search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
calc: on editing invalidation of view with different zoom is wrong
[LibreOffice.git] / xmlsecurity / source / component / documentdigitalsignatures.cxx
blob990fa5dea739284470af7f6cb60cf7afe7cac2ba
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3 * This file is part of the LibreOffice project.
4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 *
9 * This file incorporates work covered by the following license notice:
10 *
11 * Licensed to the Apache Software Foundation (ASF) under one or more
12 * contributor license agreements. See the NOTICE file distributed
13 * with this work for additional information regarding copyright
14 * ownership. The ASF licenses this file to you under the Apache
15 * License, Version 2.0 (the "License"); you may not use this file
16 * except in compliance with the License. You may obtain a copy of
17 * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18 */
19
20 #include <resourcemanager.hxx>
21
22 #include <certificate.hxx>
23 #include <certificatechooser.hxx>
24 #include <certificateviewer.hxx>
25 #include <digitalsignaturesdialog.hxx>
26 #include <macrosecurity.hxx>
27 #include <biginteger.hxx>
28 #include <strings.hrc>
29 #include <pdfsignaturehelper.hxx>
30 #include <sax/tools/converter.hxx>
31
32 #include <com/sun/star/embed/XStorage.hpp>
33 #include <com/sun/star/embed/StorageFormats.hpp>
34 #include <com/sun/star/embed/XTransactedObject.hpp>
35 #include <com/sun/star/embed/ElementModes.hpp>
36 #include <com/sun/star/lang/XInitialization.hpp>
37 #include <com/sun/star/lang/XServiceInfo.hpp>
38 #include <com/sun/star/ucb/XContent.hpp>
39 #include <com/sun/star/ucb/XContentIdentifierFactory.hpp>
40 #include <com/sun/star/ucb/XCommandEnvironment.hpp>
41 #include <com/sun/star/ucb/XCommandProcessor.hpp>
42 #include <com/sun/star/ucb/Command.hpp>
43 #include <com/sun/star/uno/SecurityException.hpp>
44 #include <vcl/weld.hxx>
45 #include <vcl/svapp.hxx>
46 #include <tools/date.hxx>
47 #include <tools/time.hxx>
48 #include <unotools/securityoptions.hxx>
49 #include <com/sun/star/security/CertificateValidity.hpp>
50 #include <com/sun/star/security/CertificateKind.hpp>
51 #include <comphelper/base64.hxx>
52 #include <comphelper/documentconstants.hxx>
53 #include <comphelper/propertyvalue.hxx>
54 #include <comphelper/sequence.hxx>
55 #include <cppuhelper/implbase.hxx>
56 #include <comphelper/xmlsechelper.hxx>
57 #include <cppuhelper/supportsservice.hxx>
58 #include <sal/log.hxx>
59 #include <com/sun/star/lang/IllegalArgumentException.hpp>
60 #include <com/sun/star/security/XDocumentDigitalSignatures.hpp>
61 #include <com/sun/star/xml/crypto/XXMLSecurityContext.hpp>
62 #include <sfx2/digitalsignatures.hxx>
63
64 #include <map>
65
66 using namespace css;
67 using namespace css::uno;
68 using namespace css::lang;
69 using namespace css::security;
70 using namespace css::xml::crypto;
71
72 namespace {
73 class DocumentDigitalSignatures
74 : public cppu::WeakImplHelper<css::security::XDocumentDigitalSignatures,
75 css::lang::XInitialization, css::lang::XServiceInfo>,
76 public sfx2::DigitalSignatures
77 {
78 private:
79 css::uno::Reference<css::uno::XComponentContext> mxCtx;
80 css::uno::Reference<css::awt::XWindow> mxParentWindow;
81
82 /// will be set by XInitialization. If not we assume true. false means an earlier version (whatever that means,
83 /// this is a string, not a boolean).
84 /// Note that the code talks about "ODF version" even if this class is also used to sign OOXML.
85 OUString m_sODFVersion;
86 /// The number of arguments which were passed in XInitialization::initialize
87 int m_nArgumentsCount;
88 /// Indicates if the document already contains a document signature
89 bool m_bHasDocumentSignature;
90
91 /// @throws css::uno::RuntimeException
92 bool ImplViewSignatures(const css::uno::Reference<css::embed::XStorage>& rxStorage,
93 const css::uno::Reference<css::io::XStream>& xSignStream,
94 DocumentSignatureMode eMode, bool bReadOnly);
95 /// @throws css::uno::RuntimeException
96 void ImplViewSignatures(const css::uno::Reference<css::embed::XStorage>& rxStorage,
97 const css::uno::Reference<css::io::XInputStream>& xSignStream,
98 DocumentSignatureMode eMode, bool bReadOnly);
99 /// @throws css::uno::RuntimeException
100 css::uno::Sequence<css::security::DocumentSignatureInformation>
101 ImplVerifySignatures(const css::uno::Reference<css::embed::XStorage>& rxStorage,
102 const ::com::sun::star::uno::Reference<css::io::XInputStream>& xSignStream,
103 DocumentSignatureMode eMode);
104
105 css::uno::Sequence<css::uno::Reference<css::security::XCertificate>>
106 chooseCertificatesImpl(std::map<OUString, OUString>& rProperties, const UserAction eAction,
107 const CertificateKind certificateKind=CertificateKind_NONE);
108
109 bool
110 signWithCertificateImpl(const uno::Reference<frame::XModel>& /*xModel*/,
111 css::uno::Reference<css::security::XCertificate> const& xCertificate,
112 css::uno::Reference<css::embed::XStorage> const& xStorage,
113 css::uno::Reference<css::io::XStream> const& xStream,
114 DocumentSignatureMode eMode);
115
116 public:
117 explicit DocumentDigitalSignatures(
118 const css::uno::Reference<css::uno::XComponentContext>& rxCtx);
119
120 //XInitialization
121 void SAL_CALL initialize(const css::uno::Sequence<css::uno::Any>& aArguments) override;
122
123 OUString SAL_CALL getImplementationName() override;
124
125 sal_Bool SAL_CALL supportsService(OUString const& ServiceName) override;
126
127 css::uno::Sequence<OUString> SAL_CALL getSupportedServiceNames() override;
128
129 // XDocumentDigitalSignatures
130 sal_Bool SAL_CALL
131 signDocumentContent(const css::uno::Reference<css::embed::XStorage>& xStorage,
132 const css::uno::Reference<css::io::XStream>& xSignStream) override;
133 sal_Bool SAL_CALL signSignatureLine(
134 const css::uno::Reference<css::embed::XStorage>& Storage,
135 const css::uno::Reference<css::io::XStream>& xSignStream, const OUString& aSignatureLineId,
136 const Reference<css::security::XCertificate>& xCertificate,
137 const Reference<css::graphic::XGraphic>& xValidGraphic,
138 const Reference<css::graphic::XGraphic>& xInvalidGraphic,
139 const OUString& aComment) override;
140 css::uno::Sequence<css::security::DocumentSignatureInformation>
141 SAL_CALL verifyDocumentContentSignatures(
142 const css::uno::Reference<css::embed::XStorage>& xStorage,
143 const css::uno::Reference<css::io::XInputStream>& xSignInStream) override;
144 void SAL_CALL showDocumentContentSignatures(
145 const css::uno::Reference<css::embed::XStorage>& xStorage,
146 const css::uno::Reference<css::io::XInputStream>& xSignInStream) override;
147 OUString SAL_CALL getDocumentContentSignatureDefaultStreamName() override;
148 sal_Bool SAL_CALL
149 signScriptingContent(const css::uno::Reference<css::embed::XStorage>& xStorage,
150 const css::uno::Reference<css::io::XStream>& xSignStream) override;
151 css::uno::Sequence<css::security::DocumentSignatureInformation>
152 SAL_CALL verifyScriptingContentSignatures(
153 const css::uno::Reference<css::embed::XStorage>& xStorage,
154 const css::uno::Reference<css::io::XInputStream>& xSignInStream) override;
155 void SAL_CALL showScriptingContentSignatures(
156 const css::uno::Reference<css::embed::XStorage>& xStorage,
157 const css::uno::Reference<css::io::XInputStream>& xSignInStream) override;
158 OUString SAL_CALL getScriptingContentSignatureDefaultStreamName() override;
159 sal_Bool SAL_CALL
160 signPackage(const css::uno::Reference<css::embed::XStorage>& Storage,
161 const css::uno::Reference<css::io::XStream>& xSignStream) override;
162 css::uno::Sequence<css::security::DocumentSignatureInformation>
163 SAL_CALL verifyPackageSignatures(
164 const css::uno::Reference<css::embed::XStorage>& Storage,
165 const css::uno::Reference<css::io::XInputStream>& xSignInStream) override;
166 void SAL_CALL
167 showPackageSignatures(const css::uno::Reference<css::embed::XStorage>& xStorage,
168 const css::uno::Reference<css::io::XInputStream>& xSignInStream) override;
169 OUString SAL_CALL getPackageSignatureDefaultStreamName() override;
170 void SAL_CALL
171 showCertificate(const css::uno::Reference<css::security::XCertificate>& Certificate) override;
172 void SAL_CALL manageTrustedSources() override;
173 sal_Bool SAL_CALL
174 isAuthorTrusted(const css::uno::Reference<css::security::XCertificate>& Author) override;
175 sal_Bool SAL_CALL isLocationTrusted(const OUString& Location) override;
176 void SAL_CALL addAuthorToTrustedSources(
177 const css::uno::Reference<css::security::XCertificate>& Author) override;
178 void SAL_CALL addLocationToTrustedSources(const OUString& Location) override;
179
180 css::uno::Reference<css::security::XCertificate>
181 SAL_CALL chooseCertificate(OUString& rDescription) override;
182 css::uno::Reference<css::security::XCertificate>
183 SAL_CALL chooseSigningCertificate(OUString& rDescription) override;
184 css::uno::Reference<css::security::XCertificate>
185 SAL_CALL selectSigningCertificate(OUString& rDescription) override;
186 css::uno::Reference<css::security::XCertificate>
187 SAL_CALL selectSigningCertificateWithType(const CertificateKind certificateKind,
188 OUString& rDescription) override;
189 css::uno::Sequence<css::uno::Reference<css::security::XCertificate>>
190 SAL_CALL chooseEncryptionCertificate() override;
191 css::uno::Reference<css::security::XCertificate> SAL_CALL chooseCertificateWithProps(
192 css::uno::Sequence<::com::sun::star::beans::PropertyValue>& Properties) override;
193
194 sal_Bool SAL_CALL signDocumentWithCertificate(
195 css::uno::Reference<css::security::XCertificate> const & xCertificate,
196 css::uno::Reference<css::embed::XStorage> const & xStoragexStorage,
197 css::uno::Reference<css::io::XStream> const & xStream) override;
198
199 sal_Bool SAL_CALL signPackageWithCertificate(
200 css::uno::Reference<css::security::XCertificate> const& xCertificate,
201 css::uno::Reference<css::embed::XStorage> const& xStoragexStorage,
202 css::uno::Reference<css::io::XStream> const& xStream) override;
203
204 sal_Bool SAL_CALL signScriptingContentWithCertificate(
205 css::uno::Reference<css::security::XCertificate> const& xCertificate,
206 css::uno::Reference<css::embed::XStorage> const& xStoragexStorage,
207 css::uno::Reference<css::io::XStream> const& xStream) override;
208
209 void SAL_CALL setParentWindow(const css::uno::Reference<css::awt::XWindow>& rParentwindow) override
210 {
211 mxParentWindow = rParentwindow;
212 }
213
214 /// See sfx2::DigitalSignatures::SignModelWithCertificate().
215 bool
216 SignModelWithCertificate(const css::uno::Reference<css::frame::XModel>& xModel,
217 const css::uno::Reference<css::security::XCertificate>& xCertificate,
218 const css::uno::Reference<css::embed::XStorage>& xStorage,
219 const css::uno::Reference<css::io::XStream>& xStream) override;
220 };
221
222 }
223
224 DocumentDigitalSignatures::DocumentDigitalSignatures( const Reference< XComponentContext >& rxCtx ):
225 mxCtx(rxCtx),
226 m_sODFVersion(ODFVER_013_TEXT),
227 m_nArgumentsCount(0),
228 m_bHasDocumentSignature(false)
229 {
230 }
231
232 void DocumentDigitalSignatures::initialize( const Sequence< Any >& aArguments)
233 {
234 if (aArguments.getLength() > 2)
235 throw css::lang::IllegalArgumentException(
236 "DocumentDigitalSignatures::initialize requires zero, one, or two arguments",
237 static_cast<XInitialization*>(this), 0);
238
239 m_nArgumentsCount = aArguments.getLength();
240
241 if (!aArguments.hasElements())
242 return;
243
244 if (!(aArguments[0] >>= m_sODFVersion))
245 throw css::lang::IllegalArgumentException(
246 "DocumentDigitalSignatures::initialize: the first arguments must be a string",
247 static_cast<XInitialization*>(this), 0);
248
249 if (aArguments.getLength() == 2
250 && !(aArguments[1] >>= m_bHasDocumentSignature))
251 throw css::lang::IllegalArgumentException(
252 "DocumentDigitalSignatures::initialize: the second arguments must be a bool",
253 static_cast<XInitialization*>(this), 1);
254
255 //the Version is supported as of ODF1.2, so for and 1.1 document or older we will receive the
256 //an empty string. In this case we set it to ODFVER_010_TEXT. Then we can later check easily
257 //if initialize was called. Only then m_sODFVersion.getLength() is greater than 0
258 if (m_sODFVersion.isEmpty())
259 m_sODFVersion = ODFVER_010_TEXT;
260 }
261
262 OUString DocumentDigitalSignatures::getImplementationName()
263 {
264 return "com.sun.star.security.DocumentDigitalSignatures";
265 }
266
267 sal_Bool DocumentDigitalSignatures::supportsService(
268 OUString const & ServiceName)
269 {
270 return cppu::supportsService(this, ServiceName);
271 }
272
273 css::uno::Sequence<OUString>
274 DocumentDigitalSignatures::getSupportedServiceNames()
275 {
276 Sequence<OUString> aRet{ "com.sun.star.security.DocumentDigitalSignatures" };
277 return aRet;
278 }
279
280 sal_Bool DocumentDigitalSignatures::signDocumentContent(
281 const Reference< css::embed::XStorage >& rxStorage,
282 const Reference< css::io::XStream >& xSignStream)
283 {
284 OSL_ENSURE(!m_sODFVersion.isEmpty(), "DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
285 return ImplViewSignatures( rxStorage, xSignStream, DocumentSignatureMode::Content, false );
286 }
287
288 sal_Bool DocumentDigitalSignatures::signSignatureLine(
289 const Reference<css::embed::XStorage>& rxStorage,
290 const Reference<css::io::XStream>& xSignStream,
291 const OUString& aSignatureLineId,
292 const Reference<css::security::XCertificate>& xCertificate,
293 const Reference<css::graphic::XGraphic>& xValidGraphic,
294 const Reference<css::graphic::XGraphic>& xInvalidGraphic,
295 const OUString& aComment)
296 {
297 OSL_ENSURE(!m_sODFVersion.isEmpty(),
298 "DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
299
300 DocumentSignatureManager aSignatureManager(mxCtx, DocumentSignatureMode::Content);
301
302 if (!aSignatureManager.init())
303 return false;
304
305 aSignatureManager.setStore(rxStorage);
306 aSignatureManager.getSignatureHelper().SetStorage(rxStorage, m_sODFVersion);
307 aSignatureManager.setSignatureStream(xSignStream);
308
309 Reference<XXMLSecurityContext> xSecurityContext;
310 Reference<XServiceInfo> xServiceInfo(xCertificate, UNO_QUERY);
311 if (xServiceInfo->getImplementationName()
312 == "com.sun.star.xml.security.gpg.XCertificate_GpgImpl")
313 xSecurityContext = aSignatureManager.getGpgSecurityContext();
314 else
315 xSecurityContext = aSignatureManager.getSecurityContext();
316
317 sal_Int32 nSecurityId;
318 bool bSuccess = aSignatureManager.add(xCertificate, xSecurityContext, aComment, nSecurityId,
319 true, aSignatureLineId, xValidGraphic, xInvalidGraphic);
320 if (!bSuccess)
321 return false;
322
323 // Need to have this to verify the signature
324 aSignatureManager.read(/*bUseTempStream=*/true, /*bCacheLastSignature=*/false);
325 aSignatureManager.write(true);
326
327 if (rxStorage.is() && !xSignStream.is())
328 {
329 uno::Reference<embed::XTransactedObject> xTrans(rxStorage, uno::UNO_QUERY);
330 xTrans->commit();
331 }
332
333 return true;
334 }
335
336 Sequence< css::security::DocumentSignatureInformation >
337 DocumentDigitalSignatures::verifyDocumentContentSignatures(
338 const Reference< css::embed::XStorage >& rxStorage,
339 const Reference< css::io::XInputStream >& xSignInStream )
340 {
341 OSL_ENSURE(!m_sODFVersion.isEmpty(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
342 return ImplVerifySignatures( rxStorage, xSignInStream, DocumentSignatureMode::Content );
343 }
344
345 void DocumentDigitalSignatures::showDocumentContentSignatures(
346 const Reference< css::embed::XStorage >& rxStorage,
347 const Reference< css::io::XInputStream >& xSignInStream )
348 {
349 OSL_ENSURE(!m_sODFVersion.isEmpty(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
350 ImplViewSignatures( rxStorage, xSignInStream, DocumentSignatureMode::Content, true );
351 }
352
353 OUString DocumentDigitalSignatures::getDocumentContentSignatureDefaultStreamName()
354 {
355 return DocumentSignatureHelper::GetDocumentContentSignatureDefaultStreamName();
356 }
357
358 sal_Bool DocumentDigitalSignatures::signScriptingContent(
359 const Reference< css::embed::XStorage >& rxStorage,
360 const Reference< css::io::XStream >& xSignStream )
361 {
362 OSL_ENSURE(!m_sODFVersion.isEmpty(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
363 OSL_ENSURE(m_nArgumentsCount == 2, "DocumentDigitalSignatures: Service was not initialized properly");
364 return ImplViewSignatures( rxStorage, xSignStream, DocumentSignatureMode::Macros, false );
365 }
366
367 Sequence< css::security::DocumentSignatureInformation >
368 DocumentDigitalSignatures::verifyScriptingContentSignatures(
369 const Reference< css::embed::XStorage >& rxStorage,
370 const Reference< css::io::XInputStream >& xSignInStream )
371 {
372 OSL_ENSURE(!m_sODFVersion.isEmpty(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
373 return ImplVerifySignatures( rxStorage, xSignInStream, DocumentSignatureMode::Macros );
374 }
375
376 void DocumentDigitalSignatures::showScriptingContentSignatures(
377 const Reference< css::embed::XStorage >& rxStorage,
378 const Reference< css::io::XInputStream >& xSignInStream )
379 {
380 OSL_ENSURE(!m_sODFVersion.isEmpty(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
381 ImplViewSignatures( rxStorage, xSignInStream, DocumentSignatureMode::Macros, true );
382 }
383
384 OUString DocumentDigitalSignatures::getScriptingContentSignatureDefaultStreamName()
385 {
386 return DocumentSignatureHelper::GetScriptingContentSignatureDefaultStreamName();
387 }
388
389
390 sal_Bool DocumentDigitalSignatures::signPackage(
391 const Reference< css::embed::XStorage >& rxStorage,
392 const Reference< css::io::XStream >& xSignStream )
393 {
394 OSL_ENSURE(!m_sODFVersion.isEmpty(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
395 return ImplViewSignatures( rxStorage, xSignStream, DocumentSignatureMode::Package, false );
396 }
397
398 Sequence< css::security::DocumentSignatureInformation >
399 DocumentDigitalSignatures::verifyPackageSignatures(
400 const Reference< css::embed::XStorage >& rxStorage,
401 const Reference< css::io::XInputStream >& xSignInStream )
402 {
403 OSL_ENSURE(!m_sODFVersion.isEmpty(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
404 return ImplVerifySignatures( rxStorage, xSignInStream, DocumentSignatureMode::Package );
405 }
406
407 void DocumentDigitalSignatures::showPackageSignatures(
408 const Reference< css::embed::XStorage >& rxStorage,
409 const Reference< css::io::XInputStream >& xSignInStream )
410 {
411 OSL_ENSURE(!m_sODFVersion.isEmpty(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
412 ImplViewSignatures( rxStorage, xSignInStream, DocumentSignatureMode::Package, true );
413 }
414
415 OUString DocumentDigitalSignatures::getPackageSignatureDefaultStreamName( )
416 {
417 return DocumentSignatureHelper::GetPackageSignatureDefaultStreamName();
418 }
419
420
421 void DocumentDigitalSignatures::ImplViewSignatures(
422 const Reference< css::embed::XStorage >& rxStorage,
423 const Reference< css::io::XInputStream >& xSignStream,
424 DocumentSignatureMode eMode, bool bReadOnly )
425 {
426 Reference< io::XStream > xStream;
427 if ( xSignStream.is() )
428 xStream.set( xSignStream, UNO_QUERY );
429 ImplViewSignatures( rxStorage, xStream, eMode, bReadOnly );
430 }
431
432 bool DocumentDigitalSignatures::ImplViewSignatures(
433 const Reference< css::embed::XStorage >& rxStorage, const Reference< css::io::XStream >& xSignStream,
434 DocumentSignatureMode eMode, bool bReadOnly )
435 {
436 bool bChanges = false;
437 auto xSignaturesDialog = std::make_shared<DigitalSignaturesDialog>(
438 Application::GetFrameWeld(mxParentWindow), mxCtx, eMode, bReadOnly, m_sODFVersion,
439 m_bHasDocumentSignature);
440 bool bInit = xSignaturesDialog->Init();
441 SAL_WARN_IF( !bInit, "xmlsecurity.comp", "Error initializing security context!" );
442 if ( bInit )
443 {
444 xSignaturesDialog->SetStorage(rxStorage);
445
446 xSignaturesDialog->SetSignatureStream( xSignStream );
447
448 if (bReadOnly)
449 {
450 xSignaturesDialog->beforeRun();
451 weld::DialogController::runAsync(xSignaturesDialog, [] (sal_Int32) {});
452 return false;
453 }
454 else if (xSignaturesDialog->run() == RET_OK)
455 {
456 if (xSignaturesDialog->SignaturesChanged())
457 {
458 bChanges = true;
459 // If we have a storage and no stream, we are responsible for commit
460 if ( rxStorage.is() && !xSignStream.is() )
461 {
462 uno::Reference< embed::XTransactedObject > xTrans( rxStorage, uno::UNO_QUERY );
463 xTrans->commit();
464 }
465 }
466 }
467 }
468 else
469 {
470 std::unique_ptr<weld::MessageDialog> xBox(Application::CreateMessageDialog(Application::GetFrameWeld(mxParentWindow),
471 VclMessageType::Warning, VclButtonsType::Ok,
472 XsResId(RID_XMLSECWB_NO_MOZILLA_PROFILE)));
473 xBox->run();
474 }
475
476 return bChanges;
477 }
478
479 Sequence< css::security::DocumentSignatureInformation >
480 DocumentDigitalSignatures::ImplVerifySignatures(
481 const Reference< css::embed::XStorage >& rxStorage,
482 const Reference< css::io::XInputStream >& xSignStream, DocumentSignatureMode eMode )
483 {
484 DocumentSignatureManager aSignatureManager(mxCtx, eMode);
485
486 bool bInit = aSignatureManager.init();
487
488 SAL_WARN_IF(!bInit, "xmlsecurity.comp", "Error initializing security context!");
489
490 if (!bInit)
491 return {};
492
493 if (!rxStorage.is())
494 {
495 if (xSignStream.is())
496 {
497 // Something not ZIP-based, try PDF.
498 PDFSignatureHelper& rSignatureHelper = aSignatureManager.getPDFSignatureHelper();
499 if (rSignatureHelper.ReadAndVerifySignature(xSignStream))
500 return rSignatureHelper.GetDocumentSignatureInformations(aSignatureManager.getSecurityEnvironment());
501 }
502
503 SAL_WARN( "xmlsecurity.comp", "Error, no XStorage provided");
504 return Sequence<css::security::DocumentSignatureInformation>();
505 }
506 // First check for the InputStream, to avoid unnecessary initialization of the security environment...
507 SignatureStreamHelper aStreamHelper;
508 Reference< io::XInputStream > xInputStream = xSignStream;
509
510 if ( !xInputStream.is() )
511 {
512 aStreamHelper = DocumentSignatureHelper::OpenSignatureStream( rxStorage, embed::ElementModes::READ, eMode );
513 if ( aStreamHelper.xSignatureStream.is() )
514 xInputStream.set( aStreamHelper.xSignatureStream, UNO_QUERY );
515 }
516
517 if (!xInputStream.is() && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
518 return {};
519
520
521 XMLSignatureHelper& rSignatureHelper = aSignatureManager.getSignatureHelper();
522 rSignatureHelper.SetStorage(rxStorage, m_sODFVersion);
523
524 rSignatureHelper.StartMission(aSignatureManager.getSecurityContext());
525
526 if (xInputStream.is())
527 rSignatureHelper.ReadAndVerifySignature(xInputStream);
528 else if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
529 rSignatureHelper.ReadAndVerifySignatureStorage(aStreamHelper.xSignatureStorage);
530
531 rSignatureHelper.EndMission();
532
533 uno::Reference<xml::crypto::XSecurityEnvironment> xSecEnv = aSignatureManager.getSecurityEnvironment();
534 uno::Reference<xml::crypto::XSecurityEnvironment> xGpgSecEnv = aSignatureManager.getGpgSecurityEnvironment();
535
536 SignatureInformations aSignInfos = rSignatureHelper.GetSignatureInformations();
537 int nInfos = aSignInfos.size();
538 Sequence< css::security::DocumentSignatureInformation > aInfos(nInfos);
539 css::security::DocumentSignatureInformation* arInfos = aInfos.getArray();
540
541 for (int n = 0; n < nInfos; ++n)
542 {
543 DocumentSignatureAlgorithm mode
544 = DocumentSignatureHelper::getDocumentAlgorithm(m_sODFVersion, aSignInfos[n]);
545 const std::vector<OUString> aElementsToBeVerified
546 = DocumentSignatureHelper::CreateElementList(rxStorage, eMode, mode);
547
548 const SignatureInformation& rInfo = aSignInfos[n];
549 css::security::DocumentSignatureInformation& rSigInfo = arInfos[n];
550
551 if (!rInfo.X509Datas.empty()) // X.509
552 {
553 std::vector<uno::Reference<XCertificate>> certs(
554 rSignatureHelper.CheckAndUpdateSignatureInformation(
555 xSecEnv, rInfo));
556 if (certs.empty())
557 {
558 rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID;
559 }
560 else
561 {
562 rSigInfo.Signer = certs.back();
563 // get only intermediates
564 certs.pop_back();
565 // On Windows checking the certificate path is buggy. It does name matching (issuer, subject name)
566 // to find the parent certificate. It does not take into account that there can be several certificates
567 // with the same subject name.
568 try
569 {
570 rSigInfo.CertificateStatus = xSecEnv->verifyCertificate(
571 rSigInfo.Signer, comphelper::containerToSequence(certs));
572 }
573 catch (SecurityException&)
574 {
575 SAL_WARN("xmlsecurity.comp", "Verification of certificate failed");
576 rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID;
577 }
578 }
579 }
580 else if (!rInfo.ouGpgCertificate.isEmpty() && xGpgSecEnv.is()) // GPG
581 {
582 // TODO not ideal to retrieve cert by keyID, might
583 // collide, or PGPKeyID format might change - can't we
584 // keep the xCert itself in rInfo?
585 rSigInfo.Signer = xGpgSecEnv->getCertificate(
586 rInfo.ouGpgKeyID, xmlsecurity::numericStringToBigInteger(u""));
587 rSigInfo.CertificateStatus = xGpgSecEnv->verifyCertificate(
588 rSigInfo.Signer, Sequence<Reference<css::security::XCertificate>>());
589 }
590
591 // Time support again (#i38744#)
592 Date aDate(rInfo.stDateTime.Day, rInfo.stDateTime.Month, rInfo.stDateTime.Year);
593 tools::Time aTime(rInfo.stDateTime.Hours, rInfo.stDateTime.Minutes,
594 rInfo.stDateTime.Seconds, rInfo.stDateTime.NanoSeconds);
595 rSigInfo.SignatureDate = aDate.GetDate();
596 rSigInfo.SignatureTime = aTime.GetTime() / tools::Time::nanoPerCenti;
597
598 rSigInfo.SignatureIsValid
599 = (rInfo.nStatus == css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED);
600
601 // Signature line info (ID + Images)
602 if (!rInfo.ouSignatureLineId.isEmpty())
603 rSigInfo.SignatureLineId = rInfo.ouSignatureLineId;
604
605 if (rInfo.aValidSignatureImage.is())
606 rSigInfo.ValidSignatureLineImage = rInfo.aValidSignatureImage;
607
608 if (rInfo.aInvalidSignatureImage.is())
609 rSigInfo.InvalidSignatureLineImage = rInfo.aInvalidSignatureImage;
610
611 // OOXML intentionally doesn't sign metadata.
612 if (rSigInfo.SignatureIsValid
613 && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
614 {
615 rSigInfo.SignatureIsValid = DocumentSignatureHelper::checkIfAllFilesAreSigned(
616 aElementsToBeVerified, rInfo, mode);
617 }
618 if (eMode == DocumentSignatureMode::Content)
619 {
620 if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
621 rSigInfo.PartialDocumentSignature = true;
622 else
623 rSigInfo.PartialDocumentSignature
624 = !DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos[n]);
625 }
626 }
627
628 return aInfos;
629
630 }
631
632 void DocumentDigitalSignatures::manageTrustedSources( )
633 {
634 // MT: i45295
635 // SecEnv is only needed to display certificate information from trusted sources.
636 // Macro Security also has some options where no security environment is needed, so raise dialog anyway.
637 // Later I should change the code so the Dialog creates the SecEnv on demand...
638
639 Reference< css::xml::crypto::XSecurityEnvironment > xSecEnv;
640
641 DocumentSignatureManager aSignatureManager(mxCtx, {});
642 if (aSignatureManager.init())
643 xSecEnv = aSignatureManager.getSecurityEnvironment();
644
645 MacroSecurity aDlg(Application::GetFrameWeld(mxParentWindow), xSecEnv);
646 aDlg.run();
647 }
648
649 void DocumentDigitalSignatures::showCertificate(
650 const Reference< css::security::XCertificate >& Certificate )
651 {
652 DocumentSignatureManager aSignatureManager(mxCtx, {});
653
654 bool bInit = aSignatureManager.init();
655
656 SAL_WARN_IF( !bInit, "xmlsecurity.comp", "Error initializing security context!" );
657
658 if ( bInit )
659 {
660 CertificateViewer aViewer(Application::GetFrameWeld(mxParentWindow), aSignatureManager.getSecurityEnvironment(), Certificate, false, nullptr);
661 aViewer.run();
662 }
663 }
664
665 sal_Bool DocumentDigitalSignatures::isAuthorTrusted(
666 const Reference<css::security::XCertificate>& xAuthor)
667 {
668 if (!xAuthor.is())
669 {
670 return false;
671 }
672 OUString sSerialNum = xmlsecurity::bigIntegerToNumericString(xAuthor->getSerialNumber());
673
674 std::vector< SvtSecurityOptions::Certificate > aTrustedAuthors = SvtSecurityOptions::GetTrustedAuthors();
675
676 return std::any_of(aTrustedAuthors.begin(), aTrustedAuthors.end(),
677 [this, &xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) {
678 if (!xmlsecurity::EqualDistinguishedNames(rAuthor.SubjectName, xAuthor->getIssuerName(), xmlsecurity::NOCOMPAT))
679 return false;
680 if (rAuthor.SerialNumber != sSerialNum)
681 return false;
682
683 DocumentSignatureManager aSignatureManager(mxCtx, {});
684 if (!aSignatureManager.init())
685 return false;
686 uno::Reference<css::security::XCertificate> xCert = aSignatureManager.getSecurityEnvironment()->createCertificateFromAscii(rAuthor.RawData);
687
688 auto pAuthor = dynamic_cast<xmlsecurity::Certificate*>(xAuthor.get());
689 auto pCert = dynamic_cast<xmlsecurity::Certificate*>(xCert.get());
690 if (pAuthor && pCert)
691 return pCert->getSHA256Thumbprint() == pAuthor->getSHA256Thumbprint();
692
693 return xCert->getSHA1Thumbprint() == xAuthor->getSHA1Thumbprint();
694 });
695 }
696
697 uno::Sequence<Reference<css::security::XCertificate>>
698 DocumentDigitalSignatures::chooseCertificatesImpl(std::map<OUString, OUString>& rProperties,
699 const UserAction eAction,
700 const CertificateKind certificateKind)
701 {
702 std::vector< Reference< css::xml::crypto::XXMLSecurityContext > > xSecContexts;
703
704 DocumentSignatureManager aSignatureManager(mxCtx, {});
705 if (aSignatureManager.init()) {
706 xSecContexts.push_back(aSignatureManager.getSecurityContext());
707 // Don't include OpenPGP if only X.509 certs are requested
708 if (certificateKind == CertificateKind_NONE || certificateKind == CertificateKind_OPENPGP)
709 xSecContexts.push_back(aSignatureManager.getGpgSecurityContext());
710 }
711
712 CertificateChooser aChooser(Application::GetFrameWeld(mxParentWindow), std::move(xSecContexts), eAction);
713
714 if (aChooser.run() != RET_OK)
715 return { Reference< css::security::XCertificate >(nullptr) };
716
717 uno::Sequence< Reference< css::security::XCertificate > > xCerts = aChooser.GetSelectedCertificates();
718 rProperties["Description"] = aChooser.GetDescription();
719 rProperties["Usage"] = aChooser.GetUsageText();
720
721 return xCerts;
722 }
723
724 Reference< css::security::XCertificate > DocumentDigitalSignatures::chooseCertificate(OUString& rDescription)
725 {
726 return chooseSigningCertificate( rDescription );
727 }
728
729 Reference< css::security::XCertificate > DocumentDigitalSignatures::chooseSigningCertificate(OUString& rDescription)
730 {
731 std::map<OUString, OUString> aProperties;
732 Reference< css::security::XCertificate > xCert = chooseCertificatesImpl( aProperties, UserAction::Sign )[0];
733 rDescription = aProperties["Description"];
734 return xCert;
735 }
736
737 Reference< css::security::XCertificate > DocumentDigitalSignatures::selectSigningCertificate(OUString& rDescription)
738 {
739 std::map<OUString, OUString> aProperties;
740 Reference< css::security::XCertificate > xCert = chooseCertificatesImpl( aProperties, UserAction::SelectSign )[0];
741 rDescription = aProperties["Description"];
742 return xCert;
743 }
744
745 Reference<css::security::XCertificate>
746 DocumentDigitalSignatures::selectSigningCertificateWithType(const CertificateKind certificateKind,
747 OUString& rDescription)
748 {
749 std::map<OUString, OUString> aProperties;
750 Reference<css::security::XCertificate> xCert
751 = chooseCertificatesImpl(aProperties, UserAction::SelectSign, certificateKind)[0];
752 rDescription = aProperties["Description"];
753 return xCert;
754 }
755
756 css::uno::Sequence< Reference< css::security::XCertificate > > DocumentDigitalSignatures::chooseEncryptionCertificate()
757 {
758 std::map<OUString, OUString> aProperties;
759 uno::Sequence< Reference< css::security::XCertificate > > aCerts=
760 chooseCertificatesImpl( aProperties, UserAction::Encrypt );
761 if (aCerts.getLength() == 1 && !aCerts[0].is())
762 // our error case contract is: empty sequence, so map that!
763 return uno::Sequence< Reference< css::security::XCertificate > >();
764 else
765 return aCerts;
766 }
767
768 css::uno::Reference< css::security::XCertificate > DocumentDigitalSignatures::chooseCertificateWithProps(Sequence<::com::sun::star::beans::PropertyValue>& rProperties)
769 {
770 std::map<OUString, OUString> aProperties;
771 auto xCert = chooseCertificatesImpl( aProperties, UserAction::Sign )[0];
772
773 std::vector<css::beans::PropertyValue> vec;
774 vec.reserve(aProperties.size());
775 for (const auto& pair : aProperties)
776 {
777 vec.emplace_back(comphelper::makePropertyValue(pair.first, pair.second));
778 }
779
780 rProperties = comphelper::containerToSequence(vec);
781 return xCert;
782 }
783
784 sal_Bool DocumentDigitalSignatures::isLocationTrusted( const OUString& Location )
785 {
786 return SvtSecurityOptions::isTrustedLocationUri(Location);
787 }
788
789 void DocumentDigitalSignatures::addAuthorToTrustedSources(
790 const Reference< css::security::XCertificate >& Author )
791 {
792 SvtSecurityOptions::Certificate aNewCert;
793 aNewCert.SubjectName = Author->getIssuerName();
794 aNewCert.SerialNumber = xmlsecurity::bigIntegerToNumericString( Author->getSerialNumber() );
795
796 OUStringBuffer aStrBuffer;
797 ::comphelper::Base64::encode(aStrBuffer, Author->getEncoded());
798 aNewCert.RawData = aStrBuffer.makeStringAndClear();
799
800 std::vector< SvtSecurityOptions::Certificate > aTrustedAuthors = SvtSecurityOptions::GetTrustedAuthors();
801 aTrustedAuthors.push_back( aNewCert );
802 SvtSecurityOptions::SetTrustedAuthors( aTrustedAuthors );
803 }
804
805 void DocumentDigitalSignatures::addLocationToTrustedSources( const OUString& Location )
806 {
807 std::vector< OUString > aSecURLs = SvtSecurityOptions::GetSecureURLs();
808 aSecURLs.push_back(Location);
809
810 SvtSecurityOptions::SetSecureURLs( std::move(aSecURLs) );
811 }
812
813 sal_Bool DocumentDigitalSignatures::signDocumentWithCertificate(
814 css::uno::Reference<css::security::XCertificate> const & xCertificate,
815 css::uno::Reference<css::embed::XStorage> const & xStorage,
816 css::uno::Reference<css::io::XStream> const & xStream)
817 {
818 uno::Reference<frame::XModel> xModel;
819 return signWithCertificateImpl(xModel, xCertificate, xStorage, xStream,
820 DocumentSignatureMode::Content);
821 }
822
823 bool DocumentDigitalSignatures::SignModelWithCertificate(
824 const uno::Reference<frame::XModel>& xModel,
825 const css::uno::Reference<css::security::XCertificate>& xCertificate,
826 const css::uno::Reference<css::embed::XStorage>& xStorage,
827 const css::uno::Reference<css::io::XStream>& xStream)
828 {
829 return signWithCertificateImpl(xModel, xCertificate, xStorage, xStream,
830 DocumentSignatureMode::Content);
831 }
832
833 sal_Bool DocumentDigitalSignatures::signPackageWithCertificate(
834 css::uno::Reference<css::security::XCertificate> const& xCertificate,
835 css::uno::Reference<css::embed::XStorage> const& xStorage,
836 css::uno::Reference<css::io::XStream> const& xStream)
837 {
838 uno::Reference<frame::XModel> xModel;
839 return signWithCertificateImpl(xModel, xCertificate, xStorage, xStream,
840 DocumentSignatureMode::Package);
841 }
842
843 sal_Bool DocumentDigitalSignatures::signScriptingContentWithCertificate(
844 css::uno::Reference<css::security::XCertificate> const& xCertificate,
845 css::uno::Reference<css::embed::XStorage> const& xStorage,
846 css::uno::Reference<css::io::XStream> const& xStream)
847 {
848 uno::Reference<frame::XModel> xModel;
849 return signWithCertificateImpl(xModel, xCertificate, xStorage, xStream,
850 DocumentSignatureMode::Macros);
851 }
852
853 bool DocumentDigitalSignatures::signWithCertificateImpl(
854 const uno::Reference<frame::XModel>& xModel,
855 css::uno::Reference<css::security::XCertificate> const& xCertificate,
856 css::uno::Reference<css::embed::XStorage> const& xStorage,
857 css::uno::Reference<css::io::XStream> const& xStream, DocumentSignatureMode eMode)
858 {
859 OSL_ENSURE(!m_sODFVersion.isEmpty(),
860 "DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
861
862 DocumentSignatureManager aSignatureManager(mxCtx, eMode);
863
864 if (!aSignatureManager.init())
865 return false;
866
867 aSignatureManager.setStore(xStorage);
868 aSignatureManager.getSignatureHelper().SetStorage(xStorage, m_sODFVersion);
869 aSignatureManager.setSignatureStream(xStream);
870 aSignatureManager.setModel(xModel);
871
872 Reference<XXMLSecurityContext> xSecurityContext = aSignatureManager.getSecurityContext();
873
874 sal_Int32 nSecurityId;
875
876 bool bSuccess = aSignatureManager.add(xCertificate, xSecurityContext, "", nSecurityId, true);
877 if (!bSuccess)
878 return false;
879
880 aSignatureManager.read(/*bUseTempStream=*/true, /*bCacheLastSignature=*/false);
881 aSignatureManager.write(true);
882
883 if (xStorage.is() && !xStream.is())
884 {
885 uno::Reference<embed::XTransactedObject> xTransaction(xStorage, uno::UNO_QUERY);
886 xTransaction->commit();
887 }
888
889 return true;
890 }
891
892 extern "C" SAL_DLLPUBLIC_EXPORT uno::XInterface*
893 com_sun_star_security_DocumentDigitalSignatures_get_implementation(
894 uno::XComponentContext* pCtx, uno::Sequence<uno::Any> const& /*rSeq*/)
895 {
896 return cppu::acquire(
897 new DocumentDigitalSignatures(uno::Reference<uno::XComponentContext>(pCtx)));
898 }
899
900 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
FREE OFFICE SUITE