search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
nss: upgrade to release 3.73
[LibreOffice.git] / xmlsecurity / source / xmlsec / nss / xmlsignature_nssimpl.cxx
blobb41d754f740725e47645a5073fe2b06dbef4598b
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3 * This file is part of the LibreOffice project.
4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 *
9 * This file incorporates work covered by the following license notice:
10 *
11 * Licensed to the Apache Software Foundation (ASF) under one or more
12 * contributor license agreements. See the NOTICE file distributed
13 * with this work for additional information regarding copyright
14 * ownership. The ASF licenses this file to you under the Apache
15 * License, Version 2.0 (the "License"); you may not use this file
16 * except in compliance with the License. You may obtain a copy of
17 * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18 */
19
20 #include <sal/config.h>
21 #include <xmlsec-wrapper.h>
22
23 #include <xmlelementwrapper_xmlsecimpl.hxx>
24 #include <xmlsec/xmlstreamio.hxx>
25 #include <xmlsec/errorcallback.hxx>
26
27 #include "securityenvironment_nssimpl.hxx"
28
29 #include <sal/log.hxx>
30
31 #include <com/sun/star/xml/crypto/XXMLSignature.hpp>
32 #include <memory>
33
34 namespace com::sun::star::uno { class XComponentContext; }
35
36 using namespace ::com::sun::star;
37 using namespace ::com::sun::star::uno ;
38 using namespace ::com::sun::star::lang ;
39
40 using ::com::sun::star::xml::wrapper::XXMLElementWrapper ;
41 using ::com::sun::star::xml::crypto::XSecurityEnvironment ;
42 using ::com::sun::star::xml::crypto::XXMLSignature ;
43 using ::com::sun::star::xml::crypto::XXMLSignatureTemplate ;
44 using ::com::sun::star::xml::crypto::XXMLSecurityContext ;
45 using ::com::sun::star::xml::crypto::XUriBinding ;
46
47 namespace std
48 {
49 template <> struct default_delete<xmlSecKeysMngr>
50 {
51 void operator()(xmlSecKeysMngrPtr ptr) { SecurityEnvironment_NssImpl::destroyKeysManager(ptr); }
52 };
53 template <> struct default_delete<xmlSecDSigCtx>
54 {
55 void operator()(xmlSecDSigCtxPtr ptr) { xmlSecDSigCtxDestroy(ptr); }
56 };
57 }
58
59 namespace {
60
61 class XMLSignature_NssImpl
62 : public ::cppu::WeakImplHelper<xml::crypto::XXMLSignature, lang::XServiceInfo>
63 {
64 public:
65 explicit XMLSignature_NssImpl();
66
67 //Methods from XXMLSignature
68 virtual uno::Reference<xml::crypto::XXMLSignatureTemplate> SAL_CALL
69 generate(const uno::Reference<xml::crypto::XXMLSignatureTemplate>& aTemplate,
70 const uno::Reference<xml::crypto::XSecurityEnvironment>& aEnvironment) override;
71
72 virtual uno::Reference<xml::crypto::XXMLSignatureTemplate> SAL_CALL
73 validate(const uno::Reference<xml::crypto::XXMLSignatureTemplate>& aTemplate,
74 const uno::Reference<xml::crypto::XXMLSecurityContext>& aContext) override;
75
76 //Methods from XServiceInfo
77 virtual OUString SAL_CALL getImplementationName() override;
78
79 virtual sal_Bool SAL_CALL supportsService(const OUString& ServiceName) override;
80
81 virtual uno::Sequence<OUString> SAL_CALL getSupportedServiceNames() override;
82 };
83
84 }
85
86 XMLSignature_NssImpl::XMLSignature_NssImpl() {
87 }
88
89 /* XXMLSignature */
90 Reference< XXMLSignatureTemplate >
91 SAL_CALL XMLSignature_NssImpl::generate(
92 const Reference< XXMLSignatureTemplate >& aTemplate ,
93 const Reference< XSecurityEnvironment >& aEnvironment
94 )
95 {
96 xmlNodePtr pNode = nullptr ;
97
98 if( !aTemplate.is() )
99 throw RuntimeException() ;
100
101 if( !aEnvironment.is() )
102 throw RuntimeException() ;
103
104 //Get the xml node
105 Reference< XXMLElementWrapper > xElement = aTemplate->getTemplate() ;
106 if( !xElement.is() ) {
107 throw RuntimeException() ;
108 }
109
110 Reference< XUnoTunnel > xNodTunnel( xElement , UNO_QUERY_THROW ) ;
111 XMLElementWrapper_XmlSecImpl* pElement =
112 reinterpret_cast<XMLElementWrapper_XmlSecImpl*>(
113 sal::static_int_cast<sal_uIntPtr>(
114 xNodTunnel->getSomething( XMLElementWrapper_XmlSecImpl::getUnoTunnelId() )));
115 if( pElement == nullptr ) {
116 throw RuntimeException() ;
117 }
118
119 pNode = pElement->getNativeElement() ;
120
121 //Get the stream/URI binding
122 Reference< XUriBinding > xUriBinding = aTemplate->getBinding() ;
123 if( xUriBinding.is() ) {
124 //Register the stream input callbacks into libxml2
125 if( xmlRegisterStreamInputCallbacks( xUriBinding ) < 0 )
126 throw RuntimeException() ;
127 }
128
129 //Get Keys Manager
130 Reference< XUnoTunnel > xSecTunnel( aEnvironment , UNO_QUERY_THROW ) ;
131
132 // the key manager should be retrieved from SecurityEnvironment, instead of SecurityContext
133
134 SecurityEnvironment_NssImpl* pSecEnv =
135 reinterpret_cast<SecurityEnvironment_NssImpl*>(
136 sal::static_int_cast<sal_uIntPtr>(
137 xSecTunnel->getSomething( SecurityEnvironment_NssImpl::getUnoTunnelId() )));
138 if( pSecEnv == nullptr )
139 throw RuntimeException() ;
140
141 setErrorRecorder();
142
143 std::unique_ptr<xmlSecKeysMngr> pMngr(pSecEnv->createKeysManager());
144 if( !pMngr ) {
145 throw RuntimeException() ;
146 }
147
148 //Create Signature context
149 std::unique_ptr<xmlSecDSigCtx> pDsigCtx(xmlSecDSigCtxCreate(pMngr.get()));
150 if( pDsigCtx == nullptr )
151 {
152 //throw XMLSignatureException() ;
153 clearErrorRecorder();
154 return aTemplate;
155 }
156
157 //Sign the template
158 if( xmlSecDSigCtxSign( pDsigCtx.get() , pNode ) == 0 )
159 {
160 if (pDsigCtx->status == xmlSecDSigStatusSucceeded)
161 aTemplate->setStatus(css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED);
162 else
163 aTemplate->setStatus(css::xml::crypto::SecurityOperationStatus_UNKNOWN);
164 }
165 else
166 {
167 aTemplate->setStatus(css::xml::crypto::SecurityOperationStatus_UNKNOWN);
168 }
169
170 //Unregistered the stream/URI binding
171 if( xUriBinding.is() )
172 xmlUnregisterStreamInputCallbacks() ;
173
174 clearErrorRecorder();
175 return aTemplate ;
176 }
177
178 /* XXMLSignature */
179 Reference< XXMLSignatureTemplate >
180 SAL_CALL XMLSignature_NssImpl::validate(
181 const Reference< XXMLSignatureTemplate >& aTemplate ,
182 const Reference< XXMLSecurityContext >& aSecurityCtx
183 ) {
184 xmlNodePtr pNode = nullptr ;
185 //sal_Bool valid ;
186
187 if( !aTemplate.is() )
188 throw RuntimeException() ;
189
190 if( !aSecurityCtx.is() )
191 throw RuntimeException() ;
192
193 //Get the xml node
194 Reference< XXMLElementWrapper > xElement = aTemplate->getTemplate() ;
195 if( !xElement.is() )
196 throw RuntimeException() ;
197
198 Reference< XUnoTunnel > xNodTunnel( xElement , UNO_QUERY_THROW ) ;
199 XMLElementWrapper_XmlSecImpl* pElement =
200 reinterpret_cast<XMLElementWrapper_XmlSecImpl*>(
201 sal::static_int_cast<sal_uIntPtr>(
202 xNodTunnel->getSomething( XMLElementWrapper_XmlSecImpl::getUnoTunnelId() )));
203 if( pElement == nullptr )
204 throw RuntimeException() ;
205
206 pNode = pElement->getNativeElement() ;
207
208 //Get the stream/URI binding
209 Reference< XUriBinding > xUriBinding = aTemplate->getBinding() ;
210 if( xUriBinding.is() ) {
211 //Register the stream input callbacks into libxml2
212 if( xmlRegisterStreamInputCallbacks( xUriBinding ) < 0 )
213 throw RuntimeException() ;
214 }
215
216 setErrorRecorder();
217
218 sal_Int32 nSecurityEnvironment = aSecurityCtx->getSecurityEnvironmentNumber();
219 sal_Int32 i;
220
221 for (i=0; i<nSecurityEnvironment; ++i)
222 {
223 Reference< XSecurityEnvironment > aEnvironment = aSecurityCtx->getSecurityEnvironmentByIndex(i);
224
225 //Get Keys Manager
226 Reference< XUnoTunnel > xSecTunnel( aEnvironment , UNO_QUERY_THROW ) ;
227 SecurityEnvironment_NssImpl* pSecEnv =
228 reinterpret_cast<SecurityEnvironment_NssImpl*>(
229 sal::static_int_cast<sal_uIntPtr>(
230 xSecTunnel->getSomething( SecurityEnvironment_NssImpl::getUnoTunnelId() )));
231 if( pSecEnv == nullptr )
232 throw RuntimeException() ;
233
234 std::unique_ptr<xmlSecKeysMngr> pMngr(pSecEnv->createKeysManager());
235 if( !pMngr ) {
236 throw RuntimeException() ;
237 }
238
239 //Create Signature context
240 std::unique_ptr<xmlSecDSigCtx> pDsigCtx(xmlSecDSigCtxCreate(pMngr.get()));
241 if( pDsigCtx == nullptr )
242 {
243 clearErrorRecorder();
244 return aTemplate;
245 }
246
247 // We do certificate verification ourselves.
248 pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
249
250 //Verify signature
251 int rs = xmlSecDSigCtxVerify( pDsigCtx.get() , pNode );
252
253 // Also verify manifest: this is empty for ODF, but contains everything (except signature metadata) for OOXML.
254 xmlSecSize nReferenceCount = xmlSecPtrListGetSize(&pDsigCtx->manifestReferences);
255 // Require that all manifest references are also good.
256 xmlSecSize nReferenceGood = 0;
257 for (xmlSecSize nReference = 0; nReference < nReferenceCount; ++nReference)
258 {
259 xmlSecDSigReferenceCtxPtr pReference = static_cast<xmlSecDSigReferenceCtxPtr>(xmlSecPtrListGetItem(&pDsigCtx->manifestReferences, nReference));
260 if (pReference)
261 {
262 if (pReference->status == xmlSecDSigStatusSucceeded)
263 ++nReferenceGood;
264 }
265 }
266 SAL_INFO("xmlsecurity.xmlsec", "xmlSecDSigCtxVerify status " << pDsigCtx->status << ", references good " << nReferenceGood << " of " << nReferenceCount);
267
268 if (rs == 0 && pDsigCtx->status == xmlSecDSigStatusSucceeded && nReferenceCount == nReferenceGood)
269 {
270 aTemplate->setStatus(css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED);
271 break;
272 }
273 else
274 {
275 aTemplate->setStatus(css::xml::crypto::SecurityOperationStatus_UNKNOWN);
276 }
277 }
278
279
280 //Unregistered the stream/URI binding
281 if( xUriBinding.is() )
282 xmlUnregisterStreamInputCallbacks() ;
283
284 //return valid ;
285 clearErrorRecorder();
286 return aTemplate;
287 }
288
289 /* XServiceInfo */
290 OUString SAL_CALL XMLSignature_NssImpl::getImplementationName()
291 {
292 return "com.sun.star.xml.crypto.XMLSignature";
293 }
294
295 /* XServiceInfo */
296 sal_Bool SAL_CALL XMLSignature_NssImpl::supportsService(const OUString& rServiceName)
297 {
298 const css::uno::Sequence<OUString> aServiceNames = getSupportedServiceNames();
299 for (OUString const & rCurrentServiceName : aServiceNames)
300 {
301 if (rCurrentServiceName == rServiceName)
302 return true;
303 }
304 return false;
305 }
306
307 /* XServiceInfo */
308 Sequence<OUString> SAL_CALL XMLSignature_NssImpl::getSupportedServiceNames()
309 {
310 return { "com.sun.star.xml.crypto.XMLSignature" };
311 }
312
313 extern "C" SAL_DLLPUBLIC_EXPORT uno::XInterface*
314 com_sun_star_xml_crypto_XMLSignature_get_implementation(uno::XComponentContext* /*pCtx*/,
315 uno::Sequence<uno::Any> const& /*rSeq*/)
316 {
317 return cppu::acquire(new XMLSignature_NssImpl);
318 }
319
320 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
FREE OFFICE SUITE