1*ec61c6edSAndrew Rist /************************************************************** 2cdf0e10cSrcweir * 3*ec61c6edSAndrew Rist * Licensed to the Apache Software Foundation (ASF) under one 4*ec61c6edSAndrew Rist * or more contributor license agreements. See the NOTICE file 5*ec61c6edSAndrew Rist * distributed with this work for additional information 6*ec61c6edSAndrew Rist * regarding copyright ownership. The ASF licenses this file 7*ec61c6edSAndrew Rist * to you under the Apache License, Version 2.0 (the 8*ec61c6edSAndrew Rist * "License"); you may not use this file except in compliance 9*ec61c6edSAndrew Rist * with the License. You may obtain a copy of the License at 10*ec61c6edSAndrew Rist * 11*ec61c6edSAndrew Rist * http://www.apache.org/licenses/LICENSE-2.0 12*ec61c6edSAndrew Rist * 13*ec61c6edSAndrew Rist * Unless required by applicable law or agreed to in writing, 14*ec61c6edSAndrew Rist * software distributed under the License is distributed on an 15*ec61c6edSAndrew Rist * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16*ec61c6edSAndrew Rist * KIND, either express or implied. See the License for the 17*ec61c6edSAndrew Rist * specific language governing permissions and limitations 18*ec61c6edSAndrew Rist * under the License. 19*ec61c6edSAndrew Rist * 20*ec61c6edSAndrew Rist *************************************************************/ 21*ec61c6edSAndrew Rist 22*ec61c6edSAndrew Rist 23cdf0e10cSrcweir 24cdf0e10cSrcweir #ifndef _XSEC_CTL_HXX 25cdf0e10cSrcweir #define _XSEC_CTL_HXX 26cdf0e10cSrcweir 27cdf0e10cSrcweir #include <xmlsecurity/sigstruct.hxx> 28cdf0e10cSrcweir 29cdf0e10cSrcweir #include <com/sun/star/uno/XComponentContext.hpp> 30cdf0e10cSrcweir #include <com/sun/star/xml/sax/XParser.hpp> 31cdf0e10cSrcweir #include <com/sun/star/lang/XInitialization.hpp> 32cdf0e10cSrcweir #include <com/sun/star/xml/sax/XDocumentHandler.hpp> 33cdf0e10cSrcweir #include <com/sun/star/xml/sax/XAttributeList.hpp> 34cdf0e10cSrcweir #include <com/sun/star/xml/crypto/XXMLSignature.hpp> 35cdf0e10cSrcweir #include <com/sun/star/xml/crypto/XSEInitializer.hpp> 36cdf0e10cSrcweir #include <com/sun/star/xml/crypto/sax/XSecurityController.hpp> 37cdf0e10cSrcweir #include <com/sun/star/xml/crypto/sax/XElementStackKeeper.hpp> 38cdf0e10cSrcweir #include <com/sun/star/xml/crypto/sax/XSecuritySAXEventKeeper.hpp> 39cdf0e10cSrcweir #include <com/sun/star/xml/crypto/sax/XReferenceResolvedListener.hpp> 40cdf0e10cSrcweir #include <com/sun/star/xml/crypto/sax/XSAXEventKeeperStatusChangeListener.hpp> 41cdf0e10cSrcweir #include <com/sun/star/xml/crypto/sax/XSignatureCreationResultListener.hpp> 42cdf0e10cSrcweir #include <com/sun/star/xml/crypto/sax/XSignatureVerifyResultListener.hpp> 43cdf0e10cSrcweir #include <com/sun/star/xml/wrapper/XXMLDocumentWrapper.hpp> 44cdf0e10cSrcweir #include <com/sun/star/beans/XFastPropertySet.hpp> 45cdf0e10cSrcweir #include <com/sun/star/io/XOutputStream.hpp> 46cdf0e10cSrcweir #include <com/sun/star/io/XInputStream.hpp> 47cdf0e10cSrcweir 48cdf0e10cSrcweir #include <rtl/ustrbuf.hxx> 49cdf0e10cSrcweir 50cdf0e10cSrcweir #include <cppuhelper/implbase4.hxx> 51cdf0e10cSrcweir 52cdf0e10cSrcweir #ifndef INCLUDED_VECTOR 53cdf0e10cSrcweir #include <vector> 54cdf0e10cSrcweir #define INCLUDED_VECTOR 55cdf0e10cSrcweir #endif 56cdf0e10cSrcweir 57cdf0e10cSrcweir /* 58cdf0e10cSrcweir * all error information 59cdf0e10cSrcweir */ 60cdf0e10cSrcweir #define ERROR_CANNOTCREATEXMLSECURITYCOMPONENT "Can't create XML security components." 61cdf0e10cSrcweir #define ERROR_SAXEXCEPTIONDURINGCREATION "A SAX exception is throwed during signature creation." 62cdf0e10cSrcweir #define ERROR_IOEXCEPTIONDURINGCREATION "An IO exception is throwed during signature creation." 63cdf0e10cSrcweir #define ERROR_EXCEPTIONDURINGCREATION "An exception is throwed during signature creation." 64cdf0e10cSrcweir 65cdf0e10cSrcweir /* 66cdf0e10cSrcweir * all stringS in signature element 67cdf0e10cSrcweir */ 68cdf0e10cSrcweir #define TAG_SIGNATURE "Signature" 69cdf0e10cSrcweir #define TAG_SIGNEDINFO "SignedInfo" 70cdf0e10cSrcweir #define TAG_CANONICALIZATIONMETHOD "CanonicalizationMethod" 71cdf0e10cSrcweir #define TAG_SIGNATUREMETHOD "SignatureMethod" 72cdf0e10cSrcweir #define TAG_REFERENCE "Reference" 73cdf0e10cSrcweir #define TAG_TRANSFORMS "Transforms" 74cdf0e10cSrcweir #define TAG_TRANSFORM "Transform" 75cdf0e10cSrcweir #define TAG_DIGESTMETHOD "DigestMethod" 76cdf0e10cSrcweir #define TAG_DIGESTVALUE "DigestValue" 77cdf0e10cSrcweir #define TAG_SIGNATUREVALUE "SignatureValue" 78cdf0e10cSrcweir #define TAG_KEYINFO "KeyInfo" 79cdf0e10cSrcweir #define TAG_X509DATA "X509Data" 80cdf0e10cSrcweir #define TAG_X509ISSUERSERIAL "X509IssuerSerial" 81cdf0e10cSrcweir #define TAG_X509ISSUERNAME "X509IssuerName" 82cdf0e10cSrcweir #define TAG_X509SERIALNUMBER "X509SerialNumber" 83cdf0e10cSrcweir #define TAG_X509CERTIFICATE "X509Certificate" 84cdf0e10cSrcweir #define TAG_OBJECT "Object" 85cdf0e10cSrcweir #define TAG_SIGNATUREPROPERTIES "SignatureProperties" 86cdf0e10cSrcweir #define TAG_SIGNATUREPROPERTY "SignatureProperty" 87cdf0e10cSrcweir #define TAG_TIMESTAMP "timestamp" 88cdf0e10cSrcweir #define TAG_DATE "date" 89cdf0e10cSrcweir //#define TAG_TIME "time" 90cdf0e10cSrcweir 91cdf0e10cSrcweir #define ATTR_XMLNS "xmlns" 92cdf0e10cSrcweir #define ATTR_ALGORITHM "Algorithm" 93cdf0e10cSrcweir #define ATTR_URI "URI" 94cdf0e10cSrcweir #define ATTR_ID "Id" 95cdf0e10cSrcweir #define ATTR_TARGET "Target" 96cdf0e10cSrcweir 97cdf0e10cSrcweir #define NSTAG_DC "dc" 98cdf0e10cSrcweir 99cdf0e10cSrcweir #define NS_XMLDSIG "http://www.w3.org/2000/09/xmldsig#" 100cdf0e10cSrcweir //#define NS_DATETIME "http://www.ietf.org/rfcXXXX.txt" 101cdf0e10cSrcweir #define NS_DC "http://purl.org/dc/elements/1.1/" 102cdf0e10cSrcweir 103cdf0e10cSrcweir #define ALGO_C14N "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" 104cdf0e10cSrcweir #define ALGO_RSASHA1 "http://www.w3.org/2000/09/xmldsig#rsa-sha1" 105cdf0e10cSrcweir #define ALGO_XMLDSIGSHA1 "http://www.w3.org/2000/09/xmldsig#sha1" 106cdf0e10cSrcweir 107cdf0e10cSrcweir #define CHAR_FRAGMENT "#" 108cdf0e10cSrcweir #define CHAR_BLANK " " 109cdf0e10cSrcweir 110cdf0e10cSrcweir 111cdf0e10cSrcweir /* 112cdf0e10cSrcweir * status of security related components 113cdf0e10cSrcweir */ 114cdf0e10cSrcweir #define UNINITIALIZED 0 115cdf0e10cSrcweir #define INITIALIZED 1 116cdf0e10cSrcweir #define FAILTOINITIALIZED 2 117cdf0e10cSrcweir 118cdf0e10cSrcweir #define RTL_ASCII_USTRINGPARAM( asciiStr ) asciiStr, strlen( asciiStr ), RTL_TEXTENCODING_ASCII_US 119cdf0e10cSrcweir 120cdf0e10cSrcweir // forward declaration 121cdf0e10cSrcweir class XSecParser; 122cdf0e10cSrcweir 123cdf0e10cSrcweir class InternalSignatureInformation 124cdf0e10cSrcweir { 125cdf0e10cSrcweir public: 126cdf0e10cSrcweir SignatureInformation signatureInfor; 127cdf0e10cSrcweir 128cdf0e10cSrcweir com::sun::star::uno::Reference< 129cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XReferenceResolvedListener > 130cdf0e10cSrcweir xReferenceResolvedListener; 131cdf0e10cSrcweir 132cdf0e10cSrcweir ::std::vector< sal_Int32 > vKeeperIds; 133cdf0e10cSrcweir 134cdf0e10cSrcweir InternalSignatureInformation( 135cdf0e10cSrcweir sal_Int32 nId, 136cdf0e10cSrcweir com::sun::star::uno::Reference< com::sun::star::xml::crypto::sax::XReferenceResolvedListener > 137cdf0e10cSrcweir xListener) 138cdf0e10cSrcweir :signatureInfor(nId) 139cdf0e10cSrcweir { 140cdf0e10cSrcweir xReferenceResolvedListener = xListener; 141cdf0e10cSrcweir } 142cdf0e10cSrcweir 143cdf0e10cSrcweir void addReference( sal_Int32 type, rtl::OUString uri, sal_Int32 keeperId ) 144cdf0e10cSrcweir { 145cdf0e10cSrcweir signatureInfor.vSignatureReferenceInfors.push_back( 146cdf0e10cSrcweir SignatureReferenceInformation(type, uri)); 147cdf0e10cSrcweir vKeeperIds.push_back( keeperId ); 148cdf0e10cSrcweir } 149cdf0e10cSrcweir }; 150cdf0e10cSrcweir 151cdf0e10cSrcweir typedef ::std::vector< InternalSignatureInformation > InternalSignatureInformations; 152cdf0e10cSrcweir 153cdf0e10cSrcweir class XSecController : public cppu::WeakImplHelper4 154cdf0e10cSrcweir < 155cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XSecurityController, 156cdf0e10cSrcweir //com::sun::star::beans::XFastPropertySet, 157cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XSAXEventKeeperStatusChangeListener, 158cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XSignatureCreationResultListener, 159cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XSignatureVerifyResultListener 160cdf0e10cSrcweir > 161cdf0e10cSrcweir /****** XSecController.hxx/CLASS XSecController ******************************* 162cdf0e10cSrcweir * 163cdf0e10cSrcweir * NAME 164cdf0e10cSrcweir * XSecController -- the xml security framework controller 165cdf0e10cSrcweir * 166cdf0e10cSrcweir * FUNCTION 167cdf0e10cSrcweir * Controlls the whole xml security framework to create signatures or to 168cdf0e10cSrcweir * verify signatures. 169cdf0e10cSrcweir * 170cdf0e10cSrcweir * HISTORY 171cdf0e10cSrcweir * 05.01.2004 - Interface supported: XSecurityController, 172cdf0e10cSrcweir * XFastPropertySet, XSAXEventKeeperStatusChangeListener, 173cdf0e10cSrcweir * XSignatureCreationResultListener, 174cdf0e10cSrcweir * XSignatureVerifyResultListener 175cdf0e10cSrcweir * 176cdf0e10cSrcweir * NOTES 177cdf0e10cSrcweir * The XFastPropertySet interface is used to transfer common values to 178cdf0e10cSrcweir * classes in other module, for instance, the signature id for all 179cdf0e10cSrcweir * sessions is transferred to xmloff module through this interface. 180cdf0e10cSrcweir * 181cdf0e10cSrcweir * AUTHOR 182cdf0e10cSrcweir * Michael Mi 183cdf0e10cSrcweir * Email: michael.mi@sun.com 184cdf0e10cSrcweir ******************************************************************************/ 185cdf0e10cSrcweir { 186cdf0e10cSrcweir friend class XSecParser; 187cdf0e10cSrcweir 188cdf0e10cSrcweir private: 189cdf0e10cSrcweir com::sun::star::uno::Reference< com::sun::star::uno::XComponentContext> mxCtx; 190cdf0e10cSrcweir 191cdf0e10cSrcweir /* 192cdf0e10cSrcweir * used to buffer SAX events 193cdf0e10cSrcweir */ 194cdf0e10cSrcweir com::sun::star::uno::Reference< 195cdf0e10cSrcweir com::sun::star::xml::wrapper::XXMLDocumentWrapper > m_xXMLDocumentWrapper; 196cdf0e10cSrcweir 197cdf0e10cSrcweir /* 198cdf0e10cSrcweir * the SAX events keeper 199cdf0e10cSrcweir */ 200cdf0e10cSrcweir com::sun::star::uno::Reference< 201cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XSecuritySAXEventKeeper > m_xSAXEventKeeper; 202cdf0e10cSrcweir 203cdf0e10cSrcweir /* 204cdf0e10cSrcweir * the bridge component which creates/verifies signature 205cdf0e10cSrcweir */ 206cdf0e10cSrcweir com::sun::star::uno::Reference< 207cdf0e10cSrcweir com::sun::star::xml::crypto::XXMLSignature > m_xXMLSignature; 208cdf0e10cSrcweir 209cdf0e10cSrcweir /* 210cdf0e10cSrcweir * the Security Context 211cdf0e10cSrcweir */ 212cdf0e10cSrcweir com::sun::star::uno::Reference< 213cdf0e10cSrcweir com::sun::star::xml::crypto::XXMLSecurityContext > m_xSecurityContext; 214cdf0e10cSrcweir 215cdf0e10cSrcweir #if 0 216cdf0e10cSrcweir /* 217cdf0e10cSrcweir * the signature creation result listener 218cdf0e10cSrcweir */ 219cdf0e10cSrcweir com::sun::star::uno::Reference< 220cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XSignatureCreationResultListener > m_xSignatureCreationResultListener; 221cdf0e10cSrcweir /* 222cdf0e10cSrcweir * the signature verify result listener 223cdf0e10cSrcweir */ 224cdf0e10cSrcweir com::sun::star::uno::Reference< 225cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XSignatureVerifyResultListener > m_xSignatureVerifyResultListener; 226cdf0e10cSrcweir #endif 227cdf0e10cSrcweir 228cdf0e10cSrcweir /* 229cdf0e10cSrcweir * the security id incrementer, in order to make any security id unique 230cdf0e10cSrcweir * to the SAXEventKeeper. 231cdf0e10cSrcweir * Because each XSecController has its own SAXEventKeeper, so this variable 232cdf0e10cSrcweir * is not necessary to be static. 233cdf0e10cSrcweir */ 234cdf0e10cSrcweir sal_Int32 m_nNextSecurityId; 235cdf0e10cSrcweir 236cdf0e10cSrcweir /* 237cdf0e10cSrcweir * Signature information 238cdf0e10cSrcweir */ 239cdf0e10cSrcweir InternalSignatureInformations m_vInternalSignatureInformations; 240cdf0e10cSrcweir 241cdf0e10cSrcweir /* 242cdf0e10cSrcweir * the previous node on the SAX chain. 243cdf0e10cSrcweir * The reason that use a Reference<XInterface> type variable 244cdf0e10cSrcweir * is that the previous components are different when exporting 245cdf0e10cSrcweir * and importing, and there is no other common interface they 246cdf0e10cSrcweir * can provided. 247cdf0e10cSrcweir */ 248cdf0e10cSrcweir com::sun::star::uno::Reference< 249cdf0e10cSrcweir com::sun::star::uno::XInterface > m_xPreviousNodeOnSAXChain; 250cdf0e10cSrcweir /* 251cdf0e10cSrcweir * whether the preivous node can provide an XInitiazlize interface, 252cdf0e10cSrcweir * use this variable in order to typecast the XInterface to the 253cdf0e10cSrcweir * correct interface type. 254cdf0e10cSrcweir */ 255cdf0e10cSrcweir bool m_bIsPreviousNodeInitializable; 256cdf0e10cSrcweir 257cdf0e10cSrcweir /* 258cdf0e10cSrcweir * the next node on the SAX chain. 259cdf0e10cSrcweir * it can always provide an XDocumentHandler interface. 260cdf0e10cSrcweir */ 261cdf0e10cSrcweir com::sun::star::uno::Reference< 262cdf0e10cSrcweir com::sun::star::xml::sax::XDocumentHandler > m_xNextNodeOnSAXChain; 263cdf0e10cSrcweir 264cdf0e10cSrcweir /* 265cdf0e10cSrcweir * the ElementStackKeeper is used to reserve the key SAX events. 266cdf0e10cSrcweir * when the SAXEventKeeper is chained on the SAX chain, it need 267cdf0e10cSrcweir * first get all missed key SAX events in order to make sure the 268cdf0e10cSrcweir * DOM tree it buffering has the same structure with the original 269cdf0e10cSrcweir * document. 270cdf0e10cSrcweir * 271cdf0e10cSrcweir * For a given section of a SAX event stream, the key SAX events 272cdf0e10cSrcweir * are the minimal SAX event subset of that section, which, 273cdf0e10cSrcweir * combining with SAX events outside of this section, has the same 274cdf0e10cSrcweir * structure with the original document. 275cdf0e10cSrcweir * 276cdf0e10cSrcweir * For example, sees the following dom fragment: 277cdf0e10cSrcweir * <A> 278cdf0e10cSrcweir * <B/> 279cdf0e10cSrcweir * <C> 280cdf0e10cSrcweir * <D> 281cdf0e10cSrcweir * <E/> 282cdf0e10cSrcweir * </D> 283cdf0e10cSrcweir * </C> 284cdf0e10cSrcweir * </A> 285cdf0e10cSrcweir * 286cdf0e10cSrcweir * If we consider the SAX event section from startElement(<A>) to 287cdf0e10cSrcweir * startElement(<D>), then the key SAX events are: 288cdf0e10cSrcweir * 289cdf0e10cSrcweir * startElement(<A>), startElement(<C>), startElement(<D>) 290cdf0e10cSrcweir * 291cdf0e10cSrcweir * The startElement(<B>) and endElement(<B>) is ignored, because 292cdf0e10cSrcweir * they are unimportant for the tree structure in this section. 293cdf0e10cSrcweir * 294cdf0e10cSrcweir * If we consider the SAX event section from startElement(<D>) to 295cdf0e10cSrcweir * endElement(<A>), the key SAX events are: 296cdf0e10cSrcweir * 297cdf0e10cSrcweir * startElement(<D>), endElement(<D>), endElement(<C>), 298cdf0e10cSrcweir * endElement(<A>). 299cdf0e10cSrcweir */ 300cdf0e10cSrcweir com::sun::star::uno::Reference< 301cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XElementStackKeeper > m_xElementStackKeeper; 302cdf0e10cSrcweir 303cdf0e10cSrcweir /* 304cdf0e10cSrcweir * a flag representing whether the SAXEventKeeper is now on the 305cdf0e10cSrcweir * SAX chain. 306cdf0e10cSrcweir */ 307cdf0e10cSrcweir bool m_bIsSAXEventKeeperConnected; 308cdf0e10cSrcweir 309cdf0e10cSrcweir /* 310cdf0e10cSrcweir * a flag representing whether it is collecting some element, 311cdf0e10cSrcweir * which means that the SAXEventKeeper can't be chained off the 312cdf0e10cSrcweir * SAX chain. 313cdf0e10cSrcweir */ 314cdf0e10cSrcweir bool m_bIsCollectingElement; 315cdf0e10cSrcweir 316cdf0e10cSrcweir /* 317cdf0e10cSrcweir * a flag representing whether the SAX event stream is blocking, 318cdf0e10cSrcweir * which also means that the SAXEventKeeper can't be chained off 319cdf0e10cSrcweir * the SAX chain. 320cdf0e10cSrcweir */ 321cdf0e10cSrcweir bool m_bIsBlocking; 322cdf0e10cSrcweir 323cdf0e10cSrcweir /* 324cdf0e10cSrcweir * a flag representing the current status of security related 325cdf0e10cSrcweir * components. 326cdf0e10cSrcweir */ 327cdf0e10cSrcweir sal_Int32 m_nStatusOfSecurityComponents; 328cdf0e10cSrcweir 329cdf0e10cSrcweir /* 330cdf0e10cSrcweir * a flag representing whether the SAXEventKeeper need to be 331cdf0e10cSrcweir * on the SAX chain all the time. 332cdf0e10cSrcweir * This flag is used to the situation when creating signature. 333cdf0e10cSrcweir */ 334cdf0e10cSrcweir bool m_bIsSAXEventKeeperSticky; 335cdf0e10cSrcweir 336cdf0e10cSrcweir /* 337cdf0e10cSrcweir * fast property vector 338cdf0e10cSrcweir */ 339cdf0e10cSrcweir std::vector< sal_Int32 > m_vFastPropertyIndexs; 340cdf0e10cSrcweir std::vector< com::sun::star::uno::Any > m_vFastPropertyValues; 341cdf0e10cSrcweir 342cdf0e10cSrcweir /* 343cdf0e10cSrcweir * error message pointer 344cdf0e10cSrcweir */ 345cdf0e10cSrcweir const char *m_pErrorMessage; 346cdf0e10cSrcweir 347cdf0e10cSrcweir /* 348cdf0e10cSrcweir * the XSecParser which is used to parse the signature stream 349cdf0e10cSrcweir */ 350cdf0e10cSrcweir XSecParser *m_pXSecParser; 351cdf0e10cSrcweir 352cdf0e10cSrcweir /* 353cdf0e10cSrcweir * the caller assigned signature id for the next signature in the 354cdf0e10cSrcweir * signature stream 355cdf0e10cSrcweir */ 356cdf0e10cSrcweir sal_Int32 m_nReservedSignatureId; 357cdf0e10cSrcweir 358cdf0e10cSrcweir /* 359cdf0e10cSrcweir * representing whether to verify the current signature 360cdf0e10cSrcweir */ 361cdf0e10cSrcweir bool m_bVerifyCurrentSignature; 362cdf0e10cSrcweir public: 363cdf0e10cSrcweir /* 364cdf0e10cSrcweir * An xUriBinding is provided to map Uris to XInputStream interfaces. 365cdf0e10cSrcweir */ 366cdf0e10cSrcweir com::sun::star::uno::Reference< 367cdf0e10cSrcweir com::sun::star::xml::crypto::XUriBinding > m_xUriBinding; 368cdf0e10cSrcweir 369cdf0e10cSrcweir private: 370cdf0e10cSrcweir 371cdf0e10cSrcweir /* 372cdf0e10cSrcweir * Common methods 373cdf0e10cSrcweir */ 374cdf0e10cSrcweir sal_Bool convertNumber( sal_Int32& rValue, const rtl::OUString& rString, sal_Int32 nMin, sal_Int32 nMax ); 375cdf0e10cSrcweir void convertDateTime( ::rtl::OUStringBuffer& rBuffer, const com::sun::star::util::DateTime& rDateTime ); 376cdf0e10cSrcweir sal_Bool convertDateTime( com::sun::star::util::DateTime& rDateTime, const ::rtl::OUString& rString ); 377cdf0e10cSrcweir 378cdf0e10cSrcweir void createXSecComponent( ); 379cdf0e10cSrcweir int findSignatureInfor( sal_Int32 nSecurityId ) const; 380cdf0e10cSrcweir bool chainOn( bool bRetrievingLastEvent ); 381cdf0e10cSrcweir void chainOff(); 382cdf0e10cSrcweir void checkChainingStatus(); 383cdf0e10cSrcweir void initializeSAXChain(); 384cdf0e10cSrcweir 385cdf0e10cSrcweir com::sun::star::uno::Reference< 386cdf0e10cSrcweir com::sun::star::io::XInputStream > getObjectInputStream( const rtl::OUString& objectURL ); 387cdf0e10cSrcweir 388cdf0e10cSrcweir //sal_Int32 getFastPropertyIndex(sal_Int32 nHandle) const; 389cdf0e10cSrcweir 390cdf0e10cSrcweir /* 391cdf0e10cSrcweir * For signature generation 392cdf0e10cSrcweir */ 393cdf0e10cSrcweir rtl::OUString createId(); 394cdf0e10cSrcweir com::sun::star::uno::Reference< 395cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XReferenceResolvedListener > prepareSignatureToWrite( 396cdf0e10cSrcweir InternalSignatureInformation& signatureInfo ); 397cdf0e10cSrcweir 398cdf0e10cSrcweir /* 399cdf0e10cSrcweir * For signature verification 400cdf0e10cSrcweir */ 401cdf0e10cSrcweir void addSignature(); 402cdf0e10cSrcweir void addReference( const rtl::OUString& ouUri); 403cdf0e10cSrcweir void addStreamReference( 404cdf0e10cSrcweir const rtl::OUString& ouUri, 405cdf0e10cSrcweir bool isBinary ); 406cdf0e10cSrcweir void setReferenceCount() const; 407cdf0e10cSrcweir 408cdf0e10cSrcweir void setX509IssuerName( rtl::OUString& ouX509IssuerName ); 409cdf0e10cSrcweir void setX509SerialNumber( rtl::OUString& ouX509SerialNumber ); 410cdf0e10cSrcweir void setX509Certificate( rtl::OUString& ouX509Certificate ); 411cdf0e10cSrcweir void setSignatureValue( rtl::OUString& ouSignatureValue ); 412cdf0e10cSrcweir void setDigestValue( rtl::OUString& ouDigestValue ); 413cdf0e10cSrcweir 414cdf0e10cSrcweir void setDate( rtl::OUString& ouDate ); 415cdf0e10cSrcweir 416cdf0e10cSrcweir void setId( rtl::OUString& ouId ); 417cdf0e10cSrcweir void setPropertyId( rtl::OUString& ouPropertyId ); 418cdf0e10cSrcweir 419cdf0e10cSrcweir com::sun::star::uno::Reference< 420cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XReferenceResolvedListener > prepareSignatureToRead( 421cdf0e10cSrcweir sal_Int32 nSecurityId ); 422cdf0e10cSrcweir 423cdf0e10cSrcweir public: 424cdf0e10cSrcweir XSecController(const com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext>& rxCtx); 425cdf0e10cSrcweir ~XSecController(); 426cdf0e10cSrcweir 427cdf0e10cSrcweir sal_Int32 getNewSecurityId( ); 428cdf0e10cSrcweir 429cdf0e10cSrcweir void startMission( const com::sun::star::uno::Reference< 430cdf0e10cSrcweir com::sun::star::xml::crypto::XUriBinding >& xUriBinding, 431cdf0e10cSrcweir const com::sun::star::uno::Reference< 432cdf0e10cSrcweir com::sun::star::xml::crypto::XXMLSecurityContext >& xSecurityContext ); 433cdf0e10cSrcweir 434cdf0e10cSrcweir void setSAXChainConnector( 435cdf0e10cSrcweir const com::sun::star::uno::Reference< 436cdf0e10cSrcweir com::sun::star::lang::XInitialization >& xInitialization, 437cdf0e10cSrcweir const com::sun::star::uno::Reference< 438cdf0e10cSrcweir com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler, 439cdf0e10cSrcweir const com::sun::star::uno::Reference< 440cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XElementStackKeeper >& xElementStackKeeper); 441cdf0e10cSrcweir 442cdf0e10cSrcweir void setSAXChainConnector( 443cdf0e10cSrcweir const com::sun::star::uno::Reference< 444cdf0e10cSrcweir com::sun::star::xml::sax::XParser >& xParser, 445cdf0e10cSrcweir const com::sun::star::uno::Reference< 446cdf0e10cSrcweir com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler, 447cdf0e10cSrcweir const com::sun::star::uno::Reference< 448cdf0e10cSrcweir com::sun::star::xml::crypto::sax::XElementStackKeeper >& xElementStackKeeper); 449cdf0e10cSrcweir 450cdf0e10cSrcweir void clearSAXChainConnector(); 451cdf0e10cSrcweir void endMission(); 452cdf0e10cSrcweir const char* getErrorMessage(); 453cdf0e10cSrcweir 454cdf0e10cSrcweir SignatureInformation getSignatureInformation( sal_Int32 nSecurityId ) const; 455cdf0e10cSrcweir SignatureInformations getSignatureInformations() const; 456cdf0e10cSrcweir 457cdf0e10cSrcweir void exportSignature( 458cdf0e10cSrcweir const com::sun::star::uno::Reference< 459cdf0e10cSrcweir com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler, 460cdf0e10cSrcweir const SignatureInformation& signatureInfo ); 461cdf0e10cSrcweir 462cdf0e10cSrcweir 463cdf0e10cSrcweir /* 464cdf0e10cSrcweir * For signature generation 465cdf0e10cSrcweir */ 466cdf0e10cSrcweir void collectToSign( sal_Int32 securityId, const rtl::OUString& referenceId ); 467cdf0e10cSrcweir void signAStream( sal_Int32 securityId, const rtl::OUString& uri, const rtl::OUString& objectURL, sal_Bool isBinary); 468cdf0e10cSrcweir 469cdf0e10cSrcweir 470cdf0e10cSrcweir /** sets data that describes the certificate. 471cdf0e10cSrcweir 472cdf0e10cSrcweir It is absolutely necessary that the parameter ouX509IssuerName is set. It contains 473cdf0e10cSrcweir the base64 encoded certificate, which is DER encoded. The XMLSec needs it to find 474cdf0e10cSrcweir the private key. Although issuer name and certificate should be sufficient to identify 475cdf0e10cSrcweir the certificate the implementation in XMLSec is broken, both for Windows and mozilla. 476cdf0e10cSrcweir The reason is that they use functions to find the certificate which take as parameter 477cdf0e10cSrcweir the DER encoded ASN.1 issuer name. The issuer name is a DName, where most attributes 478cdf0e10cSrcweir are of type DirectoryName, which is a choice of 5 string types. This information is 479cdf0e10cSrcweir not contained in the issuer string and while it is converted to the ASN.1 name the 480cdf0e10cSrcweir conversion function must assume a particular type, which is often wrong. For example, 481cdf0e10cSrcweir the Windows function CertStrToName will use a T.61 string if the string does not contain 482cdf0e10cSrcweir special characters. So if the certificate uses simple characters but encodes the 483cdf0e10cSrcweir issuer attributes in Utf8, then CertStrToName will use T.61. The resulting DER encoded 484cdf0e10cSrcweir ASN.1 name now contains different bytes which indicate the string type. The functions 485cdf0e10cSrcweir for finding the certificate apparently use memcmp - hence they fail to find the 486cdf0e10cSrcweir certificate. 487cdf0e10cSrcweir */ 488cdf0e10cSrcweir void setX509Certificate( 489cdf0e10cSrcweir sal_Int32 nSecurityId, 490cdf0e10cSrcweir const rtl::OUString& ouX509IssuerName, 491cdf0e10cSrcweir const rtl::OUString& ouX509SerialNumber, 492cdf0e10cSrcweir const rtl::OUString& ouX509Cert); 493cdf0e10cSrcweir // see the other setX509Certifcate function 494cdf0e10cSrcweir void setX509Certificate( 495cdf0e10cSrcweir sal_Int32 nSecurityId, 496cdf0e10cSrcweir const sal_Int32 nSecurityEnvironmentIndex, 497cdf0e10cSrcweir const rtl::OUString& ouX509IssuerName, 498cdf0e10cSrcweir const rtl::OUString& ouX509SerialNumber, 499cdf0e10cSrcweir const rtl::OUString& ouX509Cert); 500cdf0e10cSrcweir 501cdf0e10cSrcweir void setDate( 502cdf0e10cSrcweir sal_Int32 nSecurityId, 503cdf0e10cSrcweir const ::com::sun::star::util::DateTime& rDateTime ); 504cdf0e10cSrcweir 505cdf0e10cSrcweir 506cdf0e10cSrcweir bool WriteSignature( 507cdf0e10cSrcweir const com::sun::star::uno::Reference< 508cdf0e10cSrcweir com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler ); 509cdf0e10cSrcweir 510cdf0e10cSrcweir /* 511cdf0e10cSrcweir * For signature verification 512cdf0e10cSrcweir */ 513cdf0e10cSrcweir void collectToVerify( const rtl::OUString& referenceId ); 514cdf0e10cSrcweir void addSignature( sal_Int32 nSignatureId ); 515cdf0e10cSrcweir com::sun::star::uno::Reference< com::sun::star::xml::sax::XDocumentHandler > createSignatureReader(); 516cdf0e10cSrcweir void releaseSignatureReader(); 517cdf0e10cSrcweir 518cdf0e10cSrcweir public: 519cdf0e10cSrcweir /* Interface methods */ 520cdf0e10cSrcweir 521cdf0e10cSrcweir /* 522cdf0e10cSrcweir * XSecurityController 523cdf0e10cSrcweir * 524cdf0e10cSrcweir * no method in XSecurityController interface 525cdf0e10cSrcweir */ 526cdf0e10cSrcweir 527cdf0e10cSrcweir /* 528cdf0e10cSrcweir * XFastPropertySet 529cdf0e10cSrcweir */ 530cdf0e10cSrcweir /* 531cdf0e10cSrcweir virtual void SAL_CALL setFastPropertyValue( 532cdf0e10cSrcweir sal_Int32 nHandle, 533cdf0e10cSrcweir const com::sun::star::uno::Any& aValue ) 534cdf0e10cSrcweir throw ( 535cdf0e10cSrcweir com::sun::star::beans::UnknownPropertyException, 536cdf0e10cSrcweir com::sun::star::beans::PropertyVetoException, 537cdf0e10cSrcweir com::sun::star::lang::IllegalArgumentException, 538cdf0e10cSrcweir com::sun::star::lang::WrappedTargetException, 539cdf0e10cSrcweir com::sun::star::uno::RuntimeException); 540cdf0e10cSrcweir virtual com::sun::star::uno::Any SAL_CALL getFastPropertyValue( 541cdf0e10cSrcweir sal_Int32 nHandle ) 542cdf0e10cSrcweir throw ( 543cdf0e10cSrcweir com::sun::star::beans::UnknownPropertyException, 544cdf0e10cSrcweir com::sun::star::lang::WrappedTargetException, 545cdf0e10cSrcweir com::sun::star::uno::RuntimeException); 546cdf0e10cSrcweir */ 547cdf0e10cSrcweir 548cdf0e10cSrcweir /* 549cdf0e10cSrcweir * XSAXEventKeeperStatusChangeListener 550cdf0e10cSrcweir */ 551cdf0e10cSrcweir virtual void SAL_CALL blockingStatusChanged( sal_Bool isBlocking ) 552cdf0e10cSrcweir throw (com::sun::star::uno::RuntimeException); 553cdf0e10cSrcweir virtual void SAL_CALL collectionStatusChanged( 554cdf0e10cSrcweir sal_Bool isInsideCollectedElement ) 555cdf0e10cSrcweir throw (com::sun::star::uno::RuntimeException); 556cdf0e10cSrcweir virtual void SAL_CALL bufferStatusChanged( sal_Bool isBufferEmpty ) 557cdf0e10cSrcweir throw (com::sun::star::uno::RuntimeException); 558cdf0e10cSrcweir 559cdf0e10cSrcweir /* 560cdf0e10cSrcweir * XSignatureCreationResultListener 561cdf0e10cSrcweir */ 562cdf0e10cSrcweir virtual void SAL_CALL signatureCreated( sal_Int32 securityId, com::sun::star::xml::crypto::SecurityOperationStatus nResult ) 563cdf0e10cSrcweir throw (com::sun::star::uno::RuntimeException); 564cdf0e10cSrcweir 565cdf0e10cSrcweir /* 566cdf0e10cSrcweir * XSignatureVerifyResultListener 567cdf0e10cSrcweir */ 568cdf0e10cSrcweir virtual void SAL_CALL signatureVerified( sal_Int32 securityId, com::sun::star::xml::crypto::SecurityOperationStatus nResult ) 569cdf0e10cSrcweir throw (com::sun::star::uno::RuntimeException); 570cdf0e10cSrcweir }; 571cdf0e10cSrcweir 572cdf0e10cSrcweir #endif 573cdf0e10cSrcweir 574