search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Version 6.1.4.1, tag libreoffice-6.1.4.1
[LibreOffice.git] / xmlsecurity / source / helper / documentsignaturemanager.cxx
blobc88c18964b22da8e2cb30b6e68469734280152f4
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3 * This file is part of the LibreOffice project.
4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 *
9 * This file incorporates work covered by the following license notice:
10 *
11 * Licensed to the Apache Software Foundation (ASF) under one or more
12 * contributor license agreements. See the NOTICE file distributed
13 * with this work for additional information regarding copyright
14 * ownership. The ASF licenses this file to you under the Apache
15 * License, Version 2.0 (the "License"); you may not use this file
16 * except in compliance with the License. You may obtain a copy of
17 * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18 */
19
20 #include <documentsignaturemanager.hxx>
21 #include <config_gpgme.h>
22
23 #include <gpg/SEInitializer.hxx>
24
25 #include <com/sun/star/embed/StorageFormats.hpp>
26 #include <com/sun/star/embed/ElementModes.hpp>
27 #include <com/sun/star/io/TempFile.hpp>
28 #include <com/sun/star/io/XTruncate.hpp>
29 #include <com/sun/star/embed/XTransactedObject.hpp>
30 #include <com/sun/star/xml/crypto/SEInitializer.hpp>
31 #include <com/sun/star/lang/XServiceInfo.hpp>
32 #include <com/sun/star/graphic/XGraphic.hpp>
33
34 #include <comphelper/base64.hxx>
35 #include <comphelper/storagehelper.hxx>
36 #include <rtl/ustrbuf.hxx>
37 #include <sax/tools/converter.hxx>
38 #include <tools/datetime.hxx>
39 #include <o3tl/make_unique.hxx>
40
41 #include <certificate.hxx>
42 #include <biginteger.hxx>
43
44 #include <xmlsec/xmlsec_init.hxx>
45
46 #include <pdfsignaturehelper.hxx>
47
48 using namespace css;
49 using namespace css::graphic;
50 using namespace css::uno;
51
52 DocumentSignatureManager::DocumentSignatureManager(
53 const uno::Reference<uno::XComponentContext>& xContext, DocumentSignatureMode eMode)
54 : mxContext(xContext)
55 , maSignatureHelper(xContext)
56 , meSignatureMode(eMode)
57 {
58 }
59
60 DocumentSignatureManager::~DocumentSignatureManager() { deInitXmlSec(); }
61
62 bool DocumentSignatureManager::init()
63 {
64 SAL_WARN_IF(mxSEInitializer.is(), "xmlsecurity.helper",
65 "DocumentSignatureManager::Init - mxSEInitializer already set!");
66 SAL_WARN_IF(mxSecurityContext.is(), "xmlsecurity.helper",
67 "DocumentSignatureManager::Init - mxSecurityContext already set!");
68 SAL_WARN_IF(mxGpgSEInitializer.is(), "xmlsecurity.helper",
69 "DocumentSignatureManager::Init - mxGpgSEInitializer already set!");
70
71 // xmlsec is needed by both services, so init before those
72 initXmlSec();
73
74 mxSEInitializer = xml::crypto::SEInitializer::create(mxContext);
75 #if HAVE_FEATURE_GPGME
76 mxGpgSEInitializer.set(new SEInitializerGpg());
77 #endif
78
79 if (mxSEInitializer.is())
80 mxSecurityContext = mxSEInitializer->createSecurityContext(OUString());
81
82 #if HAVE_FEATURE_GPGME
83 if (mxGpgSEInitializer.is())
84 mxGpgSecurityContext = mxGpgSEInitializer->createSecurityContext(OUString());
85
86 return mxSecurityContext.is() || mxGpgSecurityContext.is();
87 #else
88 return mxSecurityContext.is();
89 #endif
90 }
91
92 PDFSignatureHelper& DocumentSignatureManager::getPDFSignatureHelper()
93 {
94 bool bInit = true;
95 if (!mxSecurityContext.is())
96 bInit = init();
97
98 SAL_WARN_IF(!bInit, "xmlsecurity.comp", "Error initializing security context!");
99
100 if (!mpPDFSignatureHelper)
101 mpPDFSignatureHelper = o3tl::make_unique<PDFSignatureHelper>();
102
103 return *mpPDFSignatureHelper;
104 }
105
106 #if 0 // For some reason does not work
107 bool DocumentSignatureManager::IsXAdESRelevant()
108 {
109 if (mxStore.is())
110 {
111 // ZIP-based: ODF or OOXML.
112 maSignatureHelper.StartMission();
113
114 SignatureStreamHelper aStreamHelper = ImplOpenSignatureStream(embed::ElementModes::READ, /*bUseTempStream=*/true);
115 if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
116 {
117 maSignatureHelper.EndMission();
118 return false;
119 }
120 // FIXME: How to figure out if it is ODF 1.2?
121 maSignatureHelper.EndMission();
122 return true;
123 }
124 return false;
125 }
126 #endif
127
128 /* Using the zip storage, we cannot get the properties "MediaType" and "IsEncrypted"
129 We use the manifest to find out if a file is xml and if it is encrypted.
130 The parameter is an encoded uri. However, the manifest contains paths. Therefore
131 the path is encoded as uri, so they can be compared.
132 */
133 bool DocumentSignatureManager::isXML(const OUString& rURI)
134 {
135 SAL_WARN_IF(!mxStore.is(), "xmlsecurity.helper", "empty storage reference");
136
137 bool bIsXML = false;
138 bool bPropsAvailable = false;
139 const OUString sPropFullPath("FullPath");
140 const OUString sPropMediaType("MediaType");
141 const OUString sPropDigest("Digest");
142
143 for (int i = 0; i < m_manifest.getLength(); i++)
144 {
145 const uno::Sequence<beans::PropertyValue>& entry = m_manifest[i];
146 OUString sPath, sMediaType;
147 bool bEncrypted = false;
148 for (int j = 0; j < entry.getLength(); j++)
149 {
150 const beans::PropertyValue& prop = entry[j];
151
152 if (prop.Name == sPropFullPath)
153 prop.Value >>= sPath;
154 else if (prop.Name == sPropMediaType)
155 prop.Value >>= sMediaType;
156 else if (prop.Name == sPropDigest)
157 bEncrypted = true;
158 }
159 if (DocumentSignatureHelper::equalsReferenceUriManifestPath(rURI, sPath))
160 {
161 bIsXML = sMediaType == "text/xml" && !bEncrypted;
162 bPropsAvailable = true;
163 break;
164 }
165 }
166 if (!bPropsAvailable)
167 {
168 //This would be the case for at least mimetype, META-INF/manifest.xml
169 //META-INF/macrosignatures.xml.
170 //Files can only be encrypted if they are in the manifest.xml.
171 //That is, the current file cannot be encrypted, otherwise bPropsAvailable
172 //would be true.
173 sal_Int32 nSep = rURI.lastIndexOf('.');
174 if (nSep != -1)
175 {
176 OUString aExt = rURI.copy(nSep + 1);
177 if (aExt.equalsIgnoreAsciiCase("XML"))
178 bIsXML = true;
179 }
180 }
181 return bIsXML;
182 }
183
184 //If bTempStream is true, then a temporary stream is return. If it is false then, the actual
185 //signature stream is used.
186 //Every time the user presses Add a new temporary stream is created.
187 //We keep the temporary stream as member because ImplGetSignatureInformations
188 //will later access the stream to create DocumentSignatureInformation objects
189 //which are stored in maCurrentSignatureInformations.
190 SignatureStreamHelper DocumentSignatureManager::ImplOpenSignatureStream(sal_Int32 nStreamOpenMode,
191 bool bTempStream)
192 {
193 SignatureStreamHelper aHelper;
194 if (mxStore.is())
195 {
196 uno::Reference<container::XNameAccess> xNameAccess(mxStore, uno::UNO_QUERY);
197 if (xNameAccess.is() && xNameAccess->hasByName("[Content_Types].xml"))
198 aHelper.nStorageFormat = embed::StorageFormats::OFOPXML;
199 }
200
201 if (bTempStream)
202 {
203 if (nStreamOpenMode & embed::ElementModes::TRUNCATE)
204 {
205 //We write always into a new temporary stream.
206 mxTempSignatureStream.set(io::TempFile::create(mxContext), uno::UNO_QUERY_THROW);
207 if (aHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
208 aHelper.xSignatureStream = mxTempSignatureStream;
209 else
210 {
211 mxTempSignatureStorage = comphelper::OStorageHelper::GetStorageOfFormatFromStream(
212 ZIP_STORAGE_FORMAT_STRING, mxTempSignatureStream);
213 aHelper.xSignatureStorage = mxTempSignatureStorage;
214 }
215 }
216 else
217 {
218 //When we read from the temp stream, then we must have previously
219 //created one.
220 SAL_WARN_IF(!mxTempSignatureStream.is(), "xmlsecurity.helper",
221 "empty temp. signature stream reference");
222 }
223 aHelper.xSignatureStream = mxTempSignatureStream;
224 if (aHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
225 aHelper.xSignatureStorage = mxTempSignatureStorage;
226 }
227 else
228 {
229 //No temporary stream
230 if (!mxSignatureStream.is())
231 {
232 //We may not have a dedicated stream for writing the signature
233 //So we take one directly from the storage
234 //Or DocumentDigitalSignatures::showDocumentContentSignatures was called,
235 //in which case Add/Remove is not allowed. This is done, for example, if the
236 //document is readonly
237 aHelper = DocumentSignatureHelper::OpenSignatureStream(mxStore, nStreamOpenMode,
238 meSignatureMode);
239 }
240 else
241 {
242 aHelper.xSignatureStream = mxSignatureStream;
243 }
244 }
245
246 if (nStreamOpenMode & embed::ElementModes::TRUNCATE)
247 {
248 if (aHelper.xSignatureStream.is()
249 && aHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
250 {
251 uno::Reference<io::XTruncate> xTruncate(aHelper.xSignatureStream, uno::UNO_QUERY_THROW);
252 xTruncate->truncate();
253 }
254 }
255 else if (bTempStream || mxSignatureStream.is())
256 {
257 //In case we read the signature stream from the storage directly,
258 //which is the case when DocumentDigitalSignatures::showDocumentContentSignatures
259 //then XSeakable is not supported
260 uno::Reference<io::XSeekable> xSeek(aHelper.xSignatureStream, uno::UNO_QUERY_THROW);
261 xSeek->seek(0);
262 }
263
264 return aHelper;
265 }
266
267 bool DocumentSignatureManager::add(
268 const uno::Reference<security::XCertificate>& xCert,
269 const uno::Reference<xml::crypto::XXMLSecurityContext>& xSecurityContext,
270 const OUString& rDescription, sal_Int32& nSecurityId, bool bAdESCompliant,
271 const OUString& rSignatureLineId, const Reference<XGraphic> xValidGraphic,
272 const Reference<XGraphic> xInvalidGraphic)
273 {
274 if (!xCert.is())
275 {
276 SAL_WARN("xmlsecurity.helper", "no certificate selected");
277 return false;
278 }
279
280 // GPG or X509 key?
281 uno::Reference<lang::XServiceInfo> xServiceInfo(xSecurityContext, uno::UNO_QUERY);
282 if (xServiceInfo->getImplementationName()
283 == "com.sun.star.xml.security.gpg.XMLSecurityContext_GpgImpl")
284 {
285 // GPG keys only really have PGPKeyId and PGPKeyPacket
286 if (!mxStore.is())
287 {
288 SAL_WARN("xmlsecurity.helper", "cannot sign pdfs with GPG keys");
289 return false;
290 }
291
292 maSignatureHelper.StartMission(xSecurityContext);
293
294 nSecurityId = maSignatureHelper.GetNewSecurityId();
295
296 OUStringBuffer aStrBuffer;
297 comphelper::Base64::encode(aStrBuffer, xCert->getEncoded());
298
299 OUString aKeyId;
300 if (auto pCertificate = dynamic_cast<xmlsecurity::Certificate*>(xCert.get()))
301 {
302 OUStringBuffer aBuffer;
303 comphelper::Base64::encode(aBuffer, pCertificate->getSHA256Thumbprint());
304 aKeyId = aBuffer.makeStringAndClear();
305 }
306 else
307 SAL_WARN("xmlsecurity.helper",
308 "XCertificate implementation without an xmlsecurity::Certificate one");
309
310 maSignatureHelper.SetGpgCertificate(nSecurityId, aKeyId, aStrBuffer.makeStringAndClear(),
311 xCert->getIssuerName());
312 }
313 else
314 {
315 OUString aCertSerial = xmlsecurity::bigIntegerToNumericString(xCert->getSerialNumber());
316 if (aCertSerial.isEmpty())
317 {
318 SAL_WARN("xmlsecurity.helper", "Error in Certificate, problem with serial number!");
319 return false;
320 }
321
322 if (!mxStore.is())
323 {
324 // Something not ZIP based, try PDF.
325 nSecurityId = getPDFSignatureHelper().GetNewSecurityId();
326 getPDFSignatureHelper().SetX509Certificate(xCert);
327 getPDFSignatureHelper().SetDescription(rDescription);
328 uno::Reference<io::XInputStream> xInputStream(mxSignatureStream, uno::UNO_QUERY);
329 if (!getPDFSignatureHelper().Sign(xInputStream, bAdESCompliant))
330 {
331 SAL_WARN("xmlsecurity.helper", "PDFSignatureHelper::Sign() failed");
332 return false;
333 }
334 return true;
335 }
336
337 maSignatureHelper.StartMission(xSecurityContext);
338
339 nSecurityId = maSignatureHelper.GetNewSecurityId();
340
341 OUStringBuffer aStrBuffer;
342 comphelper::Base64::encode(aStrBuffer, xCert->getEncoded());
343
344 OUString aCertDigest;
345 svl::crypto::SignatureMethodAlgorithm eAlgorithmID
346 = svl::crypto::SignatureMethodAlgorithm::RSA;
347 if (auto pCertificate = dynamic_cast<xmlsecurity::Certificate*>(xCert.get()))
348 {
349 OUStringBuffer aBuffer;
350 comphelper::Base64::encode(aBuffer, pCertificate->getSHA256Thumbprint());
351 aCertDigest = aBuffer.makeStringAndClear();
352
353 eAlgorithmID = pCertificate->getSignatureMethodAlgorithm();
354 }
355 else
356 SAL_WARN("xmlsecurity.helper",
357 "XCertificate implementation without an xmlsecurity::Certificate one");
358
359 maSignatureHelper.SetX509Certificate(nSecurityId, xCert->getIssuerName(), aCertSerial,
360 aStrBuffer.makeStringAndClear(), aCertDigest,
361 eAlgorithmID);
362 }
363
364 uno::Sequence<uno::Reference<security::XCertificate>> aCertPath
365 = xSecurityContext->getSecurityEnvironment()->buildCertificatePath(xCert);
366 const uno::Reference<security::XCertificate>* pCertPath = aCertPath.getConstArray();
367 sal_Int32 nCnt = aCertPath.getLength();
368
369 OUStringBuffer aStrBuffer;
370 for (int i = 0; i < nCnt; i++)
371 {
372 comphelper::Base64::encode(aStrBuffer, pCertPath[i]->getEncoded());
373 maSignatureHelper.AddEncapsulatedX509Certificate(aStrBuffer.makeStringAndClear());
374 }
375
376 std::vector<OUString> aElements = DocumentSignatureHelper::CreateElementList(
377 mxStore, meSignatureMode, DocumentSignatureAlgorithm::OOo3_2);
378 DocumentSignatureHelper::AppendContentTypes(mxStore, aElements);
379
380 sal_Int32 nElements = aElements.size();
381 for (sal_Int32 n = 0; n < nElements; n++)
382 {
383 bool bBinaryMode = !isXML(aElements[n]);
384 maSignatureHelper.AddForSigning(nSecurityId, aElements[n], bBinaryMode, bAdESCompliant);
385 }
386
387 maSignatureHelper.SetDateTime(nSecurityId, DateTime(DateTime::SYSTEM));
388 maSignatureHelper.SetDescription(nSecurityId, rDescription);
389
390 if (!rSignatureLineId.isEmpty())
391 maSignatureHelper.SetSignatureLineId(nSecurityId, rSignatureLineId);
392
393 if (xValidGraphic.is())
394 maSignatureHelper.SetSignatureLineValidGraphic(nSecurityId, xValidGraphic);
395
396 if (xInvalidGraphic.is())
397 maSignatureHelper.SetSignatureLineInvalidGraphic(nSecurityId, xInvalidGraphic);
398
399 // We open a signature stream in which the existing and the new
400 //signature is written. ImplGetSignatureInformation (later in this function) will
401 //then read the stream and fill maCurrentSignatureInformations. The final signature
402 //is written when the user presses OK. Then only maCurrentSignatureInformation and
403 //a sax writer are used to write the information.
404 SignatureStreamHelper aStreamHelper
405 = ImplOpenSignatureStream(embed::ElementModes::WRITE | embed::ElementModes::TRUNCATE, true);
406
407 if (aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
408 {
409 uno::Reference<io::XOutputStream> xOutputStream(aStreamHelper.xSignatureStream,
410 uno::UNO_QUERY_THROW);
411 uno::Reference<xml::sax::XWriter> xSaxWriter
412 = maSignatureHelper.CreateDocumentHandlerWithHeader(xOutputStream);
413
414 // Export old signatures...
415 uno::Reference<xml::sax::XDocumentHandler> xDocumentHandler(xSaxWriter,
416 uno::UNO_QUERY_THROW);
417 std::size_t nInfos = maCurrentSignatureInformations.size();
418 for (std::size_t n = 0; n < nInfos; n++)
419 XMLSignatureHelper::ExportSignature(xDocumentHandler, maCurrentSignatureInformations[n],
420 bAdESCompliant);
421
422 // Create a new one...
423 maSignatureHelper.CreateAndWriteSignature(xDocumentHandler, bAdESCompliant);
424
425 // That's it...
426 XMLSignatureHelper::CloseDocumentHandler(xDocumentHandler);
427 }
428 else
429 {
430 // OOXML
431
432 // Handle relations.
433 maSignatureHelper.EnsureSignaturesRelation(mxStore, /*bAdd=*/true);
434 // Old signatures + the new one.
435 int nSignatureCount = maCurrentSignatureInformations.size() + 1;
436 maSignatureHelper.ExportSignatureRelations(aStreamHelper.xSignatureStorage,
437 nSignatureCount);
438
439 // Export old signatures.
440 for (std::size_t i = 0; i < maCurrentSignatureInformations.size(); ++i)
441 maSignatureHelper.ExportOOXMLSignature(mxStore, aStreamHelper.xSignatureStorage,
442 maCurrentSignatureInformations[i], i + 1);
443
444 // Create a new signature.
445 maSignatureHelper.CreateAndWriteOOXMLSignature(mxStore, aStreamHelper.xSignatureStorage,
446 nSignatureCount);
447
448 // Flush objects.
449 uno::Reference<embed::XTransactedObject> xTransact(aStreamHelper.xSignatureStorage,
450 uno::UNO_QUERY);
451 xTransact->commit();
452 uno::Reference<io::XOutputStream> xOutputStream(aStreamHelper.xSignatureStream,
453 uno::UNO_QUERY);
454 xOutputStream->closeOutput();
455
456 uno::Reference<io::XTempFile> xTempFile(aStreamHelper.xSignatureStream, uno::UNO_QUERY);
457 SAL_INFO("xmlsecurity.helper",
458 "DocumentSignatureManager::add temporary storage at " << xTempFile->getUri());
459 }
460
461 maSignatureHelper.EndMission();
462 return true;
463 }
464
465 void DocumentSignatureManager::remove(sal_uInt16 nPosition)
466 {
467 if (!mxStore.is())
468 {
469 // Something not ZIP based, try PDF.
470 uno::Reference<io::XInputStream> xInputStream(mxSignatureStream, uno::UNO_QUERY);
471 if (!PDFSignatureHelper::RemoveSignature(xInputStream, nPosition))
472 {
473 SAL_WARN("xmlsecurity.helper", "PDFSignatureHelper::RemoveSignature() failed");
474 return;
475 }
476
477 // Only erase when the removal was successful, it may fail for PDF.
478 // Also, erase the requested and all following signatures, as PDF signatures are always chained.
479 maCurrentSignatureInformations.erase(maCurrentSignatureInformations.begin() + nPosition,
480 maCurrentSignatureInformations.end());
481 return;
482 }
483
484 maCurrentSignatureInformations.erase(maCurrentSignatureInformations.begin() + nPosition);
485
486 // Export all other signatures...
487 SignatureStreamHelper aStreamHelper = ImplOpenSignatureStream(
488 embed::ElementModes::WRITE | embed::ElementModes::TRUNCATE, /*bTempStream=*/true);
489
490 if (aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
491 {
492 uno::Reference<io::XOutputStream> xOutputStream(aStreamHelper.xSignatureStream,
493 uno::UNO_QUERY_THROW);
494 uno::Reference<xml::sax::XWriter> xSaxWriter
495 = maSignatureHelper.CreateDocumentHandlerWithHeader(xOutputStream);
496
497 uno::Reference<xml::sax::XDocumentHandler> xDocumentHandler(xSaxWriter,
498 uno::UNO_QUERY_THROW);
499 std::size_t nInfos = maCurrentSignatureInformations.size();
500 for (std::size_t n = 0; n < nInfos; ++n)
501 XMLSignatureHelper::ExportSignature(xDocumentHandler, maCurrentSignatureInformations[n],
502 false /* ??? */);
503
504 XMLSignatureHelper::CloseDocumentHandler(xDocumentHandler);
505 }
506 else
507 {
508 // OOXML
509
510 // Handle relations.
511 int nSignatureCount = maCurrentSignatureInformations.size();
512 maSignatureHelper.ExportSignatureRelations(aStreamHelper.xSignatureStorage,
513 nSignatureCount);
514
515 // Export old signatures.
516 for (std::size_t i = 0; i < maCurrentSignatureInformations.size(); ++i)
517 maSignatureHelper.ExportOOXMLSignature(mxStore, aStreamHelper.xSignatureStorage,
518 maCurrentSignatureInformations[i], i + 1);
519
520 // Flush objects.
521 uno::Reference<embed::XTransactedObject> xTransact(aStreamHelper.xSignatureStorage,
522 uno::UNO_QUERY);
523 xTransact->commit();
524 uno::Reference<io::XOutputStream> xOutputStream(aStreamHelper.xSignatureStream,
525 uno::UNO_QUERY);
526 xOutputStream->closeOutput();
527
528 uno::Reference<io::XTempFile> xTempFile(aStreamHelper.xSignatureStream, uno::UNO_QUERY);
529 SAL_INFO("xmlsecurity.helper", "DocumentSignatureManager::remove: temporary storage is at "
530 << xTempFile->getUri());
531 }
532 }
533
534 void DocumentSignatureManager::read(bool bUseTempStream, bool bCacheLastSignature)
535 {
536 maCurrentSignatureInformations.clear();
537
538 if (mxStore.is())
539 {
540 // ZIP-based: ODF or OOXML.
541 maSignatureHelper.StartMission(mxSecurityContext);
542
543 SignatureStreamHelper aStreamHelper
544 = ImplOpenSignatureStream(embed::ElementModes::READ, bUseTempStream);
545 if (aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML
546 && aStreamHelper.xSignatureStream.is())
547 {
548 uno::Reference<io::XInputStream> xInputStream(aStreamHelper.xSignatureStream,
549 uno::UNO_QUERY);
550 maSignatureHelper.ReadAndVerifySignature(xInputStream);
551 }
552 else if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML
553 && aStreamHelper.xSignatureStorage.is())
554 maSignatureHelper.ReadAndVerifySignatureStorage(aStreamHelper.xSignatureStorage,
555 bCacheLastSignature);
556 maSignatureHelper.EndMission();
557
558 maCurrentSignatureInformations = maSignatureHelper.GetSignatureInformations();
559 }
560 else
561 {
562 // Something not ZIP based, try PDF.
563 uno::Reference<io::XInputStream> xInputStream(mxSignatureStream, uno::UNO_QUERY);
564 if (getPDFSignatureHelper().ReadAndVerifySignature(xInputStream))
565 maCurrentSignatureInformations = getPDFSignatureHelper().GetSignatureInformations();
566 }
567 }
568
569 void DocumentSignatureManager::write(bool bXAdESCompliantIfODF)
570 {
571 if (!mxStore.is())
572 {
573 // Something not ZIP based, assume PDF, which is written directly in add() already.
574 return;
575 }
576
577 // Export all other signatures...
578 SignatureStreamHelper aStreamHelper = ImplOpenSignatureStream(
579 embed::ElementModes::WRITE | embed::ElementModes::TRUNCATE, false);
580
581 if (aStreamHelper.xSignatureStream.is()
582 && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
583 {
584 // ODF
585 uno::Reference<io::XOutputStream> xOutputStream(aStreamHelper.xSignatureStream,
586 uno::UNO_QUERY);
587 uno::Reference<xml::sax::XWriter> xSaxWriter
588 = maSignatureHelper.CreateDocumentHandlerWithHeader(xOutputStream);
589
590 uno::Reference<xml::sax::XDocumentHandler> xDocumentHandler(xSaxWriter,
591 uno::UNO_QUERY_THROW);
592 std::size_t nInfos = maCurrentSignatureInformations.size();
593 for (std::size_t n = 0; n < nInfos; ++n)
594 XMLSignatureHelper::ExportSignature(xDocumentHandler, maCurrentSignatureInformations[n],
595 bXAdESCompliantIfODF);
596
597 XMLSignatureHelper::CloseDocumentHandler(xDocumentHandler);
598 }
599 else if (aStreamHelper.xSignatureStorage.is()
600 && aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
601 {
602 // OOXML
603 std::size_t nSignatureCount = maCurrentSignatureInformations.size();
604 maSignatureHelper.ExportSignatureContentTypes(mxStore, nSignatureCount);
605 if (nSignatureCount > 0)
606 maSignatureHelper.ExportSignatureRelations(aStreamHelper.xSignatureStorage,
607 nSignatureCount);
608 else
609 {
610 // Removing all signatures: then need to remove the signature relation as well.
611 maSignatureHelper.EnsureSignaturesRelation(mxStore, /*bAdd=*/false);
612 // Also remove the whole signature sub-storage: release our read-write reference + remove the element.
613 aStreamHelper = SignatureStreamHelper();
614 mxStore->removeElement("_xmlsignatures");
615 }
616
617 for (std::size_t i = 0; i < nSignatureCount; ++i)
618 maSignatureHelper.ExportOOXMLSignature(mxStore, aStreamHelper.xSignatureStorage,
619 maCurrentSignatureInformations[i], i + 1);
620 }
621
622 // If stream was not provided, we are responsible for committing it....
623 if (!mxSignatureStream.is() && aStreamHelper.xSignatureStorage.is())
624 {
625 uno::Reference<embed::XTransactedObject> xTrans(aStreamHelper.xSignatureStorage,
626 uno::UNO_QUERY);
627 xTrans->commit();
628 }
629 }
630
631 uno::Reference<xml::crypto::XSecurityEnvironment> DocumentSignatureManager::getSecurityEnvironment()
632 {
633 return mxSecurityContext.is() ? mxSecurityContext->getSecurityEnvironment()
634 : uno::Reference<xml::crypto::XSecurityEnvironment>();
635 }
636
637 uno::Reference<xml::crypto::XSecurityEnvironment>
638 DocumentSignatureManager::getGpgSecurityEnvironment()
639 {
640 return mxGpgSecurityContext.is() ? mxGpgSecurityContext->getSecurityEnvironment()
641 : uno::Reference<xml::crypto::XSecurityEnvironment>();
642 }
643
644 uno::Reference<xml::crypto::XXMLSecurityContext> const&
645 DocumentSignatureManager::getSecurityContext()
646 {
647 return mxSecurityContext;
648 }
649
650 uno::Reference<xml::crypto::XXMLSecurityContext> const&
651 DocumentSignatureManager::getGpgSecurityContext()
652 {
653 return mxGpgSecurityContext;
654 }
655
656 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
FREE OFFICE SUITE