1*cdf0e10cSrcweir /************************************************************************* 2*cdf0e10cSrcweir * 3*cdf0e10cSrcweir * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4*cdf0e10cSrcweir * 5*cdf0e10cSrcweir * Copyright 2000, 2010 Oracle and/or its affiliates. 6*cdf0e10cSrcweir * 7*cdf0e10cSrcweir * OpenOffice.org - a multi-platform office productivity suite 8*cdf0e10cSrcweir * 9*cdf0e10cSrcweir * This file is part of OpenOffice.org. 10*cdf0e10cSrcweir * 11*cdf0e10cSrcweir * OpenOffice.org is free software: you can redistribute it and/or modify 12*cdf0e10cSrcweir * it under the terms of the GNU Lesser General Public License version 3 13*cdf0e10cSrcweir * only, as published by the Free Software Foundation. 14*cdf0e10cSrcweir * 15*cdf0e10cSrcweir * OpenOffice.org is distributed in the hope that it will be useful, 16*cdf0e10cSrcweir * but WITHOUT ANY WARRANTY; without even the implied warranty of 17*cdf0e10cSrcweir * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18*cdf0e10cSrcweir * GNU Lesser General Public License version 3 for more details 19*cdf0e10cSrcweir * (a copy is included in the LICENSE file that accompanied this code). 20*cdf0e10cSrcweir * 21*cdf0e10cSrcweir * You should have received a copy of the GNU Lesser General Public License 22*cdf0e10cSrcweir * version 3 along with OpenOffice.org. If not, see 23*cdf0e10cSrcweir * <http://www.openoffice.org/license.html> 24*cdf0e10cSrcweir * for a copy of the LGPLv3 License. 25*cdf0e10cSrcweir * 26*cdf0e10cSrcweir ************************************************************************/ 27*cdf0e10cSrcweir 28*cdf0e10cSrcweir // MARKER(update_precomp.py): autogen include statement, do not remove 29*cdf0e10cSrcweir #include "precompiled_xmlsecurity.hxx" 30*cdf0e10cSrcweir 31*cdf0e10cSrcweir #include <xsecctl.hxx> 32*cdf0e10cSrcweir #include "xsecparser.hxx" 33*cdf0e10cSrcweir #include <tools/debug.hxx> 34*cdf0e10cSrcweir 35*cdf0e10cSrcweir #include <com/sun/star/xml/crypto/sax/XKeyCollector.hpp> 36*cdf0e10cSrcweir #include <com/sun/star/xml/crypto/sax/ElementMarkPriority.hpp> 37*cdf0e10cSrcweir #include <com/sun/star/xml/crypto/sax/XReferenceResolvedBroadcaster.hpp> 38*cdf0e10cSrcweir #include <com/sun/star/xml/crypto/sax/XReferenceCollector.hpp> 39*cdf0e10cSrcweir #include <com/sun/star/xml/crypto/sax/XSignatureVerifyResultBroadcaster.hpp> 40*cdf0e10cSrcweir #include <com/sun/star/xml/sax/SAXParseException.hpp> 41*cdf0e10cSrcweir 42*cdf0e10cSrcweir namespace cssu = com::sun::star::uno; 43*cdf0e10cSrcweir namespace cssl = com::sun::star::lang; 44*cdf0e10cSrcweir namespace cssxc = com::sun::star::xml::crypto; 45*cdf0e10cSrcweir namespace cssxs = com::sun::star::xml::sax; 46*cdf0e10cSrcweir 47*cdf0e10cSrcweir /* xml security framework components */ 48*cdf0e10cSrcweir #define SIGNATUREVERIFIER_COMPONENT "com.sun.star.xml.crypto.sax.SignatureVerifier" 49*cdf0e10cSrcweir 50*cdf0e10cSrcweir /* protected: for signature verify */ 51*cdf0e10cSrcweir cssu::Reference< cssxc::sax::XReferenceResolvedListener > XSecController::prepareSignatureToRead( 52*cdf0e10cSrcweir sal_Int32 nSecurityId) 53*cdf0e10cSrcweir { 54*cdf0e10cSrcweir if ( m_nStatusOfSecurityComponents != INITIALIZED ) 55*cdf0e10cSrcweir { 56*cdf0e10cSrcweir return NULL; 57*cdf0e10cSrcweir } 58*cdf0e10cSrcweir 59*cdf0e10cSrcweir sal_Int32 nIdOfSignatureElementCollector; 60*cdf0e10cSrcweir cssu::Reference< cssxc::sax::XReferenceResolvedListener > xReferenceResolvedListener; 61*cdf0e10cSrcweir 62*cdf0e10cSrcweir nIdOfSignatureElementCollector = 63*cdf0e10cSrcweir m_xSAXEventKeeper->addSecurityElementCollector( cssxc::sax::ElementMarkPriority_BEFOREMODIFY, sal_False); 64*cdf0e10cSrcweir 65*cdf0e10cSrcweir m_xSAXEventKeeper->setSecurityId(nIdOfSignatureElementCollector, nSecurityId); 66*cdf0e10cSrcweir 67*cdf0e10cSrcweir /* 68*cdf0e10cSrcweir * create a SignatureVerifier 69*cdf0e10cSrcweir */ 70*cdf0e10cSrcweir cssu::Reference< cssl::XMultiComponentFactory > xMCF( mxCtx->getServiceManager() ); 71*cdf0e10cSrcweir xReferenceResolvedListener = cssu::Reference< cssxc::sax::XReferenceResolvedListener >( 72*cdf0e10cSrcweir xMCF->createInstanceWithContext( 73*cdf0e10cSrcweir rtl::OUString::createFromAscii( SIGNATUREVERIFIER_COMPONENT ), mxCtx), 74*cdf0e10cSrcweir cssu::UNO_QUERY); 75*cdf0e10cSrcweir 76*cdf0e10cSrcweir cssu::Reference<cssl::XInitialization> xInitialization(xReferenceResolvedListener, cssu::UNO_QUERY); 77*cdf0e10cSrcweir 78*cdf0e10cSrcweir cssu::Sequence<cssu::Any> args(5); 79*cdf0e10cSrcweir args[0] = cssu::makeAny(rtl::OUString::valueOf(nSecurityId)); 80*cdf0e10cSrcweir args[1] = cssu::makeAny(m_xSAXEventKeeper); 81*cdf0e10cSrcweir args[2] = cssu::makeAny(rtl::OUString::valueOf(nIdOfSignatureElementCollector)); 82*cdf0e10cSrcweir args[3] = cssu::makeAny(m_xSecurityContext); 83*cdf0e10cSrcweir args[4] = cssu::makeAny(m_xXMLSignature); 84*cdf0e10cSrcweir xInitialization->initialize(args); 85*cdf0e10cSrcweir 86*cdf0e10cSrcweir cssu::Reference< cssxc::sax::XSignatureVerifyResultBroadcaster > 87*cdf0e10cSrcweir signatureVerifyResultBroadcaster(xReferenceResolvedListener, cssu::UNO_QUERY); 88*cdf0e10cSrcweir 89*cdf0e10cSrcweir signatureVerifyResultBroadcaster->addSignatureVerifyResultListener( this ); 90*cdf0e10cSrcweir 91*cdf0e10cSrcweir cssu::Reference<cssxc::sax::XReferenceResolvedBroadcaster> xReferenceResolvedBroadcaster 92*cdf0e10cSrcweir (m_xSAXEventKeeper, 93*cdf0e10cSrcweir cssu::UNO_QUERY); 94*cdf0e10cSrcweir 95*cdf0e10cSrcweir xReferenceResolvedBroadcaster->addReferenceResolvedListener( 96*cdf0e10cSrcweir nIdOfSignatureElementCollector, 97*cdf0e10cSrcweir xReferenceResolvedListener); 98*cdf0e10cSrcweir 99*cdf0e10cSrcweir cssu::Reference<cssxc::sax::XKeyCollector> keyCollector (xReferenceResolvedListener, cssu::UNO_QUERY); 100*cdf0e10cSrcweir keyCollector->setKeyId(0); 101*cdf0e10cSrcweir 102*cdf0e10cSrcweir return xReferenceResolvedListener; 103*cdf0e10cSrcweir } 104*cdf0e10cSrcweir 105*cdf0e10cSrcweir void XSecController::addSignature() 106*cdf0e10cSrcweir { 107*cdf0e10cSrcweir cssu::Reference< cssxc::sax::XReferenceResolvedListener > xReferenceResolvedListener = NULL; 108*cdf0e10cSrcweir sal_Int32 nSignatureId = 0; 109*cdf0e10cSrcweir 110*cdf0e10cSrcweir 111*cdf0e10cSrcweir if (m_bVerifyCurrentSignature) 112*cdf0e10cSrcweir { 113*cdf0e10cSrcweir chainOn(true); 114*cdf0e10cSrcweir xReferenceResolvedListener = prepareSignatureToRead( m_nReservedSignatureId ); 115*cdf0e10cSrcweir m_bVerifyCurrentSignature = false; 116*cdf0e10cSrcweir nSignatureId = m_nReservedSignatureId; 117*cdf0e10cSrcweir } 118*cdf0e10cSrcweir 119*cdf0e10cSrcweir InternalSignatureInformation isi( nSignatureId, xReferenceResolvedListener ); 120*cdf0e10cSrcweir m_vInternalSignatureInformations.push_back( isi ); 121*cdf0e10cSrcweir } 122*cdf0e10cSrcweir 123*cdf0e10cSrcweir void XSecController::addReference( const rtl::OUString& ouUri) 124*cdf0e10cSrcweir { 125*cdf0e10cSrcweir InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; 126*cdf0e10cSrcweir isi.addReference(TYPE_SAMEDOCUMENT_REFERENCE,ouUri, -1 ); 127*cdf0e10cSrcweir } 128*cdf0e10cSrcweir 129*cdf0e10cSrcweir void XSecController::addStreamReference( 130*cdf0e10cSrcweir const rtl::OUString& ouUri, 131*cdf0e10cSrcweir bool isBinary ) 132*cdf0e10cSrcweir { 133*cdf0e10cSrcweir sal_Int32 type = (isBinary?TYPE_BINARYSTREAM_REFERENCE:TYPE_XMLSTREAM_REFERENCE); 134*cdf0e10cSrcweir 135*cdf0e10cSrcweir InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; 136*cdf0e10cSrcweir 137*cdf0e10cSrcweir if ( isi.xReferenceResolvedListener.is() ) 138*cdf0e10cSrcweir { 139*cdf0e10cSrcweir /* 140*cdf0e10cSrcweir * get the input stream 141*cdf0e10cSrcweir */ 142*cdf0e10cSrcweir cssu::Reference< com::sun::star::io::XInputStream > xObjectInputStream 143*cdf0e10cSrcweir = getObjectInputStream( ouUri ); 144*cdf0e10cSrcweir 145*cdf0e10cSrcweir if ( xObjectInputStream.is() ) 146*cdf0e10cSrcweir { 147*cdf0e10cSrcweir cssu::Reference<cssxc::XUriBinding> xUriBinding 148*cdf0e10cSrcweir (isi.xReferenceResolvedListener, cssu::UNO_QUERY); 149*cdf0e10cSrcweir xUriBinding->setUriBinding(ouUri, xObjectInputStream); 150*cdf0e10cSrcweir } 151*cdf0e10cSrcweir } 152*cdf0e10cSrcweir 153*cdf0e10cSrcweir isi.addReference(type, ouUri, -1); 154*cdf0e10cSrcweir } 155*cdf0e10cSrcweir 156*cdf0e10cSrcweir void XSecController::setReferenceCount() const 157*cdf0e10cSrcweir { 158*cdf0e10cSrcweir const InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; 159*cdf0e10cSrcweir 160*cdf0e10cSrcweir if ( isi.xReferenceResolvedListener.is() ) 161*cdf0e10cSrcweir { 162*cdf0e10cSrcweir const SignatureReferenceInformations &refInfors = isi.signatureInfor.vSignatureReferenceInfors; 163*cdf0e10cSrcweir 164*cdf0e10cSrcweir int refNum = refInfors.size(); 165*cdf0e10cSrcweir sal_Int32 referenceCount = 0; 166*cdf0e10cSrcweir 167*cdf0e10cSrcweir for(int i=0 ; i<refNum; ++i) 168*cdf0e10cSrcweir { 169*cdf0e10cSrcweir if (refInfors[i].nType == TYPE_SAMEDOCUMENT_REFERENCE ) 170*cdf0e10cSrcweir /* 171*cdf0e10cSrcweir * same-document reference 172*cdf0e10cSrcweir */ 173*cdf0e10cSrcweir { 174*cdf0e10cSrcweir referenceCount++; 175*cdf0e10cSrcweir } 176*cdf0e10cSrcweir } 177*cdf0e10cSrcweir 178*cdf0e10cSrcweir cssu::Reference<cssxc::sax::XReferenceCollector> xReferenceCollector 179*cdf0e10cSrcweir (isi.xReferenceResolvedListener, cssu::UNO_QUERY); 180*cdf0e10cSrcweir xReferenceCollector->setReferenceCount( referenceCount ); 181*cdf0e10cSrcweir } 182*cdf0e10cSrcweir } 183*cdf0e10cSrcweir 184*cdf0e10cSrcweir void XSecController::setX509IssuerName( rtl::OUString& ouX509IssuerName ) 185*cdf0e10cSrcweir { 186*cdf0e10cSrcweir InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; 187*cdf0e10cSrcweir isi.signatureInfor.ouX509IssuerName = ouX509IssuerName; 188*cdf0e10cSrcweir } 189*cdf0e10cSrcweir 190*cdf0e10cSrcweir void XSecController::setX509SerialNumber( rtl::OUString& ouX509SerialNumber ) 191*cdf0e10cSrcweir { 192*cdf0e10cSrcweir InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; 193*cdf0e10cSrcweir isi.signatureInfor.ouX509SerialNumber = ouX509SerialNumber; 194*cdf0e10cSrcweir } 195*cdf0e10cSrcweir 196*cdf0e10cSrcweir void XSecController::setX509Certificate( rtl::OUString& ouX509Certificate ) 197*cdf0e10cSrcweir { 198*cdf0e10cSrcweir InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; 199*cdf0e10cSrcweir isi.signatureInfor.ouX509Certificate = ouX509Certificate; 200*cdf0e10cSrcweir } 201*cdf0e10cSrcweir 202*cdf0e10cSrcweir void XSecController::setSignatureValue( rtl::OUString& ouSignatureValue ) 203*cdf0e10cSrcweir { 204*cdf0e10cSrcweir InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; 205*cdf0e10cSrcweir isi.signatureInfor.ouSignatureValue = ouSignatureValue; 206*cdf0e10cSrcweir } 207*cdf0e10cSrcweir 208*cdf0e10cSrcweir void XSecController::setDigestValue( rtl::OUString& ouDigestValue ) 209*cdf0e10cSrcweir { 210*cdf0e10cSrcweir SignatureInformation &si = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1].signatureInfor; 211*cdf0e10cSrcweir SignatureReferenceInformation &reference = si.vSignatureReferenceInfors[si.vSignatureReferenceInfors.size()-1]; 212*cdf0e10cSrcweir reference.ouDigestValue = ouDigestValue; 213*cdf0e10cSrcweir } 214*cdf0e10cSrcweir 215*cdf0e10cSrcweir void XSecController::setDate( rtl::OUString& ouDate ) 216*cdf0e10cSrcweir { 217*cdf0e10cSrcweir InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; 218*cdf0e10cSrcweir convertDateTime( isi.signatureInfor.stDateTime, ouDate ); 219*cdf0e10cSrcweir isi.signatureInfor.ouDateTime = ouDate; 220*cdf0e10cSrcweir } 221*cdf0e10cSrcweir 222*cdf0e10cSrcweir /* 223*cdf0e10cSrcweir void XSecController::setTime( rtl::OUString& ouTime ) 224*cdf0e10cSrcweir { 225*cdf0e10cSrcweir InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; 226*cdf0e10cSrcweir isi.signatureInfor.ouTime = ouTime; 227*cdf0e10cSrcweir } 228*cdf0e10cSrcweir */ 229*cdf0e10cSrcweir 230*cdf0e10cSrcweir void XSecController::setId( rtl::OUString& ouId ) 231*cdf0e10cSrcweir { 232*cdf0e10cSrcweir InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; 233*cdf0e10cSrcweir isi.signatureInfor.ouSignatureId = ouId; 234*cdf0e10cSrcweir } 235*cdf0e10cSrcweir 236*cdf0e10cSrcweir void XSecController::setPropertyId( rtl::OUString& ouPropertyId ) 237*cdf0e10cSrcweir { 238*cdf0e10cSrcweir InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1]; 239*cdf0e10cSrcweir isi.signatureInfor.ouPropertyId = ouPropertyId; 240*cdf0e10cSrcweir } 241*cdf0e10cSrcweir 242*cdf0e10cSrcweir /* public: for signature verify */ 243*cdf0e10cSrcweir void XSecController::collectToVerify( const rtl::OUString& referenceId ) 244*cdf0e10cSrcweir { 245*cdf0e10cSrcweir /* DBG_ASSERT( m_xSAXEventKeeper.is(), "the SAXEventKeeper is NULL" ); */ 246*cdf0e10cSrcweir 247*cdf0e10cSrcweir if ( m_nStatusOfSecurityComponents == INITIALIZED ) 248*cdf0e10cSrcweir /* 249*cdf0e10cSrcweir * if all security components are ready, verify the signature. 250*cdf0e10cSrcweir */ 251*cdf0e10cSrcweir { 252*cdf0e10cSrcweir bool bJustChainingOn = false; 253*cdf0e10cSrcweir cssu::Reference< cssxs::XDocumentHandler > xHandler = NULL; 254*cdf0e10cSrcweir 255*cdf0e10cSrcweir int i,j; 256*cdf0e10cSrcweir int sigNum = m_vInternalSignatureInformations.size(); 257*cdf0e10cSrcweir 258*cdf0e10cSrcweir for (i=0; i<sigNum; ++i) 259*cdf0e10cSrcweir { 260*cdf0e10cSrcweir InternalSignatureInformation& isi = m_vInternalSignatureInformations[i]; 261*cdf0e10cSrcweir SignatureReferenceInformations& vReferenceInfors = isi.signatureInfor.vSignatureReferenceInfors; 262*cdf0e10cSrcweir int refNum = vReferenceInfors.size(); 263*cdf0e10cSrcweir 264*cdf0e10cSrcweir for (j=0; j<refNum; ++j) 265*cdf0e10cSrcweir { 266*cdf0e10cSrcweir SignatureReferenceInformation &refInfor = vReferenceInfors[j]; 267*cdf0e10cSrcweir 268*cdf0e10cSrcweir if (refInfor.ouURI == referenceId) 269*cdf0e10cSrcweir { 270*cdf0e10cSrcweir if (chainOn(false)) 271*cdf0e10cSrcweir { 272*cdf0e10cSrcweir bJustChainingOn = true; 273*cdf0e10cSrcweir xHandler = m_xSAXEventKeeper->setNextHandler(NULL); 274*cdf0e10cSrcweir } 275*cdf0e10cSrcweir 276*cdf0e10cSrcweir sal_Int32 nKeeperId = m_xSAXEventKeeper->addSecurityElementCollector( 277*cdf0e10cSrcweir cssxc::sax::ElementMarkPriority_BEFOREMODIFY, sal_False ); 278*cdf0e10cSrcweir 279*cdf0e10cSrcweir cssu::Reference<cssxc::sax::XReferenceResolvedBroadcaster> xReferenceResolvedBroadcaster 280*cdf0e10cSrcweir (m_xSAXEventKeeper, 281*cdf0e10cSrcweir cssu::UNO_QUERY ); 282*cdf0e10cSrcweir 283*cdf0e10cSrcweir cssu::Reference<cssxc::sax::XReferenceCollector> xReferenceCollector 284*cdf0e10cSrcweir ( isi.xReferenceResolvedListener, cssu::UNO_QUERY ); 285*cdf0e10cSrcweir 286*cdf0e10cSrcweir m_xSAXEventKeeper->setSecurityId(nKeeperId, isi.signatureInfor.nSecurityId); 287*cdf0e10cSrcweir xReferenceResolvedBroadcaster->addReferenceResolvedListener( nKeeperId, isi.xReferenceResolvedListener); 288*cdf0e10cSrcweir xReferenceCollector->setReferenceId( nKeeperId ); 289*cdf0e10cSrcweir 290*cdf0e10cSrcweir isi.vKeeperIds[j] = nKeeperId; 291*cdf0e10cSrcweir break; 292*cdf0e10cSrcweir } 293*cdf0e10cSrcweir } 294*cdf0e10cSrcweir } 295*cdf0e10cSrcweir 296*cdf0e10cSrcweir if ( bJustChainingOn ) 297*cdf0e10cSrcweir { 298*cdf0e10cSrcweir cssu::Reference< cssxs::XDocumentHandler > xSEKHandler(m_xSAXEventKeeper, cssu::UNO_QUERY); 299*cdf0e10cSrcweir if (m_xElementStackKeeper.is()) 300*cdf0e10cSrcweir { 301*cdf0e10cSrcweir m_xElementStackKeeper->retrieve(xSEKHandler, sal_True); 302*cdf0e10cSrcweir } 303*cdf0e10cSrcweir m_xSAXEventKeeper->setNextHandler(xHandler); 304*cdf0e10cSrcweir } 305*cdf0e10cSrcweir } 306*cdf0e10cSrcweir } 307*cdf0e10cSrcweir 308*cdf0e10cSrcweir void XSecController::addSignature( sal_Int32 nSignatureId ) 309*cdf0e10cSrcweir { 310*cdf0e10cSrcweir DBG_ASSERT( m_pXSecParser != NULL, "No XSecParser initialized" ); 311*cdf0e10cSrcweir 312*cdf0e10cSrcweir m_nReservedSignatureId = nSignatureId; 313*cdf0e10cSrcweir m_bVerifyCurrentSignature = true; 314*cdf0e10cSrcweir } 315*cdf0e10cSrcweir 316*cdf0e10cSrcweir cssu::Reference< cssxs::XDocumentHandler > XSecController::createSignatureReader() 317*cdf0e10cSrcweir { 318*cdf0e10cSrcweir m_pXSecParser = new XSecParser( this, NULL ); 319*cdf0e10cSrcweir cssu::Reference< cssl::XInitialization > xInitialization = m_pXSecParser; 320*cdf0e10cSrcweir 321*cdf0e10cSrcweir setSAXChainConnector(xInitialization, NULL, NULL); 322*cdf0e10cSrcweir 323*cdf0e10cSrcweir return m_pXSecParser; 324*cdf0e10cSrcweir } 325*cdf0e10cSrcweir 326*cdf0e10cSrcweir void XSecController::releaseSignatureReader() 327*cdf0e10cSrcweir { 328*cdf0e10cSrcweir clearSAXChainConnector( ); 329*cdf0e10cSrcweir m_pXSecParser = NULL; 330*cdf0e10cSrcweir } 331*cdf0e10cSrcweir 332