search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Version 7.6.3.2-android, tag libreoffice-7.6.3.2-android
[LibreOffice.git] / xmlsecurity / source / helper / documentsignaturehelper.cxx
blob8e666b14ba6e819af1f086945c244f80afcc9356
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3 * This file is part of the LibreOffice project.
4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 *
9 * This file incorporates work covered by the following license notice:
10 *
11 * Licensed to the Apache Software Foundation (ASF) under one or more
12 * contributor license agreements. See the NOTICE file distributed
13 * with this work for additional information regarding copyright
14 * ownership. The ASF licenses this file to you under the Apache
15 * License, Version 2.0 (the "License"); you may not use this file
16 * except in compliance with the License. You may obtain a copy of
17 * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18 */
19
20
21 #include <documentsignaturehelper.hxx>
22
23 #include <algorithm>
24 #include <functional>
25 #include <string_view>
26
27 #include <com/sun/star/io/IOException.hpp>
28 #include <com/sun/star/embed/XStorage.hpp>
29 #include <com/sun/star/embed/StorageFormats.hpp>
30 #include <com/sun/star/embed/ElementModes.hpp>
31 #include <com/sun/star/beans/StringPair.hpp>
32 #include <com/sun/star/beans/XPropertySet.hpp>
33 #include <com/sun/star/xml/sax/XDocumentHandler.hpp>
34
35 #include <comphelper/attributelist.hxx>
36 #include <comphelper/documentconstants.hxx>
37 #include <comphelper/ofopxmlhelper.hxx>
38 #include <comphelper/processfactory.hxx>
39 #include <osl/diagnose.h>
40 #include <rtl/ref.hxx>
41 #include <rtl/uri.hxx>
42 #include <sal/log.hxx>
43 #include <svx/xoutbmp.hxx>
44 #include <comphelper/diagnose_ex.hxx>
45 #include <o3tl/string_view.hxx>
46
47 #include <xsecctl.hxx>
48
49 using namespace ::com::sun::star;
50 using namespace ::com::sun::star::uno;
51 using namespace css::xml::sax;
52
53 namespace
54 {
55 std::u16string_view getElement(std::u16string_view version, size_t * index)
56 {
57 while (*index < version.size() && version[*index] == '0') {
58 ++*index;
59 }
60 return o3tl::getToken(version, u'.', *index);
61 }
62
63
64 // Return 1 if version1 is greater than version 2, 0 if they are equal
65 //and -1 if version1 is less version 2
66 int compareVersions(
67 std::u16string_view version1, std::u16string_view version2)
68 {
69 for (size_t i1 = 0, i2 = 0; i1 != std::u16string_view::npos || i2 != std::u16string_view::npos;) {
70 std::u16string_view e1(getElement(version1, &i1));
71 std::u16string_view e2(getElement(version2, &i2));
72 if (e1.size() < e2.size()) {
73 return -1;
74 } else if (e1.size() > e2.size()) {
75 return 1;
76 } else if (e1 < e2) {
77 return -1;
78 } else if (e1 > e2) {
79 return 1;
80 }
81 }
82 return 0;
83 }
84 }
85
86 static void ImplFillElementList(
87 std::vector< OUString >& rList, const Reference < css::embed::XStorage >& rxStore,
88 std::u16string_view rRootStorageName, const bool bRecursive,
89 const DocumentSignatureAlgorithm mode)
90 {
91 const Sequence< OUString > aElements = rxStore->getElementNames();
92
93 for ( const auto& rName : aElements )
94 {
95 if (rName == "[Content_Types].xml")
96 // OOXML
97 continue;
98
99 // If the user enabled validating according to OOo 3.0
100 // then mimetype and all content of META-INF must be excluded.
101 if (mode != DocumentSignatureAlgorithm::OOo3_2
102 && (rName == "META-INF" || rName == "mimetype"))
103 {
104 continue;
105 }
106 else
107 {
108 OUString sEncName = ::rtl::Uri::encode(
109 rName, rtl_UriCharClassRelSegment,
110 rtl_UriEncodeStrict, RTL_TEXTENCODING_UTF8);
111 if (sEncName.isEmpty() && !rName.isEmpty())
112 throw css::uno::RuntimeException("Failed to encode element name of XStorage", nullptr);
113
114 if ( rxStore->isStreamElement( rName ) )
115 {
116 //Exclude documentsignatures.xml!
117 if (rName ==
118 DocumentSignatureHelper::GetDocumentContentSignatureDefaultStreamName())
119 continue;
120 OUString aFullName( rRootStorageName + sEncName );
121 rList.push_back(aFullName);
122 }
123 else if ( bRecursive && rxStore->isStorageElement( rName ) )
124 {
125 Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( rName, css::embed::ElementModes::READ );
126 OUString aFullRootName( rRootStorageName + sEncName + "/" );
127 ImplFillElementList(rList, xSubStore, aFullRootName, bRecursive, mode);
128 }
129 }
130 }
131 }
132
133
134 bool DocumentSignatureHelper::isODFPre_1_2(std::u16string_view sVersion)
135 {
136 //The property version exists only if the document is at least version 1.2
137 //That is, if the document has version 1.1 and sVersion is empty.
138 //The constant is defined in comphelper/documentconstants.hxx
139 return compareVersions(sVersion, ODFVER_012_TEXT) == -1;
140 }
141
142 bool DocumentSignatureHelper::isOOo3_2_Signature(const SignatureInformation & sigInfo)
143 {
144 return std::any_of(sigInfo.vSignatureReferenceInfors.cbegin(),
145 sigInfo.vSignatureReferenceInfors.cend(),
146 [](const SignatureReferenceInformation& info) { return info.ouURI == "META-INF/manifest.xml"; });
147 }
148
149 DocumentSignatureAlgorithm
150 DocumentSignatureHelper::getDocumentAlgorithm(
151 std::u16string_view sODFVersion, const SignatureInformation & sigInfo)
152 {
153 OSL_ASSERT(!sODFVersion.empty());
154 DocumentSignatureAlgorithm mode = DocumentSignatureAlgorithm::OOo3_2;
155 if (!isOOo3_2_Signature(sigInfo))
156 {
157 if (isODFPre_1_2(sODFVersion))
158 mode = DocumentSignatureAlgorithm::OOo2;
159 else
160 mode = DocumentSignatureAlgorithm::OOo3_0;
161 }
162 return mode;
163 }
164
165 //The function creates a list of files which are to be signed or for which
166 //the signature is to be validated. The strings are UTF8 encoded URIs which
167 //contain '/' as path separators.
168 //
169 //The algorithm how document signatures are created and validated has
170 //changed over time. The change affects only which files within the document
171 //are changed. Document signatures created by OOo 2.x only used particular files. Since
172 //OOo 3.0 everything except "mimetype" and "META-INF" are signed. As of OOo 3.2 everything
173 //except META-INF/documentsignatures.xml is signed.
174 //Signatures are validated according to the algorithm which was then used for validation.
175 //That is, when validating a signature which was created by OOo 3.0, then mimetype and
176 //META-INF are not used.
177 //
178 //When a signature is created then we always use the latest algorithm. That is, we use
179 //that of OOo 3.2
180 std::vector< OUString >
181 DocumentSignatureHelper::CreateElementList(
182 const Reference < css::embed::XStorage >& rxStore,
183 DocumentSignatureMode eMode,
184 const DocumentSignatureAlgorithm mode)
185 {
186 std::vector< OUString > aElements;
187 OUString aSep( "/" );
188
189 switch ( eMode )
190 {
191 case DocumentSignatureMode::Content:
192 {
193 if (mode == DocumentSignatureAlgorithm::OOo2) //that is, ODF 1.0, 1.1
194 {
195 // 1) Main content
196 ImplFillElementList(aElements, rxStore, std::u16string_view(), false, mode);
197
198 // 2) Pictures...
199 OUString aSubStorageName( "Pictures" );
200 try
201 {
202 Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ );
203 ImplFillElementList(
204 aElements, xSubStore, Concat2View(aSubStorageName+aSep), true, mode);
205 }
206 catch(css::io::IOException& )
207 {
208 ; // Doesn't have to exist...
209 }
210 // 3) OLE...
211 aSubStorageName = "ObjectReplacements";
212 try
213 {
214 Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ );
215 ImplFillElementList(
216 aElements, xSubStore, Concat2View(aSubStorageName+aSep), true, mode);
217 xSubStore.clear();
218
219 // Object folders...
220 const Sequence< OUString > aElementNames = rxStore->getElementNames();
221 for ( const auto& rName : aElementNames )
222 {
223 if ( ( rName.match( "Object " ) ) && rxStore->isStorageElement( rName ) )
224 {
225 Reference < css::embed::XStorage > xTmpSubStore = rxStore->openStorageElement( rName, css::embed::ElementModes::READ );
226 ImplFillElementList(
227 aElements, xTmpSubStore, Concat2View(rName+aSep), true, mode);
228 }
229 }
230 }
231 catch( css::io::IOException& )
232 {
233 ; // Doesn't have to exist...
234 }
235 }
236 else
237 {
238 // Everything except META-INF
239 ImplFillElementList(aElements, rxStore, std::u16string_view(), true, mode);
240 }
241 }
242 break;
243 case DocumentSignatureMode::Macros:
244 {
245 // 1) Macros
246 OUString aSubStorageName( "Basic" );
247 try
248 {
249 Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ );
250 ImplFillElementList(
251 aElements, xSubStore, Concat2View(aSubStorageName+aSep), true, mode);
252 }
253 catch( css::io::IOException& )
254 {
255 ; // Doesn't have to exist...
256 }
257
258 // 2) Dialogs
259 aSubStorageName = "Dialogs";
260 try
261 {
262 Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ );
263 ImplFillElementList(
264 aElements, xSubStore, Concat2View(aSubStorageName+aSep), true, mode);
265 }
266 catch( css::io::IOException& )
267 {
268 ; // Doesn't have to exist...
269 }
270 // 3) Scripts
271 aSubStorageName = "Scripts";
272 try
273 {
274 Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ );
275 ImplFillElementList(
276 aElements, xSubStore, Concat2View(aSubStorageName+aSep), true, mode);
277 }
278 catch( css::io::IOException& )
279 {
280 ; // Doesn't have to exist...
281 }
282 }
283 break;
284 case DocumentSignatureMode::Package:
285 {
286 // Everything except META-INF
287 ImplFillElementList(aElements, rxStore, std::u16string_view(), true, mode);
288 }
289 break;
290 }
291
292 return aElements;
293 }
294
295 void DocumentSignatureHelper::AppendContentTypes(const uno::Reference<embed::XStorage>& xStorage, std::vector<OUString>& rElements)
296 {
297 if (!xStorage.is() || !xStorage->hasByName("[Content_Types].xml"))
298 // ODF
299 return;
300
301 uno::Reference<io::XInputStream> xRelStream(xStorage->openStreamElement("[Content_Types].xml", embed::ElementModes::READ), uno::UNO_QUERY);
302 uno::Sequence< uno::Sequence<beans::StringPair> > aContentTypeInfo = comphelper::OFOPXMLHelper::ReadContentTypeSequence(xRelStream, comphelper::getProcessComponentContext());
303 if (aContentTypeInfo.getLength() < 2)
304 {
305 SAL_WARN("xmlsecurity.helper", "no defaults or overrides in aContentTypeInfo");
306 return;
307 }
308 const uno::Sequence<beans::StringPair>& rDefaults = aContentTypeInfo[0];
309 const uno::Sequence<beans::StringPair>& rOverrides = aContentTypeInfo[1];
310
311 for (OUString& rElement : rElements)
312 {
313 auto it = std::find_if(rOverrides.begin(), rOverrides.end(), [&](const beans::StringPair& rPair)
314 {
315 return rPair.First == Concat2View("/" + rElement);
316 });
317
318 if (it != rOverrides.end())
319 {
320 rElement = "/" + rElement + "?ContentType=" + it->Second;
321 continue;
322 }
323
324 it = std::find_if(rDefaults.begin(), rDefaults.end(), [&](const beans::StringPair& rPair)
325 {
326 return rElement.endsWith(Concat2View("." + rPair.First));
327 });
328
329 if (it != rDefaults.end())
330 {
331 rElement = "/" + rElement + "?ContentType=" + it->Second;
332 continue;
333 }
334 SAL_WARN("xmlsecurity.helper", "found no content type for " << rElement);
335 }
336
337 std::sort(rElements.begin(), rElements.end());
338 }
339
340 SignatureStreamHelper DocumentSignatureHelper::OpenSignatureStream(
341 const Reference < css::embed::XStorage >& rxStore, sal_Int32 nOpenMode, DocumentSignatureMode eDocSigMode )
342 {
343 sal_Int32 nSubStorageOpenMode = css::embed::ElementModes::READ;
344 if ( nOpenMode & css::embed::ElementModes::WRITE )
345 nSubStorageOpenMode = css::embed::ElementModes::WRITE;
346
347 SignatureStreamHelper aHelper;
348
349 if (!rxStore.is())
350 return aHelper;
351
352 if (rxStore->hasByName("META-INF"))
353 {
354 try
355 {
356 aHelper.xSignatureStorage = rxStore->openStorageElement( "META-INF", nSubStorageOpenMode );
357 if ( aHelper.xSignatureStorage.is() )
358 {
359 OUString aSIGStreamName;
360 if ( eDocSigMode == DocumentSignatureMode::Content )
361 aSIGStreamName = DocumentSignatureHelper::GetDocumentContentSignatureDefaultStreamName();
362 else if ( eDocSigMode == DocumentSignatureMode::Macros )
363 aSIGStreamName = DocumentSignatureHelper::GetScriptingContentSignatureDefaultStreamName();
364 else
365 aSIGStreamName = DocumentSignatureHelper::GetPackageSignatureDefaultStreamName();
366
367 #ifdef SAL_LOG_INFO
368 aHelper.xSignatureStream
369 = aHelper.xSignatureStorage->openStreamElement(aSIGStreamName, nOpenMode);
370 SAL_INFO("xmlsecurity.helper",
371 "DocumentSignatureHelper::OpenSignatureStream: stream name is '"
372 << aSIGStreamName << "'");
373 if (aHelper.xSignatureStream.is())
374 {
375 uno::Reference<io::XInputStream> xInputStream(aHelper.xSignatureStream,
376 uno::UNO_QUERY);
377 sal_Int64 nSize = 0;
378 uno::Reference<beans::XPropertySet> xPropertySet(xInputStream, uno::UNO_QUERY);
379 xPropertySet->getPropertyValue("Size") >>= nSize;
380 if (nSize >= 0 || nSize < SAL_MAX_INT32)
381 {
382 uno::Sequence<sal_Int8> aData;
383 xInputStream->readBytes(aData, nSize);
384 SAL_INFO("xmlsecurity.helper",
385 "DocumentSignatureHelper::OpenSignatureStream: stream content is '"
386 << OString(reinterpret_cast<const char*>(aData.getArray()),
387 aData.getLength())
388 << "'");
389 }
390 }
391 aHelper.xSignatureStream.clear();
392 #endif
393
394 aHelper.xSignatureStream = aHelper.xSignatureStorage->openStreamElement( aSIGStreamName, nOpenMode );
395 }
396 }
397 catch(css::io::IOException& )
398 {
399 // Doesn't have to exist...
400 SAL_WARN_IF( nOpenMode != css::embed::ElementModes::READ, "xmlsecurity.helper", "Error creating signature stream..." );
401 }
402 }
403 else if(rxStore->hasByName("[Content_Types].xml"))
404 {
405 try
406 {
407 if (rxStore->hasByName("_xmlsignatures") && (nOpenMode & embed::ElementModes::TRUNCATE))
408 // Truncate, then all signatures will be written -> remove previous ones.
409 rxStore->removeElement("_xmlsignatures");
410
411 aHelper.xSignatureStorage = rxStore->openStorageElement("_xmlsignatures", nSubStorageOpenMode);
412 aHelper.nStorageFormat = embed::StorageFormats::OFOPXML;
413 }
414 catch (const io::IOException&)
415 {
416 TOOLS_WARN_EXCEPTION_IF(nOpenMode != css::embed::ElementModes::READ, "xmlsecurity.helper", "DocumentSignatureHelper::OpenSignatureStream:");
417 }
418 }
419
420 return aHelper;
421 }
422
423 /** Check whether the current file can be signed with GPG (only ODF >= 1.2 can currently) */
424 bool DocumentSignatureHelper::CanSignWithGPG(
425 const Reference < css::embed::XStorage >& rxStore,
426 std::u16string_view sOdfVersion)
427 {
428 if (!rxStore.is())
429 return false;
430
431 if (rxStore->hasByName("META-INF")) // ODF
432 {
433 return !isODFPre_1_2(sOdfVersion);
434 }
435
436 return false;
437 }
438
439
440
441 //sElementList contains all files which are expected to be signed. Only those files must me signed,
442 //no more, no less.
443 //The DocumentSignatureAlgorithm indicates if the document was created with OOo 2.x. Then
444 //the uri s in the Reference elements in the signature, were not properly encoded.
445 // For example: <Reference URI="ObjectReplacements/Object 1">
446 bool DocumentSignatureHelper::checkIfAllFilesAreSigned(
447 const ::std::vector< OUString > & sElementList,
448 const SignatureInformation & sigInfo,
449 const DocumentSignatureAlgorithm alg)
450 {
451 // Can only be valid if ALL streams are signed, which means real stream count == signed stream count
452 unsigned int nRealCount = 0;
453 std::function<OUString(const OUString&)> fEncode = [](const OUString& rStr) { return rStr; };
454 if (alg == DocumentSignatureAlgorithm::OOo2)
455 //Comparing URIs is a difficult. Therefore we kind of normalize
456 //it before comparing. We assume that our URI do not have a leading "./"
457 //and fragments at the end (...#...)
458 fEncode = [](const OUString& rStr) {
459 return rtl::Uri::encode(rStr, rtl_UriCharClassPchar, rtl_UriEncodeCheckEscapes, RTL_TEXTENCODING_UTF8);
460 };
461
462 for ( int i = sigInfo.vSignatureReferenceInfors.size(); i; )
463 {
464 const SignatureReferenceInformation& rInf = sigInfo.vSignatureReferenceInfors[--i];
465 // There is also an extra entry of type SignatureReferenceType::SAMEDOCUMENT because of signature date.
466 if ( ( rInf.nType == SignatureReferenceType::BINARYSTREAM ) || ( rInf.nType == SignatureReferenceType::XMLSTREAM ) )
467 {
468 //find the file in the element list
469 if (std::any_of(sElementList.cbegin(), sElementList.cend(),
470 [&fEncode, &rInf](const OUString& rElement) { return fEncode(rElement) == fEncode(rInf.ouURI); }))
471 nRealCount++;
472 }
473 }
474 return sElementList.size() == nRealCount;
475 }
476
477 /*Compares the Uri which are obtained from CreateElementList with
478 the path obtained from the manifest.xml.
479 Returns true if both strings are equal.
480 */
481 bool DocumentSignatureHelper::equalsReferenceUriManifestPath(
482 std::u16string_view rUri, std::u16string_view rPath)
483 {
484 //split up the uri and path into segments. Both are separated by '/'
485 std::vector<OUString> vUriSegments;
486 for (sal_Int32 nIndex = 0; nIndex >= 0; )
487 vUriSegments.push_back(OUString(o3tl::getToken(rUri, 0, '/', nIndex )));
488
489 std::vector<OUString> vPathSegments;
490 for (sal_Int32 nIndex = 0; nIndex >= 0; )
491 vPathSegments.push_back(OUString(o3tl::getToken(rPath, 0, '/', nIndex )));
492
493 if (vUriSegments.size() != vPathSegments.size())
494 return false;
495
496 //Now compare each segment of the uri with its counterpart from the path
497 return std::equal(
498 vUriSegments.cbegin(), vUriSegments.cend(), vPathSegments.cbegin(),
499 [](const OUString& rUriSegment, const OUString& rPathSegment) {
500 //Decode the uri segment, so that %20 becomes ' ', etc.
501 OUString sDecUri = rtl::Uri::decode(rUriSegment, rtl_UriDecodeWithCharset, RTL_TEXTENCODING_UTF8);
502 return sDecUri == rPathSegment;
503 });
504 }
505
506 OUString DocumentSignatureHelper::GetDocumentContentSignatureDefaultStreamName()
507 {
508 return "documentsignatures.xml";
509 }
510
511 OUString DocumentSignatureHelper::GetScriptingContentSignatureDefaultStreamName()
512 {
513 return "macrosignatures.xml";
514 }
515
516 OUString DocumentSignatureHelper::GetPackageSignatureDefaultStreamName()
517 {
518 return "packagesignatures.xml";
519 }
520
521 void DocumentSignatureHelper::writeDigestMethod(
522 const uno::Reference<xml::sax::XDocumentHandler>& xDocumentHandler)
523 {
524 rtl::Reference<comphelper::AttributeList> pAttributeList(new comphelper::AttributeList());
525 pAttributeList->AddAttribute("Algorithm", ALGO_XMLDSIGSHA256);
526 xDocumentHandler->startElement("DigestMethod", uno::Reference<xml::sax::XAttributeList>(pAttributeList));
527 xDocumentHandler->endElement("DigestMethod");
528 }
529
530 static void WriteXadesCert(
531 uno::Reference<xml::sax::XDocumentHandler> const& xDocumentHandler,
532 SignatureInformation::X509CertInfo const& rCertInfo)
533 {
534 xDocumentHandler->startElement("xd:Cert", uno::Reference<xml::sax::XAttributeList>(new comphelper::AttributeList()));
535 xDocumentHandler->startElement("xd:CertDigest", uno::Reference<xml::sax::XAttributeList>(new comphelper::AttributeList()));
536 DocumentSignatureHelper::writeDigestMethod(xDocumentHandler);
537 xDocumentHandler->startElement("DigestValue", uno::Reference<xml::sax::XAttributeList>(new comphelper::AttributeList()));
538 assert(!rCertInfo.CertDigest.isEmpty());
539 xDocumentHandler->characters(rCertInfo.CertDigest);
540 xDocumentHandler->endElement("DigestValue");
541 xDocumentHandler->endElement("xd:CertDigest");
542 xDocumentHandler->startElement("xd:IssuerSerial", uno::Reference<xml::sax::XAttributeList>(new comphelper::AttributeList()));
543 xDocumentHandler->startElement("X509IssuerName", uno::Reference<xml::sax::XAttributeList>(new comphelper::AttributeList()));
544 xDocumentHandler->characters(rCertInfo.X509IssuerName);
545 xDocumentHandler->endElement("X509IssuerName");
546 xDocumentHandler->startElement("X509SerialNumber", uno::Reference<xml::sax::XAttributeList>(new comphelper::AttributeList()));
547 xDocumentHandler->characters(rCertInfo.X509SerialNumber);
548 xDocumentHandler->endElement("X509SerialNumber");
549 xDocumentHandler->endElement("xd:IssuerSerial");
550 xDocumentHandler->endElement("xd:Cert");
551 }
552
553 void DocumentSignatureHelper::writeSignedProperties(
554 const uno::Reference<xml::sax::XDocumentHandler>& xDocumentHandler,
555 const SignatureInformation& signatureInfo,
556 const OUString& sDate, const bool bWriteSignatureLineData)
557 {
558 {
559 rtl::Reference<comphelper::AttributeList> pAttributeList(new comphelper::AttributeList());
560 pAttributeList->AddAttribute("Id", "idSignedProperties_" + signatureInfo.ouSignatureId);
561 xDocumentHandler->startElement("xd:SignedProperties", uno::Reference<xml::sax::XAttributeList>(pAttributeList));
562 }
563
564 xDocumentHandler->startElement("xd:SignedSignatureProperties", uno::Reference<xml::sax::XAttributeList>(new comphelper::AttributeList()));
565 xDocumentHandler->startElement("xd:SigningTime", uno::Reference<xml::sax::XAttributeList>(new comphelper::AttributeList()));
566 xDocumentHandler->characters(sDate);
567 xDocumentHandler->endElement("xd:SigningTime");
568 xDocumentHandler->startElement("xd:SigningCertificate", uno::Reference<xml::sax::XAttributeList>(new comphelper::AttributeList()));
569 assert(signatureInfo.GetSigningCertificate() || !signatureInfo.ouGpgKeyID.isEmpty());
570 if (signatureInfo.GetSigningCertificate())
571 {
572 // how should this deal with multiple X509Data elements?
573 // for now, let's write all of the certificates ...
574 for (auto const& rData : signatureInfo.X509Datas)
575 {
576 for (auto const& it : rData)
577 {
578 WriteXadesCert(xDocumentHandler, it);
579 }
580 }
581 }
582 else
583 {
584 // for PGP, write empty mandatory X509IssuerName, X509SerialNumber
585 SignatureInformation::X509CertInfo temp;
586 temp.CertDigest = signatureInfo.ouGpgKeyID;
587 WriteXadesCert(xDocumentHandler, temp);
588 }
589 xDocumentHandler->endElement("xd:SigningCertificate");
590 xDocumentHandler->startElement("xd:SignaturePolicyIdentifier", uno::Reference<xml::sax::XAttributeList>(new comphelper::AttributeList()));
591 xDocumentHandler->startElement("xd:SignaturePolicyImplied", uno::Reference<xml::sax::XAttributeList>(new comphelper::AttributeList()));
592 xDocumentHandler->endElement("xd:SignaturePolicyImplied");
593 xDocumentHandler->endElement("xd:SignaturePolicyIdentifier");
594
595 if (bWriteSignatureLineData && !signatureInfo.ouSignatureLineId.isEmpty()
596 && signatureInfo.aValidSignatureImage.is() && signatureInfo.aInvalidSignatureImage.is())
597 {
598 rtl::Reference<comphelper::AttributeList> pAttributeList(new comphelper::AttributeList());
599 pAttributeList->AddAttribute(
600 "xmlns:loext", "urn:org:documentfoundation:names:experimental:office:xmlns:loext:1.0");
601 xDocumentHandler->startElement(
602 "loext:SignatureLine",
603 Reference<XAttributeList>(pAttributeList));
604
605 {
606 // Write SignatureLineId element
607 xDocumentHandler->startElement(
608 "loext:SignatureLineId",
609 Reference<XAttributeList>(new comphelper::AttributeList()));
610 xDocumentHandler->characters(signatureInfo.ouSignatureLineId);
611 xDocumentHandler->endElement("loext:SignatureLineId");
612 }
613
614 {
615 // Write SignatureLineValidImage element
616 xDocumentHandler->startElement(
617 "loext:SignatureLineValidImage",
618 Reference<XAttributeList>(new comphelper::AttributeList()));
619
620 OUString aGraphicInBase64;
621 Graphic aGraphic(signatureInfo.aValidSignatureImage);
622 if (!XOutBitmap::GraphicToBase64(aGraphic, aGraphicInBase64, false))
623 SAL_WARN("xmlsecurity.helper", "could not convert graphic to base64");
624
625 xDocumentHandler->characters(aGraphicInBase64);
626 xDocumentHandler->endElement("loext:SignatureLineValidImage");
627 }
628
629 {
630 // Write SignatureLineInvalidImage element
631 xDocumentHandler->startElement(
632 "loext:SignatureLineInvalidImage",
633 Reference<XAttributeList>(new comphelper::AttributeList()));
634 OUString aGraphicInBase64;
635 Graphic aGraphic(signatureInfo.aInvalidSignatureImage);
636 if (!XOutBitmap::GraphicToBase64(aGraphic, aGraphicInBase64, false))
637 SAL_WARN("xmlsecurity.helper", "could not convert graphic to base64");
638 xDocumentHandler->characters(aGraphicInBase64);
639 xDocumentHandler->endElement("loext:SignatureLineInvalidImage");
640 }
641
642 xDocumentHandler->endElement("loext:SignatureLine");
643 }
644
645 xDocumentHandler->endElement("xd:SignedSignatureProperties");
646
647 xDocumentHandler->endElement("xd:SignedProperties");
648 }
649
650 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
FREE OFFICE SUITE