Update git submodules
[LibreOffice.git] / xmlsecurity / inc / xmlsignaturehelper.hxx
blobd6e2b90eebac3f6506b901304df1ef0ee0dde42b
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3 * This file is part of the LibreOffice project.
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
9 * This file incorporates work covered by the following license notice:
11 * Licensed to the Apache Software Foundation (ASF) under one or more
12 * contributor license agreements. See the NOTICE file distributed
13 * with this work for additional information regarding copyright
14 * ownership. The ASF licenses this file to you under the Apache
15 * License, Version 2.0 (the "License"); you may not use this file
16 * except in compliance with the License. You may obtain a copy of
17 * the License at http://www.apache.org/licenses/LICENSE-2.0 .
20 #pragma once
22 #include <tools/link.hxx>
23 #include <rtl/ustring.hxx>
24 #include <rtl/ref.hxx>
25 #include <svl/sigstruct.hxx>
26 #include "xmlsecuritydllapi.h"
27 #include "xmlsignaturehelper.hxx"
28 #include "xsecctl.hxx"
30 #include <com/sun/star/security/XCertificate.hpp>
31 #include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp>
33 class DateTime;
34 class UriBindingHelper;
36 namespace com::sun::star {
37 namespace io {
38 class XOutputStream;
39 class XInputStream;
41 namespace embed { class XStorage; }
44 namespace com::sun::star::graphic { class XGraphic; }
45 namespace com::sun::star::uno { class XComponentContext; }
46 namespace com::sun::star::xml::crypto { class XXMLSecurityContext; }
47 namespace com::sun::star::xml::sax { class XDocumentHandler; }
48 namespace com::sun::star::xml::sax { class XWriter; }
50 /**********************************************************
51 XMLSignatureHelper
53 Helper class for the XML Security framework
55 Functions:
56 1. help to create a security context;
57 2. help to listen signature creation result;
58 3. help to listen signature verify result;
59 4. help to indicate which signature to verify.
61 **********************************************************/
63 class XMLSECURITY_DLLPUBLIC XMLSignatureHelper
65 private:
66 css::uno::Reference< css::uno::XComponentContext > mxCtx;
67 rtl::Reference<UriBindingHelper> mxUriBinding;
69 rtl::Reference<XSecController> mpXSecController;
70 bool mbError;
71 bool mbODFPre1_2;
72 Link<LinkParamNone*,bool> maStartVerifySignatureHdl;
74 private:
75 XMLSignatureHelper(const XMLSignatureHelper&) = delete;
77 public:
78 XMLSignatureHelper(const css::uno::Reference< css::uno::XComponentContext >& mrCtx );
79 ~XMLSignatureHelper();
81 void StartVerifySignatureElement();
83 // Set the storage which should be used by the default UriBinding
84 // Must be set before StartMission().
85 //sODFVersion indicates the ODF version
86 void SetStorage( const css::uno::Reference < css::embed::XStorage >& rxStorage, std::u16string_view sODFVersion );
88 // Argument for the Link is a uno::Reference< xml::sax::XAttributeList >*
89 // Return 1 to verify, 0 to skip.
90 // Default handler will verify all.
91 void SetStartVerifySignatureHdl( const Link<LinkParamNone*,bool>& rLink );
93 // After signing/verifying, get information about signatures
94 SignatureInformation GetSignatureInformation( sal_Int32 nSecurityId ) const;
95 SignatureInformations GetSignatureInformations() const;
96 /// ImplVerifySignature calls this to figure out which X509Data is the
97 /// signing certificate and update the internal state with the result.
98 /// @return
99 /// A sequence with the signing certificate at the back on success.
100 /// An empty sequence on failure.
101 std::vector<css::uno::Reference<css::security::XCertificate>>
102 CheckAndUpdateSignatureInformation(
103 css::uno::Reference<css::xml::crypto::XSecurityEnvironment> const& xSecEnv,
104 SignatureInformation const& rInfo);
106 // See XSecController for documentation
107 void StartMission(const css::uno::Reference<css::xml::crypto::XXMLSecurityContext>& xSecurityContext);
108 void EndMission();
109 sal_Int32 GetNewSecurityId();
110 /** sets data that describes the certificate.
112 It is absolutely necessary that the parameter ouX509IssuerName is set. It contains
113 the base64 encoded certificate, which is DER encoded. The XMLSec needs it to find
114 the private key. Although issuer name and certificate should be sufficient to identify
115 the certificate the implementation in XMLSec is broken, both for Windows and mozilla.
116 The reason is that they use functions to find the certificate which take as parameter
117 the DER encoded ASN.1 issuer name. The issuer name is a DName, where most attributes
118 are of type DirectoryName, which is a choice of 5 string types. This information is
119 not contained in the issuer string and while it is converted to the ASN.1 name the
120 conversion function must assume a particular type, which is often wrong. For example,
121 the Windows function CertStrToName will use a T.61 string if the string does not contain
122 special characters. So if the certificate uses simple characters but encodes the
123 issuer attributes in Utf8, then CertStrToName will use T.61. The resulting DER encoded
124 ASN.1 name now contains different bytes which indicate the string type. The functions
125 for finding the certificate apparently use memcmp - hence they fail to find the
126 certificate.
128 void SetX509Certificate(sal_Int32 nSecurityId, const OUString& ouX509IssuerName,
129 const OUString& ouX509SerialNumber, const OUString& ouX509Cert, const OUString& ouX509CertDigest,
130 svl::crypto::SignatureMethodAlgorithm eAlgorithmID);
132 void AddEncapsulatedX509Certificate(const OUString& ouEncapsulatedX509Certificate);
134 void SetGpgCertificate(sal_Int32 nSecurityId, const OUString& ouGpgCertDigest,
135 const OUString& ouGpgCert, const OUString& ouGpgOwner);
137 void SetDateTime( sal_Int32 nSecurityId, const DateTime& rDateTime );
138 void SetDescription(sal_Int32 nSecurityId, const OUString& rDescription);
139 void SetSignatureLineId(sal_Int32 nSecurityId, const OUString& rSignatureLineId);
140 void
141 SetSignatureLineValidGraphic(sal_Int32 nSecurityId,
142 const css::uno::Reference<css::graphic::XGraphic>& xValidGraphic);
143 void SetSignatureLineInvalidGraphic(
144 sal_Int32 nSecurityId, const css::uno::Reference<css::graphic::XGraphic>& xInvalidGraphic);
146 void AddForSigning( sal_Int32 securityId, const OUString& uri, bool bBinary, bool bXAdESCompliantIfODF );
147 void CreateAndWriteSignature( const css::uno::Reference< css::xml::sax::XDocumentHandler >& xDocumentHandler, bool bXAdESCompliantIfODF );
148 bool ReadAndVerifySignature( const css::uno::Reference< css::io::XInputStream >& xInputStream );
150 // MT: ??? I think only for adding/removing, not for new signatures...
151 // MM: Yes, but if you want to insert a new signature into an existing signature file, those function
152 // will be very useful, see Mission 3 in the new "multisigdemo" program :-)
153 css::uno::Reference< css::xml::sax::XWriter> CreateDocumentHandlerWithHeader( const css::uno::Reference< css::io::XOutputStream >& xOutputStream );
154 static void CloseDocumentHandler( const css::uno::Reference< css::xml::sax::XDocumentHandler>& xDocumentHandler );
155 static void ExportSignature(
156 const css::uno::Reference< css::xml::sax::XDocumentHandler >& xDocumentHandler,
157 const SignatureInformation& signatureInfo,
158 bool bXAdESCompliantIfODF );
160 /// Read and verify OOXML signatures.
161 bool ReadAndVerifySignatureStorage(const css::uno::Reference<css::embed::XStorage>& xStorage, bool bCacheLastSignature = true);
162 /// Read and verify a single OOXML signature.
163 bool ReadAndVerifySignatureStorageStream(const css::uno::Reference<css::io::XInputStream>& xInputStream);
164 /// Adds or removes an OOXML digital signature relation to _rels/.rels if there wasn't any before.
165 void EnsureSignaturesRelation(const css::uno::Reference<css::embed::XStorage>& xStorage, bool bAdd);
166 /// Given that xStorage is an OOXML _xmlsignatures storage, create origin.sigs and its relations.
167 void ExportSignatureRelations(const css::uno::Reference<css::embed::XStorage>& xStorage, int nSignatureCount);
168 /// Given that xSignatureStorage is an OOXML _xmlsignatures storage, create and write a new signature.
169 void CreateAndWriteOOXMLSignature(const css::uno::Reference<css::embed::XStorage>& xRootStorage, const css::uno::Reference<css::embed::XStorage>& xSignatureStorage, int nSignatureIndex);
170 /// Similar to CreateAndWriteOOXMLSignature(), but used to write the signature to the persistent storage, not the temporary one.
171 void ExportOOXMLSignature(const css::uno::Reference<css::embed::XStorage>& xRootStorage, const css::uno::Reference<css::embed::XStorage>& xSignatureStorage, const SignatureInformation& rInformation, int nSignatureIndex);
172 /// Given that xStorage is an OOXML root storage, advertise signatures in its [Content_Types].xml stream.
173 void ExportSignatureContentTypes(const css::uno::Reference<css::embed::XStorage>& xStorage, int nSignatureCount);
176 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */