xmlsecurity/inc/xmlsignaturehelper.hxx

   1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
   2 /*
   3  * This file is part of the LibreOffice project.
   4  *
   5  * This Source Code Form is subject to the terms of the Mozilla Public
   6  * License, v. 2.0. If a copy of the MPL was not distributed with this
   7  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
   8  *
   9  * This file incorporates work covered by the following license notice:
  10  *
  11  *   Licensed to the Apache Software Foundation (ASF) under one or more
  12  *   contributor license agreements. See the NOTICE file distributed
  13  *   with this work for additional information regarding copyright
  14  *   ownership. The ASF licenses this file to you under the Apache
  15  *   License, Version 2.0 (the "License"); you may not use this file
  16  *   except in compliance with the License. You may obtain a copy of
  17  *   the License at http://www.apache.org/licenses/LICENSE-2.0 .
  18  */
  19
  20 #ifndef INCLUDED_XMLSECURITY_INC_XMLSIGNATUREHELPER_HXX
  21 #define INCLUDED_XMLSECURITY_INC_XMLSIGNATUREHELPER_HXX
  22
  23 #include <vector>
  24
  25 #include <tools/link.hxx>
  26 #include <rtl/ustring.hxx>
  27 #include <rtl/ref.hxx>
  28 #include <svl/sigstruct.hxx>
  29 #include "xsecctl.hxx"
  30 #include "xmlsecuritydllapi.h"
  31 #include "xmlsignaturehelper.hxx"
  32
  33 #include <com/sun/star/graphic/XGraphic.hpp>
  34 #include <com/sun/star/uno/XComponentContext.hpp>
  35 #include <com/sun/star/xml/sax/XWriter.hpp>
  36 #include <com/sun/star/xml/crypto/XSEInitializer.hpp>
  37 #include <com/sun/star/xml/crypto/sax/XSignatureCreationResultListener.hpp>
  38 #include <com/sun/star/xml/crypto/sax/XSignatureVerifyResultListener.hpp>
  39
  40 class DateTime;
  41
  42 namespace com {
  43 namespace sun {
  44 namespace star {
  45 namespace io {
  46     class XOutputStream;
  47     class XInputStream; }
  48 namespace embed {
  49     class XStorage; }
  50 }}}
  51
  52 /**********************************************************
  53  XMLSignatureHelper
  54
  55  Helper class for the XML Security framework
  56
  57  Functions:
  58  1. help to create a security context;
  59  2. help to listen signature creation result;
  60  3. help to listen signature verify result;
  61  4. help to indicate which signature to verify.
  62
  63  **********************************************************/
  64
  65 class XMLSECURITY_DLLPUBLIC XMLSignatureHelper
  66 {
  67 private:
  68     css::uno::Reference< css::uno::XComponentContext > mxCtx;
  69     rtl::Reference<UriBindingHelper> mxUriBinding;
  70
  71     rtl::Reference<XSecController> mpXSecController;
  72     bool                        mbError;
  73     bool mbODFPre1_2;
  74     Link<LinkParamNone*,bool>   maStartVerifySignatureHdl;
  75
  76 private:
  77     XMLSignatureHelper(const XMLSignatureHelper&) = delete;
  78
  79 public:
  80     XMLSignatureHelper(const css::uno::Reference< css::uno::XComponentContext >& mrCtx );
  81     ~XMLSignatureHelper();
  82
  83     void StartVerifySignatureElement();
  84
  85     // Set the storage which should be used by the default UriBinding
  86     // Must be set before StartMission().
  87     //sODFVersion indicates  the ODF version
  88     void        SetStorage( const css::uno::Reference < css::embed::XStorage >& rxStorage, const OUString& sODFVersion );
  89
  90                 // Argument for the Link is a uno::Reference< xml::sax::XAttributeList >*
  91                 // Return 1 to verify, 0 to skip.
  92                 // Default handler will verify all.
  93     void        SetStartVerifySignatureHdl( const Link<LinkParamNone*,bool>& rLink );
  94
  95                 // After signing/verifying, get information about signatures
  96     SignatureInformation  GetSignatureInformation( sal_Int32 nSecurityId ) const;
  97     SignatureInformations GetSignatureInformations() const;
  98
  99                 // See XSecController for documentation
 100     void        StartMission(const css::uno::Reference<css::xml::crypto::XXMLSecurityContext>& xSecurityContext);
 101     void        EndMission();
 102     sal_Int32   GetNewSecurityId();
 103     /** sets data that describes the certificate.
 104
 105         It is absolutely necessary that the parameter ouX509IssuerName is set. It contains
 106         the base64 encoded certificate, which is DER encoded. The XMLSec needs it to find
 107         the private key. Although issuer name and certificate should be sufficient to identify
 108         the certificate the implementation in XMLSec is broken, both for Windows and mozilla.
 109         The reason is that they use functions to find the certificate which take as parameter
 110         the DER encoded ASN.1 issuer name. The issuer name is a DName, where most attributes
 111         are of type DirectoryName, which is a choice of 5 string types. This information is
 112         not contained in the issuer string and while it is converted to the ASN.1 name the
 113         conversion function must assume a particular type, which is often wrong. For example,
 114         the Windows function CertStrToName will use a T.61 string if the string does not contain
 115         special characters. So if the certificate uses simple characters but encodes the
 116         issuer attributes in Utf8, then CertStrToName will use T.61. The resulting DER encoded
 117         ASN.1 name now contains different bytes which indicate the string type. The functions
 118         for finding the certificate apparently use memcmp - hence they fail to find the
 119         certificate.
 120      */
 121     void SetX509Certificate(sal_Int32 nSecurityId, const OUString& ouX509IssuerName,
 122         const OUString& ouX509SerialNumber, const OUString& ouX509Cert, const OUString& ouX509CertDigest,
 123         svl::crypto::SignatureMethodAlgorithm eAlgorithmID);
 124
 125     void AddEncapsulatedX509Certificate(const OUString& ouEncapsulatedX509Certificate);
 126
 127     void SetGpgCertificate(sal_Int32 nSecurityId, const OUString& ouGpgCertDigest,
 128         const OUString& ouGpgCert, const OUString& ouGpgOwner);
 129
 130     void        SetDateTime( sal_Int32 nSecurityId, const DateTime& rDateTime );
 131     void SetDescription(sal_Int32 nSecurityId, const OUString& rDescription);
 132     void SetSignatureLineId(sal_Int32 nSecurityId, const OUString& rSignatureLineId);
 133     void
 134     SetSignatureLineValidGraphic(sal_Int32 nSecurityId,
 135                                  const css::uno::Reference<css::graphic::XGraphic>& xValidGraphic);
 136     void SetSignatureLineInvalidGraphic(
 137         sal_Int32 nSecurityId, const css::uno::Reference<css::graphic::XGraphic>& xInvalidGraphic);
 138
 139     void        AddForSigning( sal_Int32 securityId, const OUString& uri, bool bBinary, bool bXAdESCompliantIfODF );
 140     void        CreateAndWriteSignature( const css::uno::Reference< css::xml::sax::XDocumentHandler >& xDocumentHandler, bool bXAdESCompliantIfODF );
 141     bool        ReadAndVerifySignature( const css::uno::Reference< css::io::XInputStream >& xInputStream );
 142
 143     // MT: ??? I think only for adding/removing, not for new signatures...
 144     // MM: Yes, but if you want to insert a new signature into an existing signature file, those function
 145     //     will be very useful, see Mission 3 in the new "multisigdemo" program   :-)
 146     css::uno::Reference< css::xml::sax::XWriter> CreateDocumentHandlerWithHeader( const css::uno::Reference< css::io::XOutputStream >& xOutputStream );
 147     static void CloseDocumentHandler( const css::uno::Reference< css::xml::sax::XDocumentHandler>& xDocumentHandler );
 148     static void ExportSignature(
 149         const css::uno::Reference< css::xml::sax::XDocumentHandler >& xDocumentHandler,
 150         const SignatureInformation& signatureInfo,
 151         bool bXAdESCompliantIfODF );
 152
 153     /// Read and verify OOXML signatures.
 154     bool ReadAndVerifySignatureStorage(const css::uno::Reference<css::embed::XStorage>& xStorage, bool bCacheLastSignature = true);
 155     /// Read and verify a single OOXML signature.
 156     bool ReadAndVerifySignatureStorageStream(const css::uno::Reference<css::io::XInputStream>& xInputStream);
 157     /// Adds or removes an OOXML digital signature relation to _rels/.rels if there wasn't any before.
 158     void EnsureSignaturesRelation(const css::uno::Reference<css::embed::XStorage>& xStorage, bool bAdd);
 159     /// Given that xStorage is an OOXML _xmlsignatures storage, create origin.sigs and its relations.
 160     void ExportSignatureRelations(const css::uno::Reference<css::embed::XStorage>& xStorage, int nSignatureCount);
 161     /// Given that xSignatureStorage is an OOXML _xmlsignatures storage, create and write a new signature.
 162     void CreateAndWriteOOXMLSignature(const css::uno::Reference<css::embed::XStorage>& xRootStorage, const css::uno::Reference<css::embed::XStorage>& xSignatureStorage, int nSignatureIndex);
 163     /// Similar to CreateAndWriteOOXMLSignature(), but used to write the signature to the persistent storage, not the temporary one.
 164     void ExportOOXMLSignature(const css::uno::Reference<css::embed::XStorage>& xRootStorage, const css::uno::Reference<css::embed::XStorage>& xSignatureStorage, const SignatureInformation& rInformation, int nSignatureIndex);
 165     /// Given that xStorage is an OOXML root storage, advertise signatures in its [Content_Types].xml stream.
 166     void ExportSignatureContentTypes(const css::uno::Reference<css::embed::XStorage>& xStorage, int nSignatureCount);
 167 };
 168
 169 #endif // INCLUDED_XMLSECURITY_INC_XMLSIGNATUREHELPER_HXX
 170
 171 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */