1*cdf0e10cSrcweir /************************************************************************* 2*cdf0e10cSrcweir * 3*cdf0e10cSrcweir * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4*cdf0e10cSrcweir * 5*cdf0e10cSrcweir * Copyright 2000, 2010 Oracle and/or its affiliates. 6*cdf0e10cSrcweir * 7*cdf0e10cSrcweir * OpenOffice.org - a multi-platform office productivity suite 8*cdf0e10cSrcweir * 9*cdf0e10cSrcweir * This file is part of OpenOffice.org. 10*cdf0e10cSrcweir * 11*cdf0e10cSrcweir * OpenOffice.org is free software: you can redistribute it and/or modify 12*cdf0e10cSrcweir * it under the terms of the GNU Lesser General Public License version 3 13*cdf0e10cSrcweir * only, as published by the Free Software Foundation. 14*cdf0e10cSrcweir * 15*cdf0e10cSrcweir * OpenOffice.org is distributed in the hope that it will be useful, 16*cdf0e10cSrcweir * but WITHOUT ANY WARRANTY; without even the implied warranty of 17*cdf0e10cSrcweir * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18*cdf0e10cSrcweir * GNU Lesser General Public License version 3 for more details 19*cdf0e10cSrcweir * (a copy is included in the LICENSE file that accompanied this code). 20*cdf0e10cSrcweir * 21*cdf0e10cSrcweir * You should have received a copy of the GNU Lesser General Public License 22*cdf0e10cSrcweir * version 3 along with OpenOffice.org. If not, see 23*cdf0e10cSrcweir * <http://www.openoffice.org/license.html> 24*cdf0e10cSrcweir * for a copy of the LGPLv3 License. 25*cdf0e10cSrcweir * 26*cdf0e10cSrcweir ************************************************************************/ 27*cdf0e10cSrcweir 28*cdf0e10cSrcweir // MARKER(update_precomp.py): autogen include statement, do not remove 29*cdf0e10cSrcweir 30*cdf0e10cSrcweir #include "precompiled_xmlsecurity.hxx" 31*cdf0e10cSrcweir 32*cdf0e10cSrcweir #include <documentdigitalsignatures.hxx> 33*cdf0e10cSrcweir #include <xmlsecurity/digitalsignaturesdialog.hxx> 34*cdf0e10cSrcweir #include <xmlsecurity/certificateviewer.hxx> 35*cdf0e10cSrcweir #include <xmlsecurity/macrosecurity.hxx> 36*cdf0e10cSrcweir #include <xmlsecurity/biginteger.hxx> 37*cdf0e10cSrcweir #include <xmlsecurity/global.hrc> 38*cdf0e10cSrcweir 39*cdf0e10cSrcweir #include <xmloff/xmluconv.hxx> 40*cdf0e10cSrcweir 41*cdf0e10cSrcweir #include <../dialogs/resourcemanager.hxx> 42*cdf0e10cSrcweir #include <com/sun/star/embed/XStorage.hpp> 43*cdf0e10cSrcweir #include <com/sun/star/embed/XTransactedObject.hpp> 44*cdf0e10cSrcweir #include <com/sun/star/embed/ElementModes.hpp> 45*cdf0e10cSrcweir #include <com/sun/star/ucb/XContent.hpp> 46*cdf0e10cSrcweir #include <com/sun/star/ucb/XContentProvider.hpp> 47*cdf0e10cSrcweir #include <com/sun/star/ucb/XContentIdentifierFactory.hpp> 48*cdf0e10cSrcweir #include <com/sun/star/ucb/XCommandEnvironment.hpp> 49*cdf0e10cSrcweir #include <com/sun/star/ucb/XCommandProcessor.hpp> 50*cdf0e10cSrcweir #include <com/sun/star/ucb/Command.hpp> 51*cdf0e10cSrcweir #include <tools/urlobj.hxx> 52*cdf0e10cSrcweir #include <vcl/msgbox.hxx> 53*cdf0e10cSrcweir #include <unotools/securityoptions.hxx> 54*cdf0e10cSrcweir #include <com/sun/star/security/CertificateValidity.hpp> 55*cdf0e10cSrcweir #include <com/sun/star/security/SerialNumberAdapter.hpp> 56*cdf0e10cSrcweir #include <ucbhelper/contentbroker.hxx> 57*cdf0e10cSrcweir #include <unotools/ucbhelper.hxx> 58*cdf0e10cSrcweir #include <comphelper/componentcontext.hxx> 59*cdf0e10cSrcweir #include "comphelper/documentconstants.hxx" 60*cdf0e10cSrcweir 61*cdf0e10cSrcweir #include "com/sun/star/lang/IllegalArgumentException.hpp" 62*cdf0e10cSrcweir 63*cdf0e10cSrcweir #include <stdio.h> 64*cdf0e10cSrcweir 65*cdf0e10cSrcweir 66*cdf0e10cSrcweir using namespace ::com::sun::star; 67*cdf0e10cSrcweir using namespace ::com::sun::star::uno; 68*cdf0e10cSrcweir namespace css = ::com::sun::star; 69*cdf0e10cSrcweir 70*cdf0e10cSrcweir #define OUSTR(x) ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM(x) ) 71*cdf0e10cSrcweir 72*cdf0e10cSrcweir DocumentDigitalSignatures::DocumentDigitalSignatures( const Reference< XComponentContext >& rxCtx ): 73*cdf0e10cSrcweir mxCtx(rxCtx), 74*cdf0e10cSrcweir m_sODFVersion(ODFVER_012_TEXT), 75*cdf0e10cSrcweir m_nArgumentsCount(0), 76*cdf0e10cSrcweir m_bHasDocumentSignature(false) 77*cdf0e10cSrcweir { 78*cdf0e10cSrcweir } 79*cdf0e10cSrcweir 80*cdf0e10cSrcweir void DocumentDigitalSignatures::initialize( const Sequence< Any >& aArguments) 81*cdf0e10cSrcweir throw (css::uno::Exception, css::uno::RuntimeException) 82*cdf0e10cSrcweir { 83*cdf0e10cSrcweir if (aArguments.getLength() == 0 || aArguments.getLength() > 2) 84*cdf0e10cSrcweir throw css::lang::IllegalArgumentException( 85*cdf0e10cSrcweir OUSTR("DocumentDigitalSignatures::initialize requires one or two arguments"), 86*cdf0e10cSrcweir Reference<XInterface>(static_cast<XInitialization*>(this), UNO_QUERY), 0); 87*cdf0e10cSrcweir 88*cdf0e10cSrcweir m_nArgumentsCount = aArguments.getLength(); 89*cdf0e10cSrcweir 90*cdf0e10cSrcweir if (!(aArguments[0] >>= m_sODFVersion)) 91*cdf0e10cSrcweir throw css::lang::IllegalArgumentException( 92*cdf0e10cSrcweir OUSTR("DocumentDigitalSignatures::initialize: the first arguments must be a string"), 93*cdf0e10cSrcweir Reference<XInterface>(static_cast<XInitialization*>(this), UNO_QUERY), 0); 94*cdf0e10cSrcweir 95*cdf0e10cSrcweir if (aArguments.getLength() == 2 96*cdf0e10cSrcweir && !(aArguments[1] >>= m_bHasDocumentSignature)) 97*cdf0e10cSrcweir throw css::lang::IllegalArgumentException( 98*cdf0e10cSrcweir OUSTR("DocumentDigitalSignatures::initialize: the second arguments must be a bool"), 99*cdf0e10cSrcweir Reference<XInterface>(static_cast<XInitialization*>(this), UNO_QUERY), 1); 100*cdf0e10cSrcweir 101*cdf0e10cSrcweir //the Version is supported as of ODF1.2, so for and 1.1 document or older we will receive the 102*cdf0e10cSrcweir //an empty string. In this case we set it to ODFVER_010_TEXT. Then we can later check easily 103*cdf0e10cSrcweir //if initialize was called. Only then m_sODFVersion.getLength() is greater than 0 104*cdf0e10cSrcweir if (m_sODFVersion.getLength() == 0) 105*cdf0e10cSrcweir m_sODFVersion = ODFVER_010_TEXT; 106*cdf0e10cSrcweir } 107*cdf0e10cSrcweir 108*cdf0e10cSrcweir sal_Bool DocumentDigitalSignatures::signDocumentContent( 109*cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, 110*cdf0e10cSrcweir const Reference< css::io::XStream >& xSignStream) 111*cdf0e10cSrcweir throw (RuntimeException) 112*cdf0e10cSrcweir { 113*cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(), "DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2"); 114*cdf0e10cSrcweir return ImplViewSignatures( rxStorage, xSignStream, SignatureModeDocumentContent, false ); 115*cdf0e10cSrcweir } 116*cdf0e10cSrcweir 117*cdf0e10cSrcweir Sequence< css::security::DocumentSignatureInformation > 118*cdf0e10cSrcweir DocumentDigitalSignatures::verifyDocumentContentSignatures( 119*cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, 120*cdf0e10cSrcweir const Reference< css::io::XInputStream >& xSignInStream ) throw (RuntimeException) 121*cdf0e10cSrcweir { 122*cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2"); 123*cdf0e10cSrcweir return ImplVerifySignatures( rxStorage, xSignInStream, SignatureModeDocumentContent ); 124*cdf0e10cSrcweir } 125*cdf0e10cSrcweir 126*cdf0e10cSrcweir void DocumentDigitalSignatures::showDocumentContentSignatures( 127*cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, 128*cdf0e10cSrcweir const Reference< css::io::XInputStream >& xSignInStream ) throw (RuntimeException) 129*cdf0e10cSrcweir { 130*cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2"); 131*cdf0e10cSrcweir ImplViewSignatures( rxStorage, xSignInStream, SignatureModeDocumentContent, true ); 132*cdf0e10cSrcweir } 133*cdf0e10cSrcweir 134*cdf0e10cSrcweir ::rtl::OUString DocumentDigitalSignatures::getDocumentContentSignatureDefaultStreamName() 135*cdf0e10cSrcweir throw (css::uno::RuntimeException) 136*cdf0e10cSrcweir { 137*cdf0e10cSrcweir return DocumentSignatureHelper::GetDocumentContentSignatureDefaultStreamName(); 138*cdf0e10cSrcweir } 139*cdf0e10cSrcweir 140*cdf0e10cSrcweir sal_Bool DocumentDigitalSignatures::signScriptingContent( 141*cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, 142*cdf0e10cSrcweir const Reference< css::io::XStream >& xSignStream ) throw (RuntimeException) 143*cdf0e10cSrcweir { 144*cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2"); 145*cdf0e10cSrcweir OSL_ENSURE(m_nArgumentsCount == 2, "DocumentDigitalSignatures: Service was not initialized properly"); 146*cdf0e10cSrcweir return ImplViewSignatures( rxStorage, xSignStream, SignatureModeMacros, false ); 147*cdf0e10cSrcweir } 148*cdf0e10cSrcweir 149*cdf0e10cSrcweir Sequence< css::security::DocumentSignatureInformation > 150*cdf0e10cSrcweir DocumentDigitalSignatures::verifyScriptingContentSignatures( 151*cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, 152*cdf0e10cSrcweir const Reference< css::io::XInputStream >& xSignInStream ) throw (RuntimeException) 153*cdf0e10cSrcweir { 154*cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2"); 155*cdf0e10cSrcweir return ImplVerifySignatures( rxStorage, xSignInStream, SignatureModeMacros ); 156*cdf0e10cSrcweir } 157*cdf0e10cSrcweir 158*cdf0e10cSrcweir void DocumentDigitalSignatures::showScriptingContentSignatures( 159*cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, 160*cdf0e10cSrcweir const Reference< css::io::XInputStream >& xSignInStream ) throw (RuntimeException) 161*cdf0e10cSrcweir { 162*cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2"); 163*cdf0e10cSrcweir ImplViewSignatures( rxStorage, xSignInStream, SignatureModeMacros, true ); 164*cdf0e10cSrcweir } 165*cdf0e10cSrcweir 166*cdf0e10cSrcweir ::rtl::OUString DocumentDigitalSignatures::getScriptingContentSignatureDefaultStreamName() 167*cdf0e10cSrcweir throw (css::uno::RuntimeException) 168*cdf0e10cSrcweir { 169*cdf0e10cSrcweir return DocumentSignatureHelper::GetScriptingContentSignatureDefaultStreamName(); 170*cdf0e10cSrcweir } 171*cdf0e10cSrcweir 172*cdf0e10cSrcweir 173*cdf0e10cSrcweir sal_Bool DocumentDigitalSignatures::signPackage( 174*cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, 175*cdf0e10cSrcweir const Reference< css::io::XStream >& xSignStream ) throw (RuntimeException) 176*cdf0e10cSrcweir { 177*cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2"); 178*cdf0e10cSrcweir return ImplViewSignatures( rxStorage, xSignStream, SignatureModePackage, false ); 179*cdf0e10cSrcweir } 180*cdf0e10cSrcweir 181*cdf0e10cSrcweir Sequence< css::security::DocumentSignatureInformation > 182*cdf0e10cSrcweir DocumentDigitalSignatures::verifyPackageSignatures( 183*cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, 184*cdf0e10cSrcweir const Reference< css::io::XInputStream >& xSignInStream ) throw (RuntimeException) 185*cdf0e10cSrcweir { 186*cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2"); 187*cdf0e10cSrcweir return ImplVerifySignatures( rxStorage, xSignInStream, SignatureModePackage ); 188*cdf0e10cSrcweir } 189*cdf0e10cSrcweir 190*cdf0e10cSrcweir void DocumentDigitalSignatures::showPackageSignatures( 191*cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, 192*cdf0e10cSrcweir const Reference< css::io::XInputStream >& xSignInStream ) throw (RuntimeException) 193*cdf0e10cSrcweir { 194*cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2"); 195*cdf0e10cSrcweir ImplViewSignatures( rxStorage, xSignInStream, SignatureModePackage, true ); 196*cdf0e10cSrcweir } 197*cdf0e10cSrcweir 198*cdf0e10cSrcweir ::rtl::OUString DocumentDigitalSignatures::getPackageSignatureDefaultStreamName( ) 199*cdf0e10cSrcweir throw (::com::sun::star::uno::RuntimeException) 200*cdf0e10cSrcweir { 201*cdf0e10cSrcweir return DocumentSignatureHelper::GetPackageSignatureDefaultStreamName(); 202*cdf0e10cSrcweir } 203*cdf0e10cSrcweir 204*cdf0e10cSrcweir 205*cdf0e10cSrcweir sal_Bool DocumentDigitalSignatures::ImplViewSignatures( 206*cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, 207*cdf0e10cSrcweir const Reference< css::io::XInputStream >& xSignStream, 208*cdf0e10cSrcweir DocumentSignatureMode eMode, bool bReadOnly ) throw (RuntimeException) 209*cdf0e10cSrcweir { 210*cdf0e10cSrcweir Reference< io::XStream > xStream; 211*cdf0e10cSrcweir if ( xSignStream.is() ) 212*cdf0e10cSrcweir xStream = Reference< io::XStream >( xSignStream, UNO_QUERY ); 213*cdf0e10cSrcweir return ImplViewSignatures( rxStorage, xStream, eMode, bReadOnly ); 214*cdf0e10cSrcweir } 215*cdf0e10cSrcweir 216*cdf0e10cSrcweir sal_Bool DocumentDigitalSignatures::ImplViewSignatures( 217*cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, const Reference< css::io::XStream >& xSignStream, 218*cdf0e10cSrcweir DocumentSignatureMode eMode, bool bReadOnly ) throw (RuntimeException) 219*cdf0e10cSrcweir { 220*cdf0e10cSrcweir sal_Bool bChanges = sal_False; 221*cdf0e10cSrcweir DigitalSignaturesDialog aSignaturesDialog( 222*cdf0e10cSrcweir NULL, mxCtx, eMode, bReadOnly, m_sODFVersion, m_bHasDocumentSignature); 223*cdf0e10cSrcweir bool bInit = aSignaturesDialog.Init(); 224*cdf0e10cSrcweir DBG_ASSERT( bInit, "Error initializing security context!" ); 225*cdf0e10cSrcweir if ( bInit ) 226*cdf0e10cSrcweir { 227*cdf0e10cSrcweir aSignaturesDialog.SetStorage( rxStorage ); 228*cdf0e10cSrcweir aSignaturesDialog.SetSignatureStream( xSignStream ); 229*cdf0e10cSrcweir if ( aSignaturesDialog.Execute() ) 230*cdf0e10cSrcweir { 231*cdf0e10cSrcweir if ( aSignaturesDialog.SignaturesChanged() ) 232*cdf0e10cSrcweir { 233*cdf0e10cSrcweir bChanges = sal_True; 234*cdf0e10cSrcweir // If we have a storage and no stream, we are responsible for commit 235*cdf0e10cSrcweir if ( rxStorage.is() && !xSignStream.is() ) 236*cdf0e10cSrcweir { 237*cdf0e10cSrcweir uno::Reference< embed::XTransactedObject > xTrans( rxStorage, uno::UNO_QUERY ); 238*cdf0e10cSrcweir xTrans->commit(); 239*cdf0e10cSrcweir } 240*cdf0e10cSrcweir } 241*cdf0e10cSrcweir } 242*cdf0e10cSrcweir } 243*cdf0e10cSrcweir else 244*cdf0e10cSrcweir { 245*cdf0e10cSrcweir WarningBox aBox( NULL, XMLSEC_RES( RID_XMLSECWB_NO_MOZILLA_PROFILE ) ); 246*cdf0e10cSrcweir aBox.Execute(); 247*cdf0e10cSrcweir } 248*cdf0e10cSrcweir 249*cdf0e10cSrcweir return bChanges; 250*cdf0e10cSrcweir } 251*cdf0e10cSrcweir 252*cdf0e10cSrcweir Sequence< css::security::DocumentSignatureInformation > 253*cdf0e10cSrcweir DocumentDigitalSignatures::ImplVerifySignatures( 254*cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, 255*cdf0e10cSrcweir const Reference< css::io::XInputStream >& xSignStream, DocumentSignatureMode eMode ) throw (RuntimeException) 256*cdf0e10cSrcweir { 257*cdf0e10cSrcweir if (!rxStorage.is()) 258*cdf0e10cSrcweir { 259*cdf0e10cSrcweir DBG_ASSERT(0, "Error, no XStorage provided"); 260*cdf0e10cSrcweir return Sequence<css::security::DocumentSignatureInformation>(); 261*cdf0e10cSrcweir } 262*cdf0e10cSrcweir // First check for the InputStream, to avoid unnecessary initialization of the security environemnt... 263*cdf0e10cSrcweir SignatureStreamHelper aStreamHelper; 264*cdf0e10cSrcweir Reference< io::XInputStream > xInputStream = xSignStream; 265*cdf0e10cSrcweir 266*cdf0e10cSrcweir if ( !xInputStream.is() ) 267*cdf0e10cSrcweir { 268*cdf0e10cSrcweir aStreamHelper = DocumentSignatureHelper::OpenSignatureStream( rxStorage, embed::ElementModes::READ, eMode ); 269*cdf0e10cSrcweir if ( aStreamHelper.xSignatureStream.is() ) 270*cdf0e10cSrcweir xInputStream = Reference< io::XInputStream >( aStreamHelper.xSignatureStream, UNO_QUERY ); 271*cdf0e10cSrcweir } 272*cdf0e10cSrcweir 273*cdf0e10cSrcweir if ( !xInputStream.is() ) 274*cdf0e10cSrcweir return Sequence< ::com::sun::star::security::DocumentSignatureInformation >(0); 275*cdf0e10cSrcweir 276*cdf0e10cSrcweir 277*cdf0e10cSrcweir XMLSignatureHelper aSignatureHelper( mxCtx ); 278*cdf0e10cSrcweir 279*cdf0e10cSrcweir bool bInit = aSignatureHelper.Init(); 280*cdf0e10cSrcweir 281*cdf0e10cSrcweir DBG_ASSERT( bInit, "Error initializing security context!" ); 282*cdf0e10cSrcweir 283*cdf0e10cSrcweir if ( !bInit ) 284*cdf0e10cSrcweir return Sequence< ::com::sun::star::security::DocumentSignatureInformation >(0); 285*cdf0e10cSrcweir 286*cdf0e10cSrcweir aSignatureHelper.SetStorage(rxStorage, m_sODFVersion); 287*cdf0e10cSrcweir 288*cdf0e10cSrcweir aSignatureHelper.StartMission(); 289*cdf0e10cSrcweir 290*cdf0e10cSrcweir aSignatureHelper.ReadAndVerifySignature( xInputStream ); 291*cdf0e10cSrcweir 292*cdf0e10cSrcweir aSignatureHelper.EndMission(); 293*cdf0e10cSrcweir 294*cdf0e10cSrcweir Reference< ::com::sun::star::xml::crypto::XSecurityEnvironment > xSecEnv = aSignatureHelper.GetSecurityEnvironment(); 295*cdf0e10cSrcweir 296*cdf0e10cSrcweir SignatureInformations aSignInfos = aSignatureHelper.GetSignatureInformations(); 297*cdf0e10cSrcweir int nInfos = aSignInfos.size(); 298*cdf0e10cSrcweir Sequence< css::security::DocumentSignatureInformation > aInfos(nInfos); 299*cdf0e10cSrcweir css::security::DocumentSignatureInformation* arInfos = aInfos.getArray(); 300*cdf0e10cSrcweir 301*cdf0e10cSrcweir if ( nInfos ) 302*cdf0e10cSrcweir { 303*cdf0e10cSrcweir Reference<security::XSerialNumberAdapter> xSerialNumberAdapter = 304*cdf0e10cSrcweir ::com::sun::star::security::SerialNumberAdapter::create(mxCtx); 305*cdf0e10cSrcweir 306*cdf0e10cSrcweir for( int n = 0; n < nInfos; ++n ) 307*cdf0e10cSrcweir { 308*cdf0e10cSrcweir DocumentSignatureAlgorithm mode = DocumentSignatureHelper::getDocumentAlgorithm( 309*cdf0e10cSrcweir m_sODFVersion, aSignInfos[n]); 310*cdf0e10cSrcweir const std::vector< rtl::OUString > aElementsToBeVerified = 311*cdf0e10cSrcweir DocumentSignatureHelper::CreateElementList( 312*cdf0e10cSrcweir rxStorage, ::rtl::OUString(), eMode, mode); 313*cdf0e10cSrcweir 314*cdf0e10cSrcweir const SignatureInformation& rInfo = aSignInfos[n]; 315*cdf0e10cSrcweir css::security::DocumentSignatureInformation& rSigInfo = arInfos[n]; 316*cdf0e10cSrcweir 317*cdf0e10cSrcweir if (rInfo.ouX509Certificate.getLength()) 318*cdf0e10cSrcweir rSigInfo.Signer = xSecEnv->createCertificateFromAscii( rInfo.ouX509Certificate ) ; 319*cdf0e10cSrcweir if (!rSigInfo.Signer.is()) 320*cdf0e10cSrcweir rSigInfo.Signer = xSecEnv->getCertificate( rInfo.ouX509IssuerName, xSerialNumberAdapter->toSequence( rInfo.ouX509SerialNumber ) ); 321*cdf0e10cSrcweir 322*cdf0e10cSrcweir // --> PB 2004-12-14 #i38744# time support again 323*cdf0e10cSrcweir Date aDate( rInfo.stDateTime.Day, rInfo.stDateTime.Month, rInfo.stDateTime.Year ); 324*cdf0e10cSrcweir Time aTime( rInfo.stDateTime.Hours, rInfo.stDateTime.Minutes, 325*cdf0e10cSrcweir rInfo.stDateTime.Seconds, rInfo.stDateTime.HundredthSeconds ); 326*cdf0e10cSrcweir rSigInfo.SignatureDate = aDate.GetDate(); 327*cdf0e10cSrcweir rSigInfo.SignatureTime = aTime.GetTime(); 328*cdf0e10cSrcweir 329*cdf0e10cSrcweir // Verify certificate 330*cdf0e10cSrcweir //We have patched our version of libxmlsec, so that it does not verify the certificates. This has two 331*cdf0e10cSrcweir //reasons. First we want two separate status for signature and certificate. Second libxmlsec calls 332*cdf0e10cSrcweir //CERT_VerifyCertificate (solaris, linux) falsly, so that it always regards the certificate as valid. 333*cdf0e10cSrcweir //On Window the checking of the certificate path is buggy. It does name matching (issuer, subject name) 334*cdf0e10cSrcweir //to find the parent certificate. It does not take into account that there can be several certificates 335*cdf0e10cSrcweir //with the same subject name. 336*cdf0e10cSrcweir if (rSigInfo.Signer.is()) 337*cdf0e10cSrcweir { 338*cdf0e10cSrcweir try { 339*cdf0e10cSrcweir rSigInfo.CertificateStatus = xSecEnv->verifyCertificate(rSigInfo.Signer, 340*cdf0e10cSrcweir Sequence<Reference<css::security::XCertificate> >()); 341*cdf0e10cSrcweir } catch (SecurityException& ) { 342*cdf0e10cSrcweir OSL_ENSURE(0, "Verification of certificate failed"); 343*cdf0e10cSrcweir rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID; 344*cdf0e10cSrcweir } 345*cdf0e10cSrcweir } 346*cdf0e10cSrcweir else 347*cdf0e10cSrcweir { 348*cdf0e10cSrcweir //We should always be aible to get the certificates because it is contained in the document, 349*cdf0e10cSrcweir //unless the document is damaged so that signature xml file could not be parsed. 350*cdf0e10cSrcweir rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID; 351*cdf0e10cSrcweir } 352*cdf0e10cSrcweir 353*cdf0e10cSrcweir rSigInfo.SignatureIsValid = ( rInfo.nStatus == ::com::sun::star::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED ); 354*cdf0e10cSrcweir 355*cdf0e10cSrcweir 356*cdf0e10cSrcweir if ( rSigInfo.SignatureIsValid ) 357*cdf0e10cSrcweir { 358*cdf0e10cSrcweir rSigInfo.SignatureIsValid = 359*cdf0e10cSrcweir DocumentSignatureHelper::checkIfAllFilesAreSigned( 360*cdf0e10cSrcweir aElementsToBeVerified, rInfo, mode); 361*cdf0e10cSrcweir } 362*cdf0e10cSrcweir if (eMode == SignatureModeDocumentContent) 363*cdf0e10cSrcweir rSigInfo.PartialDocumentSignature = 364*cdf0e10cSrcweir ! DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos[n]); 365*cdf0e10cSrcweir 366*cdf0e10cSrcweir } 367*cdf0e10cSrcweir } 368*cdf0e10cSrcweir return aInfos; 369*cdf0e10cSrcweir 370*cdf0e10cSrcweir } 371*cdf0e10cSrcweir 372*cdf0e10cSrcweir void DocumentDigitalSignatures::manageTrustedSources( ) throw (RuntimeException) 373*cdf0e10cSrcweir { 374*cdf0e10cSrcweir // MT: i45295 375*cdf0e10cSrcweir // SecEnv is only needed to display certificate information from trusted sources. 376*cdf0e10cSrcweir // Macro Security also has some options where no security environment is needed, so raise dialog anyway. 377*cdf0e10cSrcweir // Later I should change the code so the Dialog creates the SecEnv on demand... 378*cdf0e10cSrcweir 379*cdf0e10cSrcweir Reference< dcss::xml::crypto::XSecurityEnvironment > xSecEnv; 380*cdf0e10cSrcweir 381*cdf0e10cSrcweir XMLSignatureHelper aSignatureHelper( mxCtx ); 382*cdf0e10cSrcweir if ( aSignatureHelper.Init() ) 383*cdf0e10cSrcweir xSecEnv = aSignatureHelper.GetSecurityEnvironment(); 384*cdf0e10cSrcweir 385*cdf0e10cSrcweir MacroSecurity aDlg( NULL, mxCtx, xSecEnv ); 386*cdf0e10cSrcweir aDlg.Execute(); 387*cdf0e10cSrcweir } 388*cdf0e10cSrcweir 389*cdf0e10cSrcweir void DocumentDigitalSignatures::showCertificate( 390*cdf0e10cSrcweir const Reference< css::security::XCertificate >& _Certificate ) throw (RuntimeException) 391*cdf0e10cSrcweir { 392*cdf0e10cSrcweir XMLSignatureHelper aSignatureHelper( mxCtx ); 393*cdf0e10cSrcweir 394*cdf0e10cSrcweir bool bInit = aSignatureHelper.Init(); 395*cdf0e10cSrcweir 396*cdf0e10cSrcweir DBG_ASSERT( bInit, "Error initializing security context!" ); 397*cdf0e10cSrcweir 398*cdf0e10cSrcweir if ( bInit ) 399*cdf0e10cSrcweir { 400*cdf0e10cSrcweir CertificateViewer aViewer( NULL, aSignatureHelper.GetSecurityEnvironment(), _Certificate, sal_False ); 401*cdf0e10cSrcweir aViewer.Execute(); 402*cdf0e10cSrcweir } 403*cdf0e10cSrcweir 404*cdf0e10cSrcweir } 405*cdf0e10cSrcweir 406*cdf0e10cSrcweir ::sal_Bool DocumentDigitalSignatures::isAuthorTrusted( 407*cdf0e10cSrcweir const Reference< css::security::XCertificate >& Author ) throw (RuntimeException) 408*cdf0e10cSrcweir { 409*cdf0e10cSrcweir sal_Bool bFound = sal_False; 410*cdf0e10cSrcweir 411*cdf0e10cSrcweir Reference<security::XSerialNumberAdapter> xSerialNumberAdapter = 412*cdf0e10cSrcweir ::com::sun::star::security::SerialNumberAdapter::create(mxCtx); 413*cdf0e10cSrcweir 414*cdf0e10cSrcweir ::rtl::OUString sSerialNum = xSerialNumberAdapter->toString( Author->getSerialNumber() ); 415*cdf0e10cSrcweir 416*cdf0e10cSrcweir Sequence< SvtSecurityOptions::Certificate > aTrustedAuthors = SvtSecurityOptions().GetTrustedAuthors(); 417*cdf0e10cSrcweir const SvtSecurityOptions::Certificate* pAuthors = aTrustedAuthors.getConstArray(); 418*cdf0e10cSrcweir const SvtSecurityOptions::Certificate* pAuthorsEnd = pAuthors + aTrustedAuthors.getLength(); 419*cdf0e10cSrcweir for ( ; pAuthors != pAuthorsEnd; ++pAuthors ) 420*cdf0e10cSrcweir { 421*cdf0e10cSrcweir SvtSecurityOptions::Certificate aAuthor = *pAuthors; 422*cdf0e10cSrcweir if ( ( aAuthor[0] == Author->getIssuerName() ) && ( aAuthor[1] == sSerialNum ) ) 423*cdf0e10cSrcweir { 424*cdf0e10cSrcweir bFound = sal_True; 425*cdf0e10cSrcweir break; 426*cdf0e10cSrcweir } 427*cdf0e10cSrcweir } 428*cdf0e10cSrcweir 429*cdf0e10cSrcweir return bFound; 430*cdf0e10cSrcweir } 431*cdf0e10cSrcweir 432*cdf0e10cSrcweir ::sal_Bool DocumentDigitalSignatures::isLocationTrusted( const ::rtl::OUString& Location ) throw (RuntimeException) 433*cdf0e10cSrcweir { 434*cdf0e10cSrcweir sal_Bool bFound = sal_False; 435*cdf0e10cSrcweir INetURLObject aLocObj( Location ); 436*cdf0e10cSrcweir INetURLObject aLocObjLowCase( Location.toAsciiLowerCase() ); // will be used for case insensitive comparing 437*cdf0e10cSrcweir 438*cdf0e10cSrcweir ::com::sun::star::uno::Reference< ::com::sun::star::ucb::XContentProvider > xContentProvider; 439*cdf0e10cSrcweir ::ucbhelper::ContentBroker* pBroker = NULL; 440*cdf0e10cSrcweir 441*cdf0e10cSrcweir //warning free code 442*cdf0e10cSrcweir //if ( aLocObj.GetProtocol() == INET_PROT_FILE && ( pBroker = ::ucbhelper::ContentBroker::get() ) ) 443*cdf0e10cSrcweir // xContentProvider = pBroker->getContentProviderInterface(); 444*cdf0e10cSrcweir if ( aLocObj.GetProtocol() == INET_PROT_FILE) 445*cdf0e10cSrcweir { 446*cdf0e10cSrcweir pBroker = ::ucbhelper::ContentBroker::get(); 447*cdf0e10cSrcweir if (pBroker) 448*cdf0e10cSrcweir xContentProvider = pBroker->getContentProviderInterface(); 449*cdf0e10cSrcweir } 450*cdf0e10cSrcweir 451*cdf0e10cSrcweir Sequence< ::rtl::OUString > aSecURLs = SvtSecurityOptions().GetSecureURLs(); 452*cdf0e10cSrcweir const ::rtl::OUString* pSecURLs = aSecURLs.getConstArray(); 453*cdf0e10cSrcweir const ::rtl::OUString* pSecURLsEnd = pSecURLs + aSecURLs.getLength(); 454*cdf0e10cSrcweir for ( ; pSecURLs != pSecURLsEnd && !bFound; ++pSecURLs ) 455*cdf0e10cSrcweir bFound = ::utl::UCBContentHelper::IsSubPath( *pSecURLs, Location, xContentProvider ); 456*cdf0e10cSrcweir 457*cdf0e10cSrcweir return bFound; 458*cdf0e10cSrcweir } 459*cdf0e10cSrcweir 460*cdf0e10cSrcweir void DocumentDigitalSignatures::addAuthorToTrustedSources( 461*cdf0e10cSrcweir const Reference< css::security::XCertificate >& Author ) throw (RuntimeException) 462*cdf0e10cSrcweir { 463*cdf0e10cSrcweir SvtSecurityOptions aSecOpts; 464*cdf0e10cSrcweir 465*cdf0e10cSrcweir Reference<security::XSerialNumberAdapter> xSerialNumberAdapter = 466*cdf0e10cSrcweir ::com::sun::star::security::SerialNumberAdapter::create(mxCtx); 467*cdf0e10cSrcweir 468*cdf0e10cSrcweir SvtSecurityOptions::Certificate aNewCert( 3 ); 469*cdf0e10cSrcweir aNewCert[ 0 ] = Author->getIssuerName(); 470*cdf0e10cSrcweir aNewCert[ 1 ] = xSerialNumberAdapter->toString( Author->getSerialNumber() ); 471*cdf0e10cSrcweir 472*cdf0e10cSrcweir rtl::OUStringBuffer aStrBuffer; 473*cdf0e10cSrcweir SvXMLUnitConverter::encodeBase64(aStrBuffer, Author->getEncoded()); 474*cdf0e10cSrcweir aNewCert[ 2 ] = aStrBuffer.makeStringAndClear(); 475*cdf0e10cSrcweir 476*cdf0e10cSrcweir 477*cdf0e10cSrcweir Sequence< SvtSecurityOptions::Certificate > aTrustedAuthors = aSecOpts.GetTrustedAuthors(); 478*cdf0e10cSrcweir sal_Int32 nCnt = aTrustedAuthors.getLength(); 479*cdf0e10cSrcweir aTrustedAuthors.realloc( nCnt + 1 ); 480*cdf0e10cSrcweir aTrustedAuthors[ nCnt ] = aNewCert; 481*cdf0e10cSrcweir 482*cdf0e10cSrcweir aSecOpts.SetTrustedAuthors( aTrustedAuthors ); 483*cdf0e10cSrcweir } 484*cdf0e10cSrcweir 485*cdf0e10cSrcweir void DocumentDigitalSignatures::addLocationToTrustedSources( const ::rtl::OUString& Location ) throw (RuntimeException) 486*cdf0e10cSrcweir { 487*cdf0e10cSrcweir SvtSecurityOptions aSecOpt; 488*cdf0e10cSrcweir 489*cdf0e10cSrcweir Sequence< ::rtl::OUString > aSecURLs = aSecOpt.GetSecureURLs(); 490*cdf0e10cSrcweir sal_Int32 nCnt = aSecURLs.getLength(); 491*cdf0e10cSrcweir aSecURLs.realloc( nCnt + 1 ); 492*cdf0e10cSrcweir aSecURLs[ nCnt ] = Location; 493*cdf0e10cSrcweir 494*cdf0e10cSrcweir aSecOpt.SetSecureURLs( aSecURLs ); 495*cdf0e10cSrcweir } 496*cdf0e10cSrcweir 497*cdf0e10cSrcweir rtl::OUString DocumentDigitalSignatures::GetImplementationName() throw (RuntimeException) 498*cdf0e10cSrcweir { 499*cdf0e10cSrcweir return rtl::OUString ( RTL_CONSTASCII_USTRINGPARAM ( "com.sun.star.security.DocumentDigitalSignatures" ) ); 500*cdf0e10cSrcweir } 501*cdf0e10cSrcweir 502*cdf0e10cSrcweir Sequence< rtl::OUString > DocumentDigitalSignatures::GetSupportedServiceNames() throw (cssu::RuntimeException) 503*cdf0e10cSrcweir { 504*cdf0e10cSrcweir Sequence < rtl::OUString > aRet(1); 505*cdf0e10cSrcweir rtl::OUString* pArray = aRet.getArray(); 506*cdf0e10cSrcweir pArray[0] = rtl::OUString( RTL_CONSTASCII_USTRINGPARAM ( "com.sun.star.security.DocumentDigitalSignatures" ) ); 507*cdf0e10cSrcweir return aRet; 508*cdf0e10cSrcweir } 509*cdf0e10cSrcweir 510*cdf0e10cSrcweir 511*cdf0e10cSrcweir Reference< XInterface > DocumentDigitalSignatures_CreateInstance( 512*cdf0e10cSrcweir const Reference< XComponentContext >& rCtx) throw ( Exception ) 513*cdf0e10cSrcweir { 514*cdf0e10cSrcweir return (cppu::OWeakObject*) new DocumentDigitalSignatures( rCtx ); 515*cdf0e10cSrcweir } 516*cdf0e10cSrcweir 517