDateTime.Hours, rInfo.stDateTime.Minutes,
321cdf0e10cSrcweir rInfo.stDateTime.Seconds, rInfo.stDateTime.HundredthSeconds );
322cdf0e10cSrcweir rSigInfo.SignatureDate = aDate.GetDate();
323cdf0e10cSrcweir rSigInfo.SignatureTime = aTime.GetTime();
324cdf0e10cSrcweir
325cdf0e10cSrcweir // Verify certificate
326cdf0e10cSrcweir //We have patched our version of libxmlsec, so that it does not verify the certificates. This has two
327cdf0e10cSrcweir //reasons. First we want two separate status for signature and certificate. Second libxmlsec calls
328cdf0e10cSrcweir //CERT_VerifyCertificate (solaris, linux) falsly, so that it always regards the certificate as valid.
329cdf0e10cSrcweir //On Window the checking of the certificate path is buggy. It does name matching (issuer, subject name)
330cdf0e10cSrcweir //to find the parent certificate. It does not take into account that there can be several certificates
331cdf0e10cSrcweir //with the same subject name.
332cdf0e10cSrcweir if (rSigInfo.Signer.is())
333cdf0e10cSrcweir {
334cdf0e10cSrcweir try {
335cdf0e10cSrcweir rSigInfo.CertificateStatus = xSecEnv->verifyCertificate(rSigInfo.Signer,
336cdf0e10cSrcweir Sequence<Reference<css::security::XCertificate> >());
337cdf0e10cSrcweir } catch (SecurityException& ) {
338cdf0e10cSrcweir OSL_ENSURE(0, "Verification of certificate failed");
339cdf0e10cSrcweir rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID;
340cdf0e10cSrcweir }
341cdf0e10cSrcweir }
342cdf0e10cSrcweir else
343cdf0e10cSrcweir {
344cdf0e10cSrcweir //We should always be aible to get the certificates because it is contained in the document,
345cdf0e10cSrcweir //unless the document is damaged so that signature xml file could not be parsed.
346cdf0e10cSrcweir rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID;
347cdf0e10cSrcweir }
348cdf0e10cSrcweir
349cdf0e10cSrcweir rSigInfo.SignatureIsValid = ( rInfo.nStatus == ::com::sun::star::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED );
350cdf0e10cSrcweir
351cdf0e10cSrcweir
352cdf0e10cSrcweir if ( rSigInfo.SignatureIsValid )
353cdf0e10cSrcweir {
354cdf0e10cSrcweir rSigInfo.SignatureIsValid =
355cdf0e10cSrcweir DocumentSignatureHelper::checkIfAllFilesAreSigned(
356cdf0e10cSrcweir aElementsToBeVerified, rInfo, mode);
357cdf0e10cSrcweir }
358cdf0e10cSrcweir if (eMode == SignatureModeDocumentContent)
359cdf0e10cSrcweir rSigInfo.PartialDocumentSignature =
360cdf0e10cSrcweir ! DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos[n]);
361cdf0e10cSrcweir
362cdf0e10cSrcweir }
363cdf0e10cSrcweir }
364cdf0e10cSrcweir return aInfos;
365cdf0e10cSrcweir
366cdf0e10cSrcweir }
367cdf0e10cSrcweir
manageTrustedSources()368cdf0e10cSrcweir void DocumentDigitalSignatures::manageTrustedSources( ) throw (RuntimeException)
369cdf0e10cSrcweir {
370cdf0e10cSrcweir // MT: i45295
371cdf0e10cSrcweir // SecEnv is only needed to display certificate information from trusted sources.
372cdf0e10cSrcweir // Macro Security also has some options where no security environment is needed, so raise dialog anyway.
373cdf0e10cSrcweir // Later I should change the code so the Dialog creates the SecEnv on demand...
374cdf0e10cSrcweir
375cdf0e10cSrcweir Reference< dcss::xml::crypto::XSecurityEnvironment > xSecEnv;
376cdf0e10cSrcweir
377cdf0e10cSrcweir XMLSignatureHelper aSignatureHelper( mxCtx );
378cdf0e10cSrcweir if ( aSignatureHelper.Init() )
379cdf0e10cSrcweir xSecEnv = aSignatureHelper.GetSecurityEnvironment();
380cdf0e10cSrcweir
381cdf0e10cSrcweir MacroSecurity aDlg( NULL, mxCtx, xSecEnv );
382cdf0e10cSrcweir aDlg.Execute();
383cdf0e10cSrcweir }
384cdf0e10cSrcweir
showCertificate(const Reference<css::security::XCertificate> & _Certificate)385cdf0e10cSrcweir void DocumentDigitalSignatures::showCertificate(
386cdf0e10cSrcweir const Reference< css::security::XCertificate >& _Certificate ) throw (RuntimeException)
387cdf0e10cSrcweir {
388cdf0e10cSrcweir XMLSignatureHelper aSignatureHelper( mxCtx );
389cdf0e10cSrcweir
390cdf0e10cSrcweir bool bInit = aSignatureHelper.Init();
391cdf0e10cSrcweir
392cdf0e10cSrcweir DBG_ASSERT( bInit, "Error initializing security context!" );
393cdf0e10cSrcweir
394cdf0e10cSrcweir if ( bInit )
395cdf0e10cSrcweir {
396cdf0e10cSrcweir CertificateViewer aViewer( NULL, aSignatureHelper.GetSecurityEnvironment(), _Certificate, sal_False );
397cdf0e10cSrcweir aViewer.Execute();
398cdf0e10cSrcweir }
399cdf0e10cSrcweir
400cdf0e10cSrcweir }
401cdf0e10cSrcweir
isAuthorTrusted(const Reference<css::security::XCertificate> & Author)402cdf0e10cSrcweir ::sal_Bool DocumentDigitalSignatures::isAuthorTrusted(
403cdf0e10cSrcweir const Reference< css::security::XCertificate >& Author ) throw (RuntimeException)
404cdf0e10cSrcweir {
405cdf0e10cSrcweir sal_Bool bFound = sal_False;
406cdf0e10cSrcweir
407cdf0e10cSrcweir Reference<security::XSerialNumberAdapter> xSerialNumberAdapter =
408cdf0e10cSrcweir ::com::sun::star::security::SerialNumberAdapter::create(mxCtx);
409cdf0e10cSrcweir
410cdf0e10cSrcweir ::rtl::OUString sSerialNum = xSerialNumberAdapter->toString( Author->getSerialNumber() );
411cdf0e10cSrcweir
412cdf0e10cSrcweir Sequence< SvtSecurityOptions::Certificate > aTrustedAuthors = SvtSecurityOptions().GetTrustedAuthors();
413cdf0e10cSrcweir const SvtSecurityOptions::Certificate* pAuthors = aTrustedAuthors.getConstArray();
414cdf0e10cSrcweir const SvtSecurityOptions::Certificate* pAuthorsEnd = pAuthors + aTrustedAuthors.getLength();
415cdf0e10cSrcweir for ( ; pAuthors != pAuthorsEnd; ++pAuthors )
416cdf0e10cSrcweir {
417cdf0e10cSrcweir SvtSecurityOptions::Certificate aAuthor = *pAuthors;
418cdf0e10cSrcweir if ( ( aAuthor[0] == Author->getIssuerName() ) && ( aAuthor[1] == sSerialNum ) )
419cdf0e10cSrcweir {
420cdf0e10cSrcweir bFound = sal_True;
421cdf0e10cSrcweir break;
422cdf0e10cSrcweir }
423cdf0e10cSrcweir }
424cdf0e10cSrcweir
425cdf0e10cSrcweir return bFound;
426cdf0e10cSrcweir }
427cdf0e10cSrcweir
isLocationTrusted(const::rtl::OUString & Location)428cdf0e10cSrcweir ::sal_Bool DocumentDigitalSignatures::isLocationTrusted( const ::rtl::OUString& Location ) throw (RuntimeException)
429cdf0e10cSrcweir {
430cdf0e10cSrcweir sal_Bool bFound = sal_False;
431cdf0e10cSrcweir INetURLObject aLocObj( Location );
432cdf0e10cSrcweir INetURLObject aLocObjLowCase( Location.toAsciiLowerCase() ); // will be used for case insensitive comparing
433cdf0e10cSrcweir
434cdf0e10cSrcweir ::com::sun::star::uno::Reference< ::com::sun::star::ucb::XContentProvider > xContentProvider;
435cdf0e10cSrcweir ::ucbhelper::ContentBroker* pBroker = NULL;
436cdf0e10cSrcweir
437cdf0e10cSrcweir //warning free code
438cdf0e10cSrcweir //if ( aLocObj.GetProtocol() == INET_PROT_FILE && ( pBroker = ::ucbhelper::ContentBroker::get() ) )
439cdf0e10cSrcweir // xContentProvider = pBroker->getContentProviderInterface();
440cdf0e10cSrcweir if ( aLocObj.GetProtocol() == INET_PROT_FILE)
441cdf0e10cSrcweir {
442cdf0e10cSrcweir pBroker = ::ucbhelper::ContentBroker::get();
443cdf0e10cSrcweir if (pBroker)
444cdf0e10cSrcweir xContentProvider = pBroker->getContentProviderInterface();
445cdf0e10cSrcweir }
446cdf0e10cSrcweir
447cdf0e10cSrcweir Sequence< ::rtl::OUString > aSecURLs = SvtSecurityOptions().GetSecureURLs();
448cdf0e10cSrcweir const ::rtl::OUString* pSecURLs = aSecURLs.getConstArray();
449cdf0e10cSrcweir const ::rtl::OUString* pSecURLsEnd = pSecURLs + aSecURLs.getLength();
450cdf0e10cSrcweir for ( ; pSecURLs != pSecURLsEnd && !bFound; ++pSecURLs )
451cdf0e10cSrcweir bFound = ::utl::UCBContentHelper::IsSubPath( *pSecURLs, Location, xContentProvider );
452cdf0e10cSrcweir
453cdf0e10cSrcweir return bFound;
454cdf0e10cSrcweir }
455cdf0e10cSrcweir
addAuthorToTrustedSources(const Reference<css::security::XCertificate> & Author)456cdf0e10cSrcweir void DocumentDigitalSignatures::addAuthorToTrustedSources(
457cdf0e10cSrcweir const Reference< css::security::XCertificate >& Author ) throw (RuntimeException)
458cdf0e10cSrcweir {
459cdf0e10cSrcweir SvtSecurityOptions aSecOpts;
460cdf0e10cSrcweir
461cdf0e10cSrcweir Reference<security::XSerialNumberAdapter> xSerialNumberAdapter =
462cdf0e10cSrcweir ::com::sun::star::security::SerialNumberAdapter::create(mxCtx);
463cdf0e10cSrcweir
464cdf0e10cSrcweir SvtSecurityOptions::Certificate aNewCert( 3 );
465cdf0e10cSrcweir aNewCert[ 0 ] = Author->getIssuerName();
466cdf0e10cSrcweir aNewCert[ 1 ] = xSerialNumberAdapter->toString( Author->getSerialNumber() );
467cdf0e10cSrcweir
468cdf0e10cSrcweir rtl::OUStringBuffer aStrBuffer;
469cdf0e10cSrcweir SvXMLUnitConverter::encodeBase64(aStrBuffer, Author->getEncoded());
470cdf0e10cSrcweir aNewCert[ 2 ] = aStrBuffer.makeStringAndClear();
471cdf0e10cSrcweir
472cdf0e10cSrcweir
473cdf0e10cSrcweir Sequence< SvtSecurityOptions::Certificate > aTrustedAuthors = aSecOpts.GetTrustedAuthors();
474cdf0e10cSrcweir sal_Int32 nCnt = aTrustedAuthors.getLength();
475cdf0e10cSrcweir aTrustedAuthors.realloc( nCnt + 1 );
476cdf0e10cSrcweir aTrustedAuthors[ nCnt ] = aNewCert;
477cdf0e10cSrcweir
478cdf0e10cSrcweir aSecOpts.SetTrustedAuthors( aTrustedAuthors );
479cdf0e10cSrcweir }
480cdf0e10cSrcweir
addLocationToTrustedSources(const::rtl::OUString & Location)481cdf0e10cSrcweir void DocumentDigitalSignatures::addLocationToTrustedSources( const ::rtl::OUString& Location ) throw (RuntimeException)
482cdf0e10cSrcweir {
483cdf0e10cSrcweir SvtSecurityOptions aSecOpt;
484cdf0e10cSrcweir
485cdf0e10cSrcweir Sequence< ::rtl::OUString > aSecURLs = aSecOpt.GetSecureURLs();
486cdf0e10cSrcweir sal_Int32 nCnt = aSecURLs.getLength();
487cdf0e10cSrcweir aSecURLs.realloc( nCnt + 1 );
488cdf0e10cSrcweir aSecURLs[ nCnt ] = Location;
489cdf0e10cSrcweir
490cdf0e10cSrcweir aSecOpt.SetSecureURLs( aSecURLs );
491cdf0e10cSrcweir }
492cdf0e10cSrcweir
GetImplementationName()493cdf0e10cSrcweir rtl::OUString DocumentDigitalSignatures::GetImplementationName() throw (RuntimeException)
494cdf0e10cSrcweir {
495cdf0e10cSrcweir return rtl::OUString ( RTL_CONSTASCII_USTRINGPARAM ( "com.sun.star.security.DocumentDigitalSignatures" ) );
496cdf0e10cSrcweir }
497cdf0e10cSrcweir
GetSupportedServiceNames()498cdf0e10cSrcweir Sequence< rtl::OUString > DocumentDigitalSignatures::GetSupportedServiceNames() throw (cssu::RuntimeException)
499cdf0e10cSrcweir {
500cdf0e10cSrcweir Sequence < rtl::OUString > aRet(1);
501cdf0e10cSrcweir rtl::OUString* pArray = aRet.getArray();
502cdf0e10cSrcweir pArray[0] = rtl::OUString( RTL_CONSTASCII_USTRINGPARAM ( "com.sun.star.security.DocumentDigitalSignatures" ) );
503cdf0e10cSrcweir return aRet;
504cdf0e10cSrcweir }
505cdf0e10cSrcweir
506cdf0e10cSrcweir
DocumentDigitalSignatures_CreateInstance(const Reference<XComponentContext> & rCtx)507cdf0e10cSrcweir Reference< XInterface > DocumentDigitalSignatures_CreateInstance(
508cdf0e10cSrcweir const Reference< XComponentContext >& rCtx) throw ( Exception )
509cdf0e10cSrcweir {
510cdf0e10cSrcweir return (cppu::OWeakObject*) new DocumentDigitalSignatures( rCtx );
511cdf0e10cSrcweir }
512cdf0e10cSrcweir
513