xmlsecurity/source/helper/xsecctl.hxx

   1 /*************************************************************************
   2  *
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * Copyright 2000, 2010 Oracle and/or its affiliates.
   6  *
   7  * OpenOffice.org - a multi-platform office productivity suite
   8  *
   9  * This file is part of OpenOffice.org.
  10  *
  11  * OpenOffice.org is free software: you can redistribute it and/or modify
  12  * it under the terms of the GNU Lesser General Public License version 3
  13  * only, as published by the Free Software Foundation.
  14  *
  15  * OpenOffice.org is distributed in the hope that it will be useful,
  16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18  * GNU Lesser General Public License version 3 for more details
  19  * (a copy is included in the LICENSE file that accompanied this code).
  20  *
  21  * You should have received a copy of the GNU Lesser General Public License
  22  * version 3 along with OpenOffice.org.  If not, see
  23  * <http://www.openoffice.org/license.html>
  24  * for a copy of the LGPLv3 License.
  25  *
  26  ************************************************************************/
  27
  28 #ifndef _XSEC_CTL_HXX
  29 #define _XSEC_CTL_HXX
  30
  31 #include <xmlsecurity/sigstruct.hxx>
  32
  33 #include <com/sun/star/uno/XComponentContext.hpp>
  34 #include <com/sun/star/xml/sax/XParser.hpp>
  35 #include <com/sun/star/lang/XInitialization.hpp>
  36 #include <com/sun/star/xml/sax/XDocumentHandler.hpp>
  37 #include <com/sun/star/xml/sax/XAttributeList.hpp>
  38 #include <com/sun/star/xml/crypto/XXMLSignature.hpp>
  39 #include <com/sun/star/xml/crypto/XSEInitializer.hpp>
  40 #include <com/sun/star/xml/crypto/sax/XSecurityController.hpp>
  41 #include <com/sun/star/xml/crypto/sax/XElementStackKeeper.hpp>
  42 #include <com/sun/star/xml/crypto/sax/XSecuritySAXEventKeeper.hpp>
  43 #include <com/sun/star/xml/crypto/sax/XReferenceResolvedListener.hpp>
  44 #include <com/sun/star/xml/crypto/sax/XSAXEventKeeperStatusChangeListener.hpp>
  45 #include <com/sun/star/xml/crypto/sax/XSignatureCreationResultListener.hpp>
  46 #include <com/sun/star/xml/crypto/sax/XSignatureVerifyResultListener.hpp>
  47 #include <com/sun/star/xml/wrapper/XXMLDocumentWrapper.hpp>
  48 #include <com/sun/star/beans/XFastPropertySet.hpp>
  49 #include <com/sun/star/io/XOutputStream.hpp>
  50 #include <com/sun/star/io/XInputStream.hpp>
  51
  52 #include <rtl/ustrbuf.hxx>
  53
  54 #include <cppuhelper/implbase4.hxx>
  55
  56 #ifndef INCLUDED_VECTOR
  57 #include <vector>
  58 #define INCLUDED_VECTOR
  59 #endif
  60
  61 /*
  62  * all error information
  63  */
  64 #define ERROR_CANNOTCREATEXMLSECURITYCOMPONENT    "Can't create XML security components."
  65 #define ERROR_SAXEXCEPTIONDURINGCREATION          "A SAX exception is throwed during signature creation."
  66 #define ERROR_IOEXCEPTIONDURINGCREATION           "An IO exception is throwed during signature creation."
  67 #define ERROR_EXCEPTIONDURINGCREATION             "An exception is throwed during signature creation."
  68
  69 /*
  70  * all stringS in signature element
  71  */
  72 #define TAG_SIGNATURE           "Signature"
  73 #define TAG_SIGNEDINFO          "SignedInfo"
  74 #define TAG_CANONICALIZATIONMETHOD  "CanonicalizationMethod"
  75 #define TAG_SIGNATUREMETHOD     "SignatureMethod"
  76 #define TAG_REFERENCE           "Reference"
  77 #define TAG_TRANSFORMS          "Transforms"
  78 #define TAG_TRANSFORM           "Transform"
  79 #define TAG_DIGESTMETHOD        "DigestMethod"
  80 #define TAG_DIGESTVALUE         "DigestValue"
  81 #define TAG_SIGNATUREVALUE      "SignatureValue"
  82 #define TAG_KEYINFO         "KeyInfo"
  83 #define TAG_X509DATA            "X509Data"
  84 #define TAG_X509ISSUERSERIAL        "X509IssuerSerial"
  85 #define TAG_X509ISSUERNAME      "X509IssuerName"
  86 #define TAG_X509SERIALNUMBER        "X509SerialNumber"
  87 #define TAG_X509CERTIFICATE     "X509Certificate"
  88 #define TAG_OBJECT          "Object"
  89 #define TAG_SIGNATUREPROPERTIES     "SignatureProperties"
  90 #define TAG_SIGNATUREPROPERTY       "SignatureProperty"
  91 #define TAG_TIMESTAMP           "timestamp"
  92 #define TAG_DATE            "date"
  93 //#define TAG_TIME          "time"
  94
  95 #define ATTR_XMLNS          "xmlns"
  96 #define ATTR_ALGORITHM          "Algorithm"
  97 #define ATTR_URI            "URI"
  98 #define ATTR_ID             "Id"
  99 #define ATTR_TARGET         "Target"
 100
 101 #define NSTAG_DC            "dc"
 102
 103 #define NS_XMLDSIG          "http://www.w3.org/2000/09/xmldsig#"
 104 //#define NS_DATETIME           "http://www.ietf.org/rfcXXXX.txt"
 105 #define NS_DC               "http://purl.org/dc/elements/1.1/"
 106
 107 #define ALGO_C14N           "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
 108 #define ALGO_RSASHA1            "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
 109 #define ALGO_XMLDSIGSHA1        "http://www.w3.org/2000/09/xmldsig#sha1"
 110
 111 #define CHAR_FRAGMENT           "#"
 112 #define CHAR_BLANK          " "
 113
 114
 115 /*
 116  * status of security related components
 117  */
 118 #define UNINITIALIZED     0
 119 #define INITIALIZED       1
 120 #define FAILTOINITIALIZED 2
 121
 122 #define RTL_ASCII_USTRINGPARAM( asciiStr ) asciiStr, strlen( asciiStr ), RTL_TEXTENCODING_ASCII_US
 123
 124 // forward declaration
 125 class XSecParser;
 126
 127 class InternalSignatureInformation
 128 {
 129 public:
 130     SignatureInformation signatureInfor;
 131
 132     com::sun::star::uno::Reference<
 133         com::sun::star::xml::crypto::sax::XReferenceResolvedListener >
 134         xReferenceResolvedListener;
 135
 136     ::std::vector< sal_Int32 > vKeeperIds;
 137
 138     InternalSignatureInformation(
 139         sal_Int32 nId,
 140         com::sun::star::uno::Reference< com::sun::star::xml::crypto::sax::XReferenceResolvedListener >
 141             xListener)
 142         :signatureInfor(nId)
 143     {
 144         xReferenceResolvedListener = xListener;
 145     }
 146
 147     void addReference( sal_Int32 type, rtl::OUString uri, sal_Int32 keeperId )
 148     {
 149         signatureInfor.vSignatureReferenceInfors.push_back(
 150                 SignatureReferenceInformation(type, uri));
 151         vKeeperIds.push_back( keeperId );
 152     }
 153 };
 154
 155 typedef ::std::vector< InternalSignatureInformation > InternalSignatureInformations;
 156
 157 class XSecController : public cppu::WeakImplHelper4
 158 <
 159     com::sun::star::xml::crypto::sax::XSecurityController,
 160     //com::sun::star::beans::XFastPropertySet,
 161     com::sun::star::xml::crypto::sax::XSAXEventKeeperStatusChangeListener,
 162     com::sun::star::xml::crypto::sax::XSignatureCreationResultListener,
 163     com::sun::star::xml::crypto::sax::XSignatureVerifyResultListener
 164 >
 165 /****** XSecController.hxx/CLASS XSecController *******************************
 166  *
 167  *   NAME
 168  *  XSecController -- the xml security framework controller
 169  *
 170  *   FUNCTION
 171  *  Controlls the whole xml security framework to create signatures or to
 172  *  verify signatures.
 173  *
 174  *   HISTORY
 175  *  05.01.2004 -    Interface supported: XSecurityController,
 176  *          XFastPropertySet, XSAXEventKeeperStatusChangeListener,
 177  *                  XSignatureCreationResultListener,
 178  *                  XSignatureVerifyResultListener
 179  *
 180  *   NOTES
 181  *  The XFastPropertySet interface is used to transfer common values to
 182  *  classes in other module, for instance, the signature id for all
 183  *  sessions is transferred to xmloff module through this interface.
 184  *
 185  *   AUTHOR
 186  *  Michael Mi
 187  *  Email: michael.mi@sun.com
 188  ******************************************************************************/
 189 {
 190     friend class XSecParser;
 191
 192 private:
 193     com::sun::star::uno::Reference< com::sun::star::uno::XComponentContext> mxCtx;
 194
 195     /*
 196      * used to buffer SAX events
 197      */
 198     com::sun::star::uno::Reference<
 199         com::sun::star::xml::wrapper::XXMLDocumentWrapper > m_xXMLDocumentWrapper;
 200
 201     /*
 202      * the SAX events keeper
 203      */
 204     com::sun::star::uno::Reference<
 205         com::sun::star::xml::crypto::sax::XSecuritySAXEventKeeper > m_xSAXEventKeeper;
 206
 207     /*
 208      * the bridge component which creates/verifies signature
 209      */
 210     com::sun::star::uno::Reference<
 211         com::sun::star::xml::crypto::XXMLSignature > m_xXMLSignature;
 212
 213     /*
 214      * the Security Context
 215      */
 216     com::sun::star::uno::Reference<
 217         com::sun::star::xml::crypto::XXMLSecurityContext > m_xSecurityContext;
 218
 219 #if 0
 220     /*
 221      * the signature creation result listener
 222      */
 223     com::sun::star::uno::Reference<
 224         com::sun::star::xml::crypto::sax::XSignatureCreationResultListener > m_xSignatureCreationResultListener;
 225     /*
 226      * the signature verify result listener
 227      */
 228     com::sun::star::uno::Reference<
 229         com::sun::star::xml::crypto::sax::XSignatureVerifyResultListener > m_xSignatureVerifyResultListener;
 230 #endif
 231
 232     /*
 233      * the security id incrementer, in order to make any security id unique
 234      * to the SAXEventKeeper.
 235      * Because each XSecController has its own SAXEventKeeper, so this variable
 236      * is not necessary to be static.
 237      */
 238     sal_Int32 m_nNextSecurityId;
 239
 240     /*
 241      * Signature information
 242      */
 243     InternalSignatureInformations m_vInternalSignatureInformations;
 244
 245     /*
 246      * the previous node on the SAX chain.
 247      * The reason that use a Reference<XInterface> type variable
 248      * is that the previous components are different when exporting
 249      * and importing, and there is no other common interface they
 250      * can provided.
 251      */
 252     com::sun::star::uno::Reference<
 253         com::sun::star::uno::XInterface > m_xPreviousNodeOnSAXChain;
 254     /*
 255      * whether the preivous node can provide an XInitiazlize interface,
 256      * use this variable in order to typecast the XInterface to the
 257      * correct interface type.
 258      */
 259     bool m_bIsPreviousNodeInitializable;
 260
 261     /*
 262      * the next node on the SAX chain.
 263      * it can always provide an XDocumentHandler interface.
 264      */
 265     com::sun::star::uno::Reference<
 266         com::sun::star::xml::sax::XDocumentHandler > m_xNextNodeOnSAXChain;
 267
 268     /*
 269      * the ElementStackKeeper is used to reserve the key SAX events.
 270      * when the SAXEventKeeper is chained on the SAX chain, it need
 271      * first get all missed key SAX events in order to make sure the
 272      * DOM tree it buffering has the same structure with the original
 273      * document.
 274      *
 275      * For a given section of a SAX event stream, the key SAX events
 276      * are the minimal SAX event subset of that section, which,
 277      * combining with SAX events outside of this section, has the same
 278      * structure with the original document.
 279      *
 280      * For example, sees the following dom fragment:
 281      *     <A>
 282      *      <B/>
 283      *      <C>
 284      *       <D>
 285      *        <E/>
 286      *       </D>
 287      *      </C>
 288      *     </A>
 289      *
 290      * If we consider the SAX event section from startElement(<A>) to
 291      * startElement(<D>), then the key SAX events are:
 292      *
 293      *    startElement(<A>), startElement(<C>), startElement(<D>)
 294      *
 295      * The startElement(<B>) and endElement(<B>) is ignored, because
 296      * they are unimportant for the tree structure in this section.
 297      *
 298      * If we consider the SAX event section from startElement(<D>) to
 299      * endElement(<A>), the key SAX events are:
 300      *
 301      *    startElement(<D>), endElement(<D>), endElement(<C>),
 302      *    endElement(<A>).
 303      */
 304     com::sun::star::uno::Reference<
 305         com::sun::star::xml::crypto::sax::XElementStackKeeper > m_xElementStackKeeper;
 306
 307     /*
 308      * a flag representing whether the SAXEventKeeper is now on the
 309      * SAX chain.
 310      */
 311     bool m_bIsSAXEventKeeperConnected;
 312
 313     /*
 314      * a flag representing whether it is collecting some element,
 315      * which means that the SAXEventKeeper can't be chained off the
 316      * SAX chain.
 317      */
 318     bool m_bIsCollectingElement;
 319
 320     /*
 321      * a flag representing whether the SAX event stream is blocking,
 322      * which also means that the SAXEventKeeper can't be chained off
 323      * the SAX chain.
 324      */
 325     bool m_bIsBlocking;
 326
 327     /*
 328      * a flag representing the current status of security related
 329      * components.
 330      */
 331     sal_Int32 m_nStatusOfSecurityComponents;
 332
 333     /*
 334      * a flag representing whether the SAXEventKeeper need to be
 335      * on the SAX chain all the time.
 336      * This flag is used to the situation when creating signature.
 337      */
 338     bool m_bIsSAXEventKeeperSticky;
 339
 340     /*
 341      * fast property vector
 342      */
 343     std::vector< sal_Int32 > m_vFastPropertyIndexs;
 344     std::vector< com::sun::star::uno::Any > m_vFastPropertyValues;
 345
 346     /*
 347       * error message pointer
 348       */
 349     const char *m_pErrorMessage;
 350
 351     /*
 352      * the XSecParser which is used to parse the signature stream
 353      */
 354     XSecParser *m_pXSecParser;
 355
 356     /*
 357      * the caller assigned signature id for the next signature in the
 358      * signature stream
 359      */
 360     sal_Int32 m_nReservedSignatureId;
 361
 362     /*
 363      * representing whether to verify the current signature
 364      */
 365     bool m_bVerifyCurrentSignature;
 366 public:
 367     /*
 368      * An xUriBinding is provided to map Uris to XInputStream interfaces.
 369      */
 370     com::sun::star::uno::Reference<
 371         com::sun::star::xml::crypto::XUriBinding > m_xUriBinding;
 372
 373 private:
 374
 375     /*
 376      * Common methods
 377      */
 378     sal_Bool convertNumber( sal_Int32& rValue, const rtl::OUString& rString, sal_Int32 nMin, sal_Int32 nMax );
 379     void convertDateTime( ::rtl::OUStringBuffer& rBuffer, const com::sun::star::util::DateTime& rDateTime );
 380     sal_Bool convertDateTime( com::sun::star::util::DateTime& rDateTime, const ::rtl::OUString& rString );
 381
 382     void createXSecComponent( );
 383     int findSignatureInfor( sal_Int32 nSecurityId ) const;
 384     bool chainOn( bool bRetrievingLastEvent );
 385     void chainOff();
 386     void checkChainingStatus();
 387     void initializeSAXChain();
 388
 389     com::sun::star::uno::Reference<
 390         com::sun::star::io::XInputStream > getObjectInputStream( const rtl::OUString& objectURL );
 391
 392         //sal_Int32 getFastPropertyIndex(sal_Int32 nHandle) const;
 393
 394     /*
 395      * For signature generation
 396      */
 397     rtl::OUString createId();
 398     com::sun::star::uno::Reference<
 399         com::sun::star::xml::crypto::sax::XReferenceResolvedListener > prepareSignatureToWrite(
 400         InternalSignatureInformation& signatureInfo );
 401
 402     /*
 403      * For signature verification
 404      */
 405     void addSignature();
 406     void addReference( const rtl::OUString& ouUri);
 407     void addStreamReference(
 408         const rtl::OUString& ouUri,
 409         bool isBinary );
 410     void setReferenceCount() const;
 411
 412     void setX509IssuerName( rtl::OUString& ouX509IssuerName );
 413     void setX509SerialNumber( rtl::OUString& ouX509SerialNumber );
 414     void setX509Certificate( rtl::OUString& ouX509Certificate );
 415     void setSignatureValue( rtl::OUString& ouSignatureValue );
 416     void setDigestValue( rtl::OUString& ouDigestValue );
 417
 418     void setDate( rtl::OUString& ouDate );
 419
 420     void setId( rtl::OUString& ouId );
 421     void setPropertyId( rtl::OUString& ouPropertyId );
 422
 423     com::sun::star::uno::Reference<
 424         com::sun::star::xml::crypto::sax::XReferenceResolvedListener > prepareSignatureToRead(
 425         sal_Int32 nSecurityId );
 426
 427 public:
 428     XSecController(const com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext>& rxCtx);
 429     ~XSecController();
 430
 431     sal_Int32 getNewSecurityId(  );
 432
 433     void startMission( const com::sun::star::uno::Reference<
 434         com::sun::star::xml::crypto::XUriBinding >& xUriBinding,
 435         const com::sun::star::uno::Reference<
 436             com::sun::star::xml::crypto::XXMLSecurityContext >& xSecurityContext );
 437
 438     void setSAXChainConnector(
 439         const com::sun::star::uno::Reference<
 440             com::sun::star::lang::XInitialization >& xInitialization,
 441         const com::sun::star::uno::Reference<
 442             com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler,
 443         const com::sun::star::uno::Reference<
 444             com::sun::star::xml::crypto::sax::XElementStackKeeper >& xElementStackKeeper);
 445
 446     void setSAXChainConnector(
 447         const com::sun::star::uno::Reference<
 448             com::sun::star::xml::sax::XParser >& xParser,
 449         const com::sun::star::uno::Reference<
 450             com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler,
 451         const com::sun::star::uno::Reference<
 452             com::sun::star::xml::crypto::sax::XElementStackKeeper >& xElementStackKeeper);
 453
 454     void clearSAXChainConnector();
 455     void endMission();
 456     const char* getErrorMessage();
 457
 458     SignatureInformation    getSignatureInformation( sal_Int32 nSecurityId ) const;
 459     SignatureInformations   getSignatureInformations() const;
 460
 461     void exportSignature(
 462         const com::sun::star::uno::Reference<
 463             com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler,
 464         const SignatureInformation& signatureInfo );
 465
 466
 467     /*
 468      * For signature generation
 469      */
 470     void collectToSign( sal_Int32 securityId, const rtl::OUString& referenceId );
 471     void signAStream( sal_Int32 securityId, const rtl::OUString& uri, const rtl::OUString& objectURL, sal_Bool isBinary);
 472
 473
 474     /** sets data that describes the certificate.
 475
 476         It is absolutely necessary that the parameter ouX509IssuerName is set. It contains
 477         the base64 encoded certificate, which is DER encoded. The XMLSec needs it to find
 478         the private key. Although issuer name and certificate should be sufficient to identify
 479         the certificate the implementation in XMLSec is broken, both for Windows and mozilla.
 480         The reason is that they use functions to find the certificate which take as parameter
 481         the DER encoded ASN.1 issuer name. The issuer name is a DName, where most attributes
 482         are of type DirectoryName, which is a choice of 5 string types. This information is
 483         not contained in the issuer string and while it is converted to the ASN.1 name the
 484         conversion function must assume a particular type, which is often wrong. For example,
 485         the Windows function CertStrToName will use a T.61 string if the string does not contain
 486         special characters. So if the certificate uses simple characters but encodes the
 487         issuer attributes in Utf8, then CertStrToName will use T.61. The resulting DER encoded
 488         ASN.1 name now contains different bytes which indicate the string type. The functions
 489         for finding the certificate apparently use memcmp - hence they fail to find the
 490         certificate.
 491      */
 492     void setX509Certificate(
 493         sal_Int32 nSecurityId,
 494         const rtl::OUString& ouX509IssuerName,
 495         const rtl::OUString& ouX509SerialNumber,
 496         const rtl::OUString& ouX509Cert);
 497     // see the other setX509Certifcate function
 498     void setX509Certificate(
 499         sal_Int32 nSecurityId,
 500         const sal_Int32 nSecurityEnvironmentIndex,
 501         const rtl::OUString& ouX509IssuerName,
 502         const rtl::OUString& ouX509SerialNumber,
 503         const rtl::OUString& ouX509Cert);
 504
 505     void setDate(
 506         sal_Int32 nSecurityId,
 507         const ::com::sun::star::util::DateTime& rDateTime );
 508
 509
 510     bool WriteSignature(
 511         const com::sun::star::uno::Reference<
 512             com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler );
 513
 514     /*
 515      * For signature verification
 516      */
 517     void collectToVerify( const rtl::OUString& referenceId );
 518     void addSignature( sal_Int32 nSignatureId );
 519     com::sun::star::uno::Reference< com::sun::star::xml::sax::XDocumentHandler > createSignatureReader();
 520     void releaseSignatureReader();
 521
 522 public:
 523     /* Interface methods */
 524
 525     /*
 526      * XSecurityController
 527      *
 528      * no method in XSecurityController interface
 529      */
 530
 531     /*
 532      * XFastPropertySet
 533      */
 534     /*
 535     virtual void SAL_CALL setFastPropertyValue(
 536         sal_Int32 nHandle,
 537         const com::sun::star::uno::Any& aValue )
 538         throw (
 539             com::sun::star::beans::UnknownPropertyException,
 540             com::sun::star::beans::PropertyVetoException,
 541             com::sun::star::lang::IllegalArgumentException,
 542             com::sun::star::lang::WrappedTargetException,
 543             com::sun::star::uno::RuntimeException);
 544     virtual com::sun::star::uno::Any SAL_CALL getFastPropertyValue(
 545         sal_Int32 nHandle )
 546         throw (
 547             com::sun::star::beans::UnknownPropertyException,
 548             com::sun::star::lang::WrappedTargetException,
 549             com::sun::star::uno::RuntimeException);
 550     */
 551
 552     /*
 553      * XSAXEventKeeperStatusChangeListener
 554      */
 555     virtual void SAL_CALL blockingStatusChanged( sal_Bool isBlocking )
 556         throw (com::sun::star::uno::RuntimeException);
 557     virtual void SAL_CALL collectionStatusChanged(
 558         sal_Bool isInsideCollectedElement )
 559         throw (com::sun::star::uno::RuntimeException);
 560     virtual void SAL_CALL bufferStatusChanged( sal_Bool isBufferEmpty )
 561         throw (com::sun::star::uno::RuntimeException);
 562
 563     /*
 564      * XSignatureCreationResultListener
 565      */
 566     virtual void SAL_CALL signatureCreated( sal_Int32 securityId, com::sun::star::xml::crypto::SecurityOperationStatus nResult )
 567         throw (com::sun::star::uno::RuntimeException);
 568
 569     /*
 570      * XSignatureVerifyResultListener
 571      */
 572     virtual void SAL_CALL signatureVerified( sal_Int32 securityId, com::sun::star::xml::crypto::SecurityOperationStatus nResult )
 573         throw (com::sun::star::uno::RuntimeException);
 574 };
 575
 576 #endif
 577