106b3ce53SAndrew Rist /************************************************************** 2cdf0e10cSrcweir * 306b3ce53SAndrew Rist * Licensed to the Apache Software Foundation (ASF) under one 406b3ce53SAndrew Rist * or more contributor license agreements. See the NOTICE file 506b3ce53SAndrew Rist * distributed with this work for additional information 606b3ce53SAndrew Rist * regarding copyright ownership. The ASF licenses this file 706b3ce53SAndrew Rist * to you under the Apache License, Version 2.0 (the 806b3ce53SAndrew Rist * "License"); you may not use this file except in compliance 906b3ce53SAndrew Rist * with the License. You may obtain a copy of the License at 1006b3ce53SAndrew Rist * 1106b3ce53SAndrew Rist * http://www.apache.org/licenses/LICENSE-2.0 1206b3ce53SAndrew Rist * 1306b3ce53SAndrew Rist * Unless required by applicable law or agreed to in writing, 1406b3ce53SAndrew Rist * software distributed under the License is distributed on an 1506b3ce53SAndrew Rist * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 1606b3ce53SAndrew Rist * KIND, either express or implied. See the License for the 1706b3ce53SAndrew Rist * specific language governing permissions and limitations 1806b3ce53SAndrew Rist * under the License. 1906b3ce53SAndrew Rist * 2006b3ce53SAndrew Rist *************************************************************/ 2106b3ce53SAndrew Rist 2206b3ce53SAndrew Rist 23cdf0e10cSrcweir 24cdf0e10cSrcweir // MARKER(update_precomp.py): autogen include statement, do not remove 25cdf0e10cSrcweir #include "precompiled_xmlsecurity.hxx" 26cdf0e10cSrcweir 27cdf0e10cSrcweir #include <xsecctl.hxx> 28cdf0e10cSrcweir #include "xsecparser.hxx" 29cdf0e10cSrcweir #include <tools/debug.hxx> 30cdf0e10cSrcweir 31cdf0e10cSrcweir #include <com/sun/star/xml/crypto/sax/XKeyCollector.hpp> 32cdf0e10cSrcweir #include <com/sun/star/xml/crypto/sax/ElementMarkPriority.hpp> 33cdf0e10cSrcweir #include <com/sun/star/xml/crypto/sax/XReferenceResolvedBroadcaster.hpp> 34cdf0e10cSrcweir #include <com/sun/star/xml/crypto/sax/XReferenceCollector.hpp> 35cdf0e10cSrcweir #include <com/sun/star/xml/crypto/sax/XSignatureVerifyResultBroadcaster.hpp> 36cdf0e10cSrcweir #include <com/sun/star/xml/sax/SAXParseException.hpp> 37cdf0e10cSrcweir 38cdf0e10cSrcweir namespace cssu = com::sun::star::uno; 39cdf0e10cSrcweir namespace cssl = com::sun::star::lang; 40cdf0e10cSrcweir namespace cssxc = com::sun::star::xml::crypto; 41cdf0e10cSrcweir namespace cssxs = com::sun::star::xml::sax; 42cdf0e10cSrcweir 43cdf0e10cSrcweir /* xml security framework components */ 44cdf0e10cSrcweir #define SIGNATUREVERIFIER_COMPONENT "com.sun.star.xml.crypto.sax.SignatureVerifier" 45cdf0e10cSrcweir 46cdf0e10cSrcweir /* protected: for signature verify */ 47cdf0e10cSrcweir cssu::Reference< cssxc::sax::XReferenceResolvedListener > XSecController::prepareSignatureToRead( 48cdf0e10cSrcweir sal_Int32 nSecurityId) 49cdf0e10cSrcweir { 50cdf0e10cSrcweir if ( m_nStatusOfSecurityComponents != INITIALIZED ) 51cdf0e10cSrcweir { 52cdf0e10cSrcweir return NULL; 53cdf0e10cSrcweir } 54cdf0e10cSrcweir 55cdf0e10cSrcweir sal_Int32 nIdOfSignatureElementCollector; 56cdf0e10cSrcweir cssu::Reference< cssxc::sax::XReferenceResolvedListener > xReferenceResolvedListener; 57cdf0e10cSrcweir 58cdf0e10cSrcweir nIdOfSignatureElementCollector = 59cdf0e10cSrcweir m_xSAXEventKeeper->addSecurityElementCollector( cssxc::sax::ElementMarkPriority_BEFOREMODIFY, sal_False); 60cdf0e10cSrcweir 61cdf0e10cSrcweir m_xSAXEventKeeper->setSecurityId(nIdOfSignatureElementCollector, nSecurityId); 62cdf0e10cSrcweir 63cdf0e10cSrcweir /* 64cdf0e10cSrcweir * create a SignatureVerifier 65cdf0e10cSrcweir */ 66cdf0e10cSrcweir cssu::Reference< cssl::XMultiComponentFactory > xMCF( mxCtx->getServiceManager() ); 67cdf0e10cSrcweir xReferenceResolvedListener = cssu::Reference< cssxc::sax::XReferenceResolvedListener >( 68cdf0e10cSrcweir xMCF->createInstanceWithContext( 69cdf0e10cSrcweir rtl::OUString::createFromAscii( SIGNATUREVERIFIER_COMPONENT ), mxCtx), 70cdf0e10cSrcweir cssu::UNO_QUERY); 71cdf0e10cSrcweir 72cdf0e10cSrcweir cssu::Reference<cssl::XInitialization> xInitialization(xReferenceResolvedListener, cssu::UNO_QUERY); 73cdf0e10cSrcweir 74cdf0e10cSrcweir cssu::Sequence<cssu::Any> args(5); 75cdf0e10cSrcweir args[0] = cssu::makeAny(rtl::OUString::valueOf(nSecurityId)); 76cdf0e10cSrcweir args[1] = cssu::makeAny(m_xSAXEventKeeper); 77cdf0e10cSrcweir args[2] = cssu::makeAny(rtl::OUString::valueOf(nIdOfSignatureElementCollector)); 78cdf0e10cSrcweir args[3] = cssu::makeAny(m_xSecurityContext); 79cdf0e10cSrcweir args[4] = cssu::makeAny(m_xXMLSignature); 80cdf0e10cSrcweir xInitialization->initialize(args); 81cdf0e10cSrcweir 82cdf0e10cSrcweir cssu::Reference< cssxc::sax::XSignatureVerifyResultBroadcaster > 83cdf0e10cSrcweir signatureVerifyResultBroadcaster(xReferenceResolvedListener, cssu::UNO_QUERY); 84cdf0e10cSrcweir 85cdf0e10cSrcweir signatureVerifyResultBroadcaster->addSignatureVerifyResultListener( this ); 86cdf0e10cSrcweir 87cdf0e10cSrcweir cssu::Reference<cssxc::sax::XReferenceResolvedBroadcaster> xReferenceResolvedBroadcaster 88cdf0e10cSrcweir (m_xSAXEventKeeper, 89cdf0e10cSrcweir cssu::UNO_QUERY); 90cdf0e10cSrcweir 91cdf0e10cSrcweir xReferenceResolvedBroadcaster->addReferenceResolvedListener( 92cdf0e10cSrcweir nIdOfSignatureElementCollector, 93cdf0e10cSrcweir xReferenceResolvedListener); 94cdf0e10cSrcweir 95cdf0e10cSrcweir cssu::Reference<cssxc::sax::XKeyCollector> keyCollector (xReferenceResolvedListener, cssu::UNO_QUERY); 96cdf0e10cSrcweir keyCollector->setKeyId(0); 97cdf0e10cSrcweir 98cdf0e10cSrcweir return xReferenceResolvedListener; 99cdf0e10cSrcweir } 100cdf0e10cSrcweir 101cdf0e10cSrcweir void XSecController::addSignature() 102cdf0e10cSrcweir { 103cdf0e10cSrcweir cssu::Reference< cssxc::sax::XReferenceResolvedListener > xReferenceResolvedListener = NULL; 104cdf0e10cSrcweir sal_Int32 nSignatureId = 0; 105cdf0e10cSrcweir 106cdf0e10cSrcweir 107cdf0e10cSrcweir if (m_bVerifyCurrentSignature) 108cdf0e10cSrcweir { 109cdf0e10cSrcweir chainOn(true); 110cdf0e10cSrcweir xReferenceResolvedListener = prepareSignatureToRead( m_nReservedSignatureId ); 111cdf0e10cSrcweir m_bVerifyCurrentSignature = false; 112cdf0e10cSrcweir nSignatureId = m_nReservedSignatureId; 113cdf0e10cSrcweir } 114cdf0e10cSrcweir 115cdf0e10cSrcweir InternalSignatureInformation isi( nSignatureId, xReferenceResolvedListener ); 116cdf0e10cSrcweir m_vInternalSignatureInformations.push_back( isi ); 117cdf0e10cSrcweir } 118cdf0e10cSrcweir 119cdf0e10cSrcweir void XSecController::addReference( const rtl::OUString& ouUri) 120cdf0e10cSrcweir { 121cdf0e10cSrcweir InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; 122cdf0e10cSrcweir isi.addReference(TYPE_SAMEDOCUMENT_REFERENCE,ouUri, -1 ); 123cdf0e10cSrcweir } 124cdf0e10cSrcweir 125cdf0e10cSrcweir void XSecController::addStreamReference( 126cdf0e10cSrcweir const rtl::OUString& ouUri, 127cdf0e10cSrcweir bool isBinary ) 128cdf0e10cSrcweir { 129cdf0e10cSrcweir sal_Int32 type = (isBinary?TYPE_BINARYSTREAM_REFERENCE:TYPE_XMLSTREAM_REFERENCE); 130cdf0e10cSrcweir 131cdf0e10cSrcweir InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; 132cdf0e10cSrcweir 133cdf0e10cSrcweir if ( isi.xReferenceResolvedListener.is() ) 134cdf0e10cSrcweir { 135cdf0e10cSrcweir /* 136cdf0e10cSrcweir * get the input stream 137cdf0e10cSrcweir */ 138cdf0e10cSrcweir cssu::Reference< com::sun::star::io::XInputStream > xObjectInputStream 139cdf0e10cSrcweir = getObjectInputStream( ouUri ); 140cdf0e10cSrcweir 141cdf0e10cSrcweir if ( xObjectInputStream.is() ) 142cdf0e10cSrcweir { 143cdf0e10cSrcweir cssu::Reference<cssxc::XUriBinding> xUriBinding 144cdf0e10cSrcweir (isi.xReferenceResolvedListener, cssu::UNO_QUERY); 145cdf0e10cSrcweir xUriBinding->setUriBinding(ouUri, xObjectInputStream); 146cdf0e10cSrcweir } 147cdf0e10cSrcweir } 148cdf0e10cSrcweir 149cdf0e10cSrcweir isi.addReference(type, ouUri, -1); 150cdf0e10cSrcweir } 151cdf0e10cSrcweir 152cdf0e10cSrcweir void XSecController::setReferenceCount() const 153cdf0e10cSrcweir { 154cdf0e10cSrcweir const InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; 155cdf0e10cSrcweir 156cdf0e10cSrcweir if ( isi.xReferenceResolvedListener.is() ) 157cdf0e10cSrcweir { 158cdf0e10cSrcweir const SignatureReferenceInformations &refInfors = isi.signatureInfor.vSignatureReferenceInfors; 159cdf0e10cSrcweir 160cdf0e10cSrcweir int refNum = refInfors.size(); 161cdf0e10cSrcweir sal_Int32 referenceCount = 0; 162cdf0e10cSrcweir 163cdf0e10cSrcweir for(int i=0 ; i<refNum; ++i) 164cdf0e10cSrcweir { 165cdf0e10cSrcweir if (refInfors[i].nType == TYPE_SAMEDOCUMENT_REFERENCE ) 166cdf0e10cSrcweir /* 167cdf0e10cSrcweir * same-document reference 168cdf0e10cSrcweir */ 169cdf0e10cSrcweir { 170cdf0e10cSrcweir referenceCount++; 171cdf0e10cSrcweir } 172cdf0e10cSrcweir } 173cdf0e10cSrcweir 174cdf0e10cSrcweir cssu::Reference<cssxc::sax::XReferenceCollector> xReferenceCollector 175cdf0e10cSrcweir (isi.xReferenceResolvedListener, cssu::UNO_QUERY); 176cdf0e10cSrcweir xReferenceCollector->setReferenceCount( referenceCount ); 177cdf0e10cSrcweir } 178cdf0e10cSrcweir } 179cdf0e10cSrcweir 180*55779ad0SArrigo Marchiori void XSecController::setIfEmpty(rtl::OUString &variable, const rtl::OUString &value) { 181*55779ad0SArrigo Marchiori if (variable.getLength() == 0) { 182*55779ad0SArrigo Marchiori variable = value; 183*55779ad0SArrigo Marchiori } else if (variable != value) { 184*55779ad0SArrigo Marchiori throw cssu::RuntimeException(rtl::OUString::createFromAscii("Value already set. Tampering?"), *this); 185*55779ad0SArrigo Marchiori } 186*55779ad0SArrigo Marchiori } 187*55779ad0SArrigo Marchiori 188cdf0e10cSrcweir void XSecController::setX509IssuerName( rtl::OUString& ouX509IssuerName ) 189cdf0e10cSrcweir { 190cdf0e10cSrcweir InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; 191*55779ad0SArrigo Marchiori setIfEmpty(isi.signatureInfor.ouX509IssuerName, ouX509IssuerName); 192cdf0e10cSrcweir } 193cdf0e10cSrcweir 194cdf0e10cSrcweir void XSecController::setX509SerialNumber( rtl::OUString& ouX509SerialNumber ) 195cdf0e10cSrcweir { 196cdf0e10cSrcweir InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; 197*55779ad0SArrigo Marchiori setIfEmpty(isi.signatureInfor.ouX509SerialNumber, ouX509SerialNumber); 198cdf0e10cSrcweir } 199cdf0e10cSrcweir 200cdf0e10cSrcweir void XSecController::setX509Certificate( rtl::OUString& ouX509Certificate ) 201cdf0e10cSrcweir { 202cdf0e10cSrcweir InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; 203*55779ad0SArrigo Marchiori setIfEmpty(isi.signatureInfor.ouX509Certificate, ouX509Certificate); 204cdf0e10cSrcweir } 205cdf0e10cSrcweir 206cdf0e10cSrcweir void XSecController::setSignatureValue( rtl::OUString& ouSignatureValue ) 207cdf0e10cSrcweir { 208cdf0e10cSrcweir InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; 209cdf0e10cSrcweir isi.signatureInfor.ouSignatureValue = ouSignatureValue; 210cdf0e10cSrcweir } 211cdf0e10cSrcweir 212cdf0e10cSrcweir void XSecController::setDigestValue( rtl::OUString& ouDigestValue ) 213cdf0e10cSrcweir { 214cdf0e10cSrcweir SignatureInformation &si = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1].signatureInfor; 215cdf0e10cSrcweir SignatureReferenceInformation &reference = si.vSignatureReferenceInfors[si.vSignatureReferenceInfors.size()-1]; 216cdf0e10cSrcweir reference.ouDigestValue = ouDigestValue; 217cdf0e10cSrcweir } 218cdf0e10cSrcweir 219cdf0e10cSrcweir void XSecController::setDate( rtl::OUString& ouDate ) 220cdf0e10cSrcweir { 221cdf0e10cSrcweir InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; 222cdf0e10cSrcweir convertDateTime( isi.signatureInfor.stDateTime, ouDate ); 223*55779ad0SArrigo Marchiori setIfEmpty(isi.signatureInfor.ouDateTime, ouDate); 224cdf0e10cSrcweir } 225cdf0e10cSrcweir 226cdf0e10cSrcweir /* 227cdf0e10cSrcweir void XSecController::setTime( rtl::OUString& ouTime ) 228cdf0e10cSrcweir { 229cdf0e10cSrcweir InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; 230cdf0e10cSrcweir isi.signatureInfor.ouTime = ouTime; 231cdf0e10cSrcweir } 232cdf0e10cSrcweir */ 233cdf0e10cSrcweir 234cdf0e10cSrcweir void XSecController::setId( rtl::OUString& ouId ) 235cdf0e10cSrcweir { 236cdf0e10cSrcweir InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; 237cdf0e10cSrcweir isi.signatureInfor.ouSignatureId = ouId; 238cdf0e10cSrcweir } 239cdf0e10cSrcweir 240cdf0e10cSrcweir void XSecController::setPropertyId( rtl::OUString& ouPropertyId ) 241cdf0e10cSrcweir { 242cdf0e10cSrcweir InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; 243cdf0e10cSrcweir isi.signatureInfor.ouPropertyId = ouPropertyId; 244cdf0e10cSrcweir } 245cdf0e10cSrcweir 246cdf0e10cSrcweir /* public: for signature verify */ 247cdf0e10cSrcweir void XSecController::collectToVerify( const rtl::OUString& referenceId ) 248cdf0e10cSrcweir { 249cdf0e10cSrcweir /* DBG_ASSERT( m_xSAXEventKeeper.is(), "the SAXEventKeeper is NULL" ); */ 250cdf0e10cSrcweir 251cdf0e10cSrcweir if ( m_nStatusOfSecurityComponents == INITIALIZED ) 252cdf0e10cSrcweir /* 253cdf0e10cSrcweir * if all security components are ready, verify the signature. 254cdf0e10cSrcweir */ 255cdf0e10cSrcweir { 256cdf0e10cSrcweir bool bJustChainingOn = false; 257cdf0e10cSrcweir cssu::Reference< cssxs::XDocumentHandler > xHandler = NULL; 258cdf0e10cSrcweir 259cdf0e10cSrcweir int i,j; 260cdf0e10cSrcweir int sigNum = m_vInternalSignatureInformations.size(); 261cdf0e10cSrcweir 262cdf0e10cSrcweir for (i=0; i<sigNum; ++i) 263cdf0e10cSrcweir { 264cdf0e10cSrcweir InternalSignatureInformation& isi = m_vInternalSignatureInformations[i]; 265cdf0e10cSrcweir SignatureReferenceInformations& vReferenceInfors = isi.signatureInfor.vSignatureReferenceInfors; 266cdf0e10cSrcweir int refNum = vReferenceInfors.size(); 267cdf0e10cSrcweir 268cdf0e10cSrcweir for (j=0; j<refNum; ++j) 269cdf0e10cSrcweir { 270cdf0e10cSrcweir SignatureReferenceInformation &refInfor = vReferenceInfors[j]; 271cdf0e10cSrcweir 272cdf0e10cSrcweir if (refInfor.ouURI == referenceId) 273cdf0e10cSrcweir { 274cdf0e10cSrcweir if (chainOn(false)) 275cdf0e10cSrcweir { 276cdf0e10cSrcweir bJustChainingOn = true; 277cdf0e10cSrcweir xHandler = m_xSAXEventKeeper->setNextHandler(NULL); 278cdf0e10cSrcweir } 279cdf0e10cSrcweir 280cdf0e10cSrcweir sal_Int32 nKeeperId = m_xSAXEventKeeper->addSecurityElementCollector( 281cdf0e10cSrcweir cssxc::sax::ElementMarkPriority_BEFOREMODIFY, sal_False ); 282cdf0e10cSrcweir 283cdf0e10cSrcweir cssu::Reference<cssxc::sax::XReferenceResolvedBroadcaster> xReferenceResolvedBroadcaster 284cdf0e10cSrcweir (m_xSAXEventKeeper, 285cdf0e10cSrcweir cssu::UNO_QUERY ); 286cdf0e10cSrcweir 287cdf0e10cSrcweir cssu::Reference<cssxc::sax::XReferenceCollector> xReferenceCollector 288cdf0e10cSrcweir ( isi.xReferenceResolvedListener, cssu::UNO_QUERY ); 289cdf0e10cSrcweir 290cdf0e10cSrcweir m_xSAXEventKeeper->setSecurityId(nKeeperId, isi.signatureInfor.nSecurityId); 291cdf0e10cSrcweir xReferenceResolvedBroadcaster->addReferenceResolvedListener( nKeeperId, isi.xReferenceResolvedListener); 292cdf0e10cSrcweir xReferenceCollector->setReferenceId( nKeeperId ); 293cdf0e10cSrcweir 294cdf0e10cSrcweir isi.vKeeperIds[j] = nKeeperId; 295cdf0e10cSrcweir break; 296cdf0e10cSrcweir } 297cdf0e10cSrcweir } 298cdf0e10cSrcweir } 299cdf0e10cSrcweir 300cdf0e10cSrcweir if ( bJustChainingOn ) 301cdf0e10cSrcweir { 302cdf0e10cSrcweir cssu::Reference< cssxs::XDocumentHandler > xSEKHandler(m_xSAXEventKeeper, cssu::UNO_QUERY); 303cdf0e10cSrcweir if (m_xElementStackKeeper.is()) 304cdf0e10cSrcweir { 305cdf0e10cSrcweir m_xElementStackKeeper->retrieve(xSEKHandler, sal_True); 306cdf0e10cSrcweir } 307cdf0e10cSrcweir m_xSAXEventKeeper->setNextHandler(xHandler); 308cdf0e10cSrcweir } 309cdf0e10cSrcweir } 310cdf0e10cSrcweir } 311cdf0e10cSrcweir 312cdf0e10cSrcweir void XSecController::addSignature( sal_Int32 nSignatureId ) 313cdf0e10cSrcweir { 314cdf0e10cSrcweir DBG_ASSERT( m_pXSecParser != NULL, "No XSecParser initialized" ); 315cdf0e10cSrcweir 316cdf0e10cSrcweir m_nReservedSignatureId = nSignatureId; 317cdf0e10cSrcweir m_bVerifyCurrentSignature = true; 318cdf0e10cSrcweir } 319cdf0e10cSrcweir 320cdf0e10cSrcweir cssu::Reference< cssxs::XDocumentHandler > XSecController::createSignatureReader() 321cdf0e10cSrcweir { 322cdf0e10cSrcweir m_pXSecParser = new XSecParser( this, NULL ); 323cdf0e10cSrcweir cssu::Reference< cssl::XInitialization > xInitialization = m_pXSecParser; 324cdf0e10cSrcweir 325cdf0e10cSrcweir setSAXChainConnector(xInitialization, NULL, NULL); 326cdf0e10cSrcweir 327cdf0e10cSrcweir return m_pXSecParser; 328cdf0e10cSrcweir } 329cdf0e10cSrcweir 330cdf0e10cSrcweir void XSecController::releaseSignatureReader() 331cdf0e10cSrcweir { 332cdf0e10cSrcweir clearSAXChainConnector( ); 333cdf0e10cSrcweir m_pXSecParser = NULL; 334cdf0e10cSrcweir } 335cdf0e10cSrcweir 336