1 /*************************************************************************
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
5 * Copyright 2000, 2010 Oracle and/or its affiliates.
7 * OpenOffice.org - a multi-platform office productivity suite
9 * This file is part of OpenOffice.org.
11 * OpenOffice.org is free software: you can redistribute it and/or modify
12 * it under the terms of the GNU Lesser General Public License version 3
13 * only, as published by the Free Software Foundation.
15 * OpenOffice.org is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU Lesser General Public License version 3 for more details
19 * (a copy is included in the LICENSE file that accompanied this code).
21 * You should have received a copy of the GNU Lesser General Public License
22 * version 3 along with OpenOffice.org. If not, see
23 * <http://www.openoffice.org/license.html>
24 * for a copy of the LGPLv3 License.
26 ************************************************************************/
28 // MARKER(update_precomp.py): autogen include statement, do not remove
30 #include "precompiled_xmlsecurity.hxx"
32 #include <documentdigitalsignatures.hxx>
33 #include <xmlsecurity/digitalsignaturesdialog.hxx>
34 #include <xmlsecurity/certificateviewer.hxx>
35 #include <xmlsecurity/macrosecurity.hxx>
36 #include <xmlsecurity/biginteger.hxx>
37 #include <xmlsecurity/global.hrc>
39 #include <xmloff/xmluconv.hxx>
41 #include <../dialogs/resourcemanager.hxx>
42 #include <com/sun/star/embed/XStorage.hpp>
43 #include <com/sun/star/embed/XTransactedObject.hpp>
44 #include <com/sun/star/embed/ElementModes.hpp>
45 #include <com/sun/star/ucb/XContent.hpp>
46 #include <com/sun/star/ucb/XContentProvider.hpp>
47 #include <com/sun/star/ucb/XContentIdentifierFactory.hpp>
48 #include <com/sun/star/ucb/XCommandEnvironment.hpp>
49 #include <com/sun/star/ucb/XCommandProcessor.hpp>
50 #include <com/sun/star/ucb/Command.hpp>
51 #include <tools/urlobj.hxx>
52 #include <vcl/msgbox.hxx>
53 #include <unotools/securityoptions.hxx>
54 #include <com/sun/star/security/CertificateValidity.hpp>
55 #include <com/sun/star/security/SerialNumberAdapter.hpp>
56 #include <ucbhelper/contentbroker.hxx>
57 #include <unotools/ucbhelper.hxx>
58 #include <comphelper/componentcontext.hxx>
59 #include "comphelper/documentconstants.hxx"
61 #include "com/sun/star/lang/IllegalArgumentException.hpp"
66 using namespace ::com::sun::star
;
67 using namespace ::com::sun::star::uno
;
68 namespace css
= ::com::sun::star
;
70 #define OUSTR(x) ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM(x) )
72 DocumentDigitalSignatures::DocumentDigitalSignatures( const Reference
< XComponentContext
>& rxCtx
):
74 m_sODFVersion(ODFVER_012_TEXT
),
76 m_bHasDocumentSignature(false)
80 void DocumentDigitalSignatures::initialize( const Sequence
< Any
>& aArguments
)
81 throw (css::uno::Exception
, css::uno::RuntimeException
)
83 if (aArguments
.getLength() == 0 || aArguments
.getLength() > 2)
84 throw css::lang::IllegalArgumentException(
85 OUSTR("DocumentDigitalSignatures::initialize requires one or two arguments"),
86 Reference
<XInterface
>(static_cast<XInitialization
*>(this), UNO_QUERY
), 0);
88 m_nArgumentsCount
= aArguments
.getLength();
90 if (!(aArguments
[0] >>= m_sODFVersion
))
91 throw css::lang::IllegalArgumentException(
92 OUSTR("DocumentDigitalSignatures::initialize: the first arguments must be a string"),
93 Reference
<XInterface
>(static_cast<XInitialization
*>(this), UNO_QUERY
), 0);
95 if (aArguments
.getLength() == 2
96 && !(aArguments
[1] >>= m_bHasDocumentSignature
))
97 throw css::lang::IllegalArgumentException(
98 OUSTR("DocumentDigitalSignatures::initialize: the second arguments must be a bool"),
99 Reference
<XInterface
>(static_cast<XInitialization
*>(this), UNO_QUERY
), 1);
101 //the Version is supported as of ODF1.2, so for and 1.1 document or older we will receive the
102 //an empty string. In this case we set it to ODFVER_010_TEXT. Then we can later check easily
103 //if initialize was called. Only then m_sODFVersion.getLength() is greater than 0
104 if (m_sODFVersion
.getLength() == 0)
105 m_sODFVersion
= ODFVER_010_TEXT
;
108 sal_Bool
DocumentDigitalSignatures::signDocumentContent(
109 const Reference
< css::embed::XStorage
>& rxStorage
,
110 const Reference
< css::io::XStream
>& xSignStream
)
111 throw (RuntimeException
)
113 OSL_ENSURE(m_sODFVersion
.getLength(), "DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
114 return ImplViewSignatures( rxStorage
, xSignStream
, SignatureModeDocumentContent
, false );
117 Sequence
< css::security::DocumentSignatureInformation
>
118 DocumentDigitalSignatures::verifyDocumentContentSignatures(
119 const Reference
< css::embed::XStorage
>& rxStorage
,
120 const Reference
< css::io::XInputStream
>& xSignInStream
) throw (RuntimeException
)
122 OSL_ENSURE(m_sODFVersion
.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
123 return ImplVerifySignatures( rxStorage
, xSignInStream
, SignatureModeDocumentContent
);
126 void DocumentDigitalSignatures::showDocumentContentSignatures(
127 const Reference
< css::embed::XStorage
>& rxStorage
,
128 const Reference
< css::io::XInputStream
>& xSignInStream
) throw (RuntimeException
)
130 OSL_ENSURE(m_sODFVersion
.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
131 ImplViewSignatures( rxStorage
, xSignInStream
, SignatureModeDocumentContent
, true );
134 ::rtl::OUString
DocumentDigitalSignatures::getDocumentContentSignatureDefaultStreamName()
135 throw (css::uno::RuntimeException
)
137 return DocumentSignatureHelper::GetDocumentContentSignatureDefaultStreamName();
140 sal_Bool
DocumentDigitalSignatures::signScriptingContent(
141 const Reference
< css::embed::XStorage
>& rxStorage
,
142 const Reference
< css::io::XStream
>& xSignStream
) throw (RuntimeException
)
144 OSL_ENSURE(m_sODFVersion
.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
145 OSL_ENSURE(m_nArgumentsCount
== 2, "DocumentDigitalSignatures: Service was not initialized properly");
146 return ImplViewSignatures( rxStorage
, xSignStream
, SignatureModeMacros
, false );
149 Sequence
< css::security::DocumentSignatureInformation
>
150 DocumentDigitalSignatures::verifyScriptingContentSignatures(
151 const Reference
< css::embed::XStorage
>& rxStorage
,
152 const Reference
< css::io::XInputStream
>& xSignInStream
) throw (RuntimeException
)
154 OSL_ENSURE(m_sODFVersion
.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
155 return ImplVerifySignatures( rxStorage
, xSignInStream
, SignatureModeMacros
);
158 void DocumentDigitalSignatures::showScriptingContentSignatures(
159 const Reference
< css::embed::XStorage
>& rxStorage
,
160 const Reference
< css::io::XInputStream
>& xSignInStream
) throw (RuntimeException
)
162 OSL_ENSURE(m_sODFVersion
.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
163 ImplViewSignatures( rxStorage
, xSignInStream
, SignatureModeMacros
, true );
166 ::rtl::OUString
DocumentDigitalSignatures::getScriptingContentSignatureDefaultStreamName()
167 throw (css::uno::RuntimeException
)
169 return DocumentSignatureHelper::GetScriptingContentSignatureDefaultStreamName();
173 sal_Bool
DocumentDigitalSignatures::signPackage(
174 const Reference
< css::embed::XStorage
>& rxStorage
,
175 const Reference
< css::io::XStream
>& xSignStream
) throw (RuntimeException
)
177 OSL_ENSURE(m_sODFVersion
.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
178 return ImplViewSignatures( rxStorage
, xSignStream
, SignatureModePackage
, false );
181 Sequence
< css::security::DocumentSignatureInformation
>
182 DocumentDigitalSignatures::verifyPackageSignatures(
183 const Reference
< css::embed::XStorage
>& rxStorage
,
184 const Reference
< css::io::XInputStream
>& xSignInStream
) throw (RuntimeException
)
186 OSL_ENSURE(m_sODFVersion
.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
187 return ImplVerifySignatures( rxStorage
, xSignInStream
, SignatureModePackage
);
190 void DocumentDigitalSignatures::showPackageSignatures(
191 const Reference
< css::embed::XStorage
>& rxStorage
,
192 const Reference
< css::io::XInputStream
>& xSignInStream
) throw (RuntimeException
)
194 OSL_ENSURE(m_sODFVersion
.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
195 ImplViewSignatures( rxStorage
, xSignInStream
, SignatureModePackage
, true );
198 ::rtl::OUString
DocumentDigitalSignatures::getPackageSignatureDefaultStreamName( )
199 throw (::com::sun::star::uno::RuntimeException
)
201 return DocumentSignatureHelper::GetPackageSignatureDefaultStreamName();
205 sal_Bool
DocumentDigitalSignatures::ImplViewSignatures(
206 const Reference
< css::embed::XStorage
>& rxStorage
,
207 const Reference
< css::io::XInputStream
>& xSignStream
,
208 DocumentSignatureMode eMode
, bool bReadOnly
) throw (RuntimeException
)
210 Reference
< io::XStream
> xStream
;
211 if ( xSignStream
.is() )
212 xStream
= Reference
< io::XStream
>( xSignStream
, UNO_QUERY
);
213 return ImplViewSignatures( rxStorage
, xStream
, eMode
, bReadOnly
);
216 sal_Bool
DocumentDigitalSignatures::ImplViewSignatures(
217 const Reference
< css::embed::XStorage
>& rxStorage
, const Reference
< css::io::XStream
>& xSignStream
,
218 DocumentSignatureMode eMode
, bool bReadOnly
) throw (RuntimeException
)
220 sal_Bool bChanges
= sal_False
;
221 DigitalSignaturesDialog
aSignaturesDialog(
222 NULL
, mxCtx
, eMode
, bReadOnly
, m_sODFVersion
, m_bHasDocumentSignature
);
223 bool bInit
= aSignaturesDialog
.Init( rtl::OUString() );
224 DBG_ASSERT( bInit
, "Error initializing security context!" );
227 aSignaturesDialog
.SetStorage( rxStorage
);
228 aSignaturesDialog
.SetSignatureStream( xSignStream
);
229 if ( aSignaturesDialog
.Execute() )
231 if ( aSignaturesDialog
.SignaturesChanged() )
234 // If we have a storage and no stream, we are responsible for commit
235 if ( rxStorage
.is() && !xSignStream
.is() )
237 uno::Reference
< embed::XTransactedObject
> xTrans( rxStorage
, uno::UNO_QUERY
);
245 WarningBox
aBox( NULL
, XMLSEC_RES( RID_XMLSECWB_NO_MOZILLA_PROFILE
) );
252 Sequence
< css::security::DocumentSignatureInformation
>
253 DocumentDigitalSignatures::ImplVerifySignatures(
254 const Reference
< css::embed::XStorage
>& rxStorage
,
255 const Reference
< css::io::XInputStream
>& xSignStream
, DocumentSignatureMode eMode
) throw (RuntimeException
)
259 DBG_ASSERT(0, "Error, no XStorage provided");
260 return Sequence
<css::security::DocumentSignatureInformation
>();
262 // First check for the InputStream, to avoid unnecessary initialization of the security environemnt...
263 SignatureStreamHelper aStreamHelper
;
264 Reference
< io::XInputStream
> xInputStream
= xSignStream
;
266 if ( !xInputStream
.is() )
268 aStreamHelper
= DocumentSignatureHelper::OpenSignatureStream( rxStorage
, embed::ElementModes::READ
, eMode
);
269 if ( aStreamHelper
.xSignatureStream
.is() )
270 xInputStream
= Reference
< io::XInputStream
>( aStreamHelper
.xSignatureStream
, UNO_QUERY
);
273 if ( !xInputStream
.is() )
274 return Sequence
< ::com::sun::star::security::DocumentSignatureInformation
>(0);
277 XMLSignatureHelper
aSignatureHelper( mxCtx
);
279 bool bInit
= aSignatureHelper
.Init( rtl::OUString() );
281 DBG_ASSERT( bInit
, "Error initializing security context!" );
284 return Sequence
< ::com::sun::star::security::DocumentSignatureInformation
>(0);
286 aSignatureHelper
.SetStorage(rxStorage
, m_sODFVersion
);
288 aSignatureHelper
.StartMission();
290 aSignatureHelper
.ReadAndVerifySignature( xInputStream
);
292 aSignatureHelper
.EndMission();
294 Reference
< ::com::sun::star::xml::crypto::XSecurityEnvironment
> xSecEnv
= aSignatureHelper
.GetSecurityEnvironment();
296 SignatureInformations aSignInfos
= aSignatureHelper
.GetSignatureInformations();
297 int nInfos
= aSignInfos
.size();
298 Sequence
< css::security::DocumentSignatureInformation
> aInfos(nInfos
);
299 css::security::DocumentSignatureInformation
* arInfos
= aInfos
.getArray();
303 Reference
<security::XSerialNumberAdapter
> xSerialNumberAdapter
=
304 ::com::sun::star::security::SerialNumberAdapter::create(mxCtx
);
306 for( int n
= 0; n
< nInfos
; ++n
)
308 DocumentSignatureAlgorithm mode
= DocumentSignatureHelper::getDocumentAlgorithm(
309 m_sODFVersion
, aSignInfos
[n
]);
310 const std::vector
< rtl::OUString
> aElementsToBeVerified
=
311 DocumentSignatureHelper::CreateElementList(
312 rxStorage
, ::rtl::OUString(), eMode
, mode
);
314 const SignatureInformation
& rInfo
= aSignInfos
[n
];
315 css::security::DocumentSignatureInformation
& rSigInfo
= arInfos
[n
];
317 if (rInfo
.ouX509Certificate
.getLength())
318 rSigInfo
.Signer
= xSecEnv
->createCertificateFromAscii( rInfo
.ouX509Certificate
) ;
319 if (!rSigInfo
.Signer
.is())
320 rSigInfo
.Signer
= xSecEnv
->getCertificate( rInfo
.ouX509IssuerName
, xSerialNumberAdapter
->toSequence( rInfo
.ouX509SerialNumber
) );
322 // --> PB 2004-12-14 #i38744# time support again
323 Date
aDate( rInfo
.stDateTime
.Day
, rInfo
.stDateTime
.Month
, rInfo
.stDateTime
.Year
);
324 Time
aTime( rInfo
.stDateTime
.Hours
, rInfo
.stDateTime
.Minutes
,
325 rInfo
.stDateTime
.Seconds
, rInfo
.stDateTime
.HundredthSeconds
);
326 rSigInfo
.SignatureDate
= aDate
.GetDate();
327 rSigInfo
.SignatureTime
= aTime
.GetTime();
329 // Verify certificate
330 //We have patched our version of libxmlsec, so that it does not verify the certificates. This has two
331 //reasons. First we want two separate status for signature and certificate. Second libxmlsec calls
332 //CERT_VerifyCertificate (solaris, linux) falsly, so that it always regards the certificate as valid.
333 //On Window the checking of the certificate path is buggy. It does name matching (issuer, subject name)
334 //to find the parent certificate. It does not take into account that there can be several certificates
335 //with the same subject name.
336 if (rSigInfo
.Signer
.is())
339 rSigInfo
.CertificateStatus
= xSecEnv
->verifyCertificate(rSigInfo
.Signer
,
340 Sequence
<Reference
<css::security::XCertificate
> >());
341 } catch (SecurityException
& ) {
342 OSL_ENSURE(0, "Verification of certificate failed");
343 rSigInfo
.CertificateStatus
= css::security::CertificateValidity::INVALID
;
348 //We should always be aible to get the certificates because it is contained in the document,
349 //unless the document is damaged so that signature xml file could not be parsed.
350 rSigInfo
.CertificateStatus
= css::security::CertificateValidity::INVALID
;
353 rSigInfo
.SignatureIsValid
= ( rInfo
.nStatus
== ::com::sun::star::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED
);
356 if ( rSigInfo
.SignatureIsValid
)
358 rSigInfo
.SignatureIsValid
=
359 DocumentSignatureHelper::checkIfAllFilesAreSigned(
360 aElementsToBeVerified
, rInfo
, mode
);
362 if (eMode
== SignatureModeDocumentContent
)
363 rSigInfo
.PartialDocumentSignature
=
364 ! DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos
[n
]);
372 void DocumentDigitalSignatures::manageTrustedSources( ) throw (RuntimeException
)
375 // SecEnv is only needed to display certificate information from trusted sources.
376 // Macro Security also has some options where no security environment is needed, so raise dialog anyway.
377 // Later I should change the code so the Dialog creates the SecEnv on demand...
379 Reference
< dcss::xml::crypto::XSecurityEnvironment
> xSecEnv
;
381 XMLSignatureHelper
aSignatureHelper( mxCtx
);
382 if ( aSignatureHelper
.Init( rtl::OUString() ) )
383 xSecEnv
= aSignatureHelper
.GetSecurityEnvironment();
385 MacroSecurity
aDlg( NULL
, mxCtx
, xSecEnv
);
389 void DocumentDigitalSignatures::showCertificate(
390 const Reference
< css::security::XCertificate
>& _Certificate
) throw (RuntimeException
)
392 XMLSignatureHelper
aSignatureHelper( mxCtx
);
394 bool bInit
= aSignatureHelper
.Init( rtl::OUString() );
396 DBG_ASSERT( bInit
, "Error initializing security context!" );
400 CertificateViewer
aViewer( NULL
, aSignatureHelper
.GetSecurityEnvironment(), _Certificate
, FALSE
);
406 ::sal_Bool
DocumentDigitalSignatures::isAuthorTrusted(
407 const Reference
< css::security::XCertificate
>& Author
) throw (RuntimeException
)
409 sal_Bool bFound
= sal_False
;
411 Reference
<security::XSerialNumberAdapter
> xSerialNumberAdapter
=
412 ::com::sun::star::security::SerialNumberAdapter::create(mxCtx
);
414 ::rtl::OUString sSerialNum
= xSerialNumberAdapter
->toString( Author
->getSerialNumber() );
416 Sequence
< SvtSecurityOptions::Certificate
> aTrustedAuthors
= SvtSecurityOptions().GetTrustedAuthors();
417 const SvtSecurityOptions::Certificate
* pAuthors
= aTrustedAuthors
.getConstArray();
418 const SvtSecurityOptions::Certificate
* pAuthorsEnd
= pAuthors
+ aTrustedAuthors
.getLength();
419 for ( ; pAuthors
!= pAuthorsEnd
; ++pAuthors
)
421 SvtSecurityOptions::Certificate aAuthor
= *pAuthors
;
422 if ( ( aAuthor
[0] == Author
->getIssuerName() ) && ( aAuthor
[1] == sSerialNum
) )
432 ::sal_Bool
DocumentDigitalSignatures::isLocationTrusted( const ::rtl::OUString
& Location
) throw (RuntimeException
)
434 sal_Bool bFound
= sal_False
;
435 INetURLObject
aLocObj( Location
);
436 INetURLObject
aLocObjLowCase( Location
.toAsciiLowerCase() ); // will be used for case insensitive comparing
438 ::com::sun::star::uno::Reference
< ::com::sun::star::ucb::XContentProvider
> xContentProvider
;
439 ::ucbhelper::ContentBroker
* pBroker
= NULL
;
442 //if ( aLocObj.GetProtocol() == INET_PROT_FILE && ( pBroker = ::ucbhelper::ContentBroker::get() ) )
443 // xContentProvider = pBroker->getContentProviderInterface();
444 if ( aLocObj
.GetProtocol() == INET_PROT_FILE
)
446 pBroker
= ::ucbhelper::ContentBroker::get();
448 xContentProvider
= pBroker
->getContentProviderInterface();
451 Sequence
< ::rtl::OUString
> aSecURLs
= SvtSecurityOptions().GetSecureURLs();
452 const ::rtl::OUString
* pSecURLs
= aSecURLs
.getConstArray();
453 const ::rtl::OUString
* pSecURLsEnd
= pSecURLs
+ aSecURLs
.getLength();
454 for ( ; pSecURLs
!= pSecURLsEnd
&& !bFound
; ++pSecURLs
)
455 bFound
= ::utl::UCBContentHelper::IsSubPath( *pSecURLs
, Location
, xContentProvider
);
460 void DocumentDigitalSignatures::addAuthorToTrustedSources(
461 const Reference
< css::security::XCertificate
>& Author
) throw (RuntimeException
)
463 SvtSecurityOptions aSecOpts
;
465 Reference
<security::XSerialNumberAdapter
> xSerialNumberAdapter
=
466 ::com::sun::star::security::SerialNumberAdapter::create(mxCtx
);
468 SvtSecurityOptions::Certificate
aNewCert( 3 );
469 aNewCert
[ 0 ] = Author
->getIssuerName();
470 aNewCert
[ 1 ] = xSerialNumberAdapter
->toString( Author
->getSerialNumber() );
472 rtl::OUStringBuffer aStrBuffer
;
473 SvXMLUnitConverter::encodeBase64(aStrBuffer
, Author
->getEncoded());
474 aNewCert
[ 2 ] = aStrBuffer
.makeStringAndClear();
477 Sequence
< SvtSecurityOptions::Certificate
> aTrustedAuthors
= aSecOpts
.GetTrustedAuthors();
478 sal_Int32 nCnt
= aTrustedAuthors
.getLength();
479 aTrustedAuthors
.realloc( nCnt
+ 1 );
480 aTrustedAuthors
[ nCnt
] = aNewCert
;
482 aSecOpts
.SetTrustedAuthors( aTrustedAuthors
);
485 void DocumentDigitalSignatures::addLocationToTrustedSources( const ::rtl::OUString
& Location
) throw (RuntimeException
)
487 SvtSecurityOptions aSecOpt
;
489 Sequence
< ::rtl::OUString
> aSecURLs
= aSecOpt
.GetSecureURLs();
490 sal_Int32 nCnt
= aSecURLs
.getLength();
491 aSecURLs
.realloc( nCnt
+ 1 );
492 aSecURLs
[ nCnt
] = Location
;
494 aSecOpt
.SetSecureURLs( aSecURLs
);
497 rtl::OUString
DocumentDigitalSignatures::GetImplementationName() throw (RuntimeException
)
499 return rtl::OUString ( RTL_CONSTASCII_USTRINGPARAM ( "com.sun.star.security.DocumentDigitalSignatures" ) );
502 Sequence
< rtl::OUString
> DocumentDigitalSignatures::GetSupportedServiceNames() throw (cssu::RuntimeException
)
504 Sequence
< rtl::OUString
> aRet(1);
505 rtl::OUString
* pArray
= aRet
.getArray();
506 pArray
[0] = rtl::OUString( RTL_CONSTASCII_USTRINGPARAM ( "com.sun.star.security.DocumentDigitalSignatures" ) );
511 Reference
< XInterface
> DocumentDigitalSignatures_CreateInstance(
512 const Reference
< XComponentContext
>& rCtx
) throw ( Exception
)
514 return (cppu::OWeakObject
*) new DocumentDigitalSignatures( rCtx
);
