search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bump version to 6.0-36
[LibreOffice.git] / xmlsecurity / source / component / documentdigitalsignatures.cxx
blob5f0f2bb201f3c412c8b2b7ef57e9160eb435f3bc
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3 * This file is part of the LibreOffice project.
4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 *
9 * This file incorporates work covered by the following license notice:
10 *
11 * Licensed to the Apache Software Foundation (ASF) under one or more
12 * contributor license agreements. See the NOTICE file distributed
13 * with this work for additional information regarding copyright
14 * ownership. The ASF licenses this file to you under the Apache
15 * License, Version 2.0 (the "License"); you may not use this file
16 * except in compliance with the License. You may obtain a copy of
17 * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18 */
19
20 #include "documentdigitalsignatures.hxx"
21 #include <resourcemanager.hxx>
22
23 #include <digitalsignaturesdialog.hxx>
24 #include <certificatechooser.hxx>
25 #include <certificateviewer.hxx>
26 #include <macrosecurity.hxx>
27 #include <biginteger.hxx>
28 #include <strings.hrc>
29 #include <pdfsignaturehelper.hxx>
30 #include <sax/tools/converter.hxx>
31
32 #include <com/sun/star/embed/XStorage.hpp>
33 #include <com/sun/star/embed/StorageFormats.hpp>
34 #include <com/sun/star/embed/XTransactedObject.hpp>
35 #include <com/sun/star/embed/ElementModes.hpp>
36 #include <com/sun/star/ucb/XContent.hpp>
37 #include <com/sun/star/ucb/XContentIdentifierFactory.hpp>
38 #include <com/sun/star/ucb/XCommandEnvironment.hpp>
39 #include <com/sun/star/ucb/XCommandProcessor.hpp>
40 #include <com/sun/star/ucb/Command.hpp>
41 #include <com/sun/star/uno/SecurityException.hpp>
42 #include <vcl/layout.hxx>
43 #include <unotools/securityoptions.hxx>
44 #include <com/sun/star/security/CertificateValidity.hpp>
45 #include <comphelper/documentconstants.hxx>
46 #include <comphelper/propertyvalue.hxx>
47 #include <comphelper/sequence.hxx>
48 #include <cppuhelper/supportsservice.hxx>
49 #include <com/sun/star/lang/IllegalArgumentException.hpp>
50 #include <com/sun/star/security/XDocumentDigitalSignatures.hpp>
51 #include <com/sun/star/xml/crypto/XXMLSecurityContext.hpp>
52
53 using namespace css;
54 using namespace css::uno;
55 using namespace css::lang;
56 using namespace css::xml::crypto;
57
58 DocumentDigitalSignatures::DocumentDigitalSignatures( const Reference< XComponentContext >& rxCtx ):
59 mxCtx(rxCtx),
60 m_sODFVersion(ODFVER_012_TEXT),
61 m_nArgumentsCount(0),
62 m_bHasDocumentSignature(false)
63 {
64 }
65
66 DocumentDigitalSignatures::~DocumentDigitalSignatures()
67 {
68 }
69
70 void DocumentDigitalSignatures::initialize( const Sequence< Any >& aArguments)
71 {
72 if (aArguments.getLength() > 2)
73 throw css::lang::IllegalArgumentException(
74 "DocumentDigitalSignatures::initialize requires zero, one, or two arguments",
75 static_cast<XInitialization*>(this), 0);
76
77 m_nArgumentsCount = aArguments.getLength();
78
79 if (aArguments.getLength() > 0)
80 {
81 if (!(aArguments[0] >>= m_sODFVersion))
82 throw css::lang::IllegalArgumentException(
83 "DocumentDigitalSignatures::initialize: the first arguments must be a string",
84 static_cast<XInitialization*>(this), 0);
85
86 if (aArguments.getLength() == 2
87 && !(aArguments[1] >>= m_bHasDocumentSignature))
88 throw css::lang::IllegalArgumentException(
89 "DocumentDigitalSignatures::initialize: the second arguments must be a bool",
90 static_cast<XInitialization*>(this), 1);
91
92 //the Version is supported as of ODF1.2, so for and 1.1 document or older we will receive the
93 //an empty string. In this case we set it to ODFVER_010_TEXT. Then we can later check easily
94 //if initialize was called. Only then m_sODFVersion.getLength() is greater than 0
95 if (m_sODFVersion.isEmpty())
96 m_sODFVersion = ODFVER_010_TEXT;
97 }
98 }
99
100 OUString DocumentDigitalSignatures::getImplementationName()
101 {
102 return GetImplementationName();
103 }
104
105 sal_Bool DocumentDigitalSignatures::supportsService(
106 OUString const & ServiceName)
107 {
108 return cppu::supportsService(this, ServiceName);
109 }
110
111 css::uno::Sequence<OUString>
112 DocumentDigitalSignatures::getSupportedServiceNames()
113 {
114 return GetSupportedServiceNames();
115 }
116
117 sal_Bool DocumentDigitalSignatures::signDocumentContent(
118 const Reference< css::embed::XStorage >& rxStorage,
119 const Reference< css::io::XStream >& xSignStream)
120 {
121 OSL_ENSURE(!m_sODFVersion.isEmpty(), "DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
122 return ImplViewSignatures( rxStorage, xSignStream, DocumentSignatureMode::Content, false );
123 }
124
125 sal_Bool DocumentDigitalSignatures::signDocumentContentWithCertificate(
126 const Reference<css::embed::XStorage>& rxStorage,
127 const Reference<css::io::XStream>& xSignStream,
128 const Reference<css::security::XCertificate>& xCertificate, const OUString& aSignatureLineId)
129 {
130 OSL_ENSURE(!m_sODFVersion.isEmpty(),
131 "DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
132
133 DocumentSignatureManager aSignatureManager(mxCtx, DocumentSignatureMode::Content);
134
135 if (!aSignatureManager.init())
136 return false;
137
138 aSignatureManager.mxStore = rxStorage;
139 aSignatureManager.maSignatureHelper.SetStorage(rxStorage, m_sODFVersion);
140 aSignatureManager.mxSignatureStream = xSignStream;
141
142 Reference<XXMLSecurityContext> xSecurityContext;
143 Reference<XServiceInfo> xServiceInfo(xCertificate, UNO_QUERY);
144 if (xServiceInfo->getImplementationName()
145 == "com.sun.star.xml.security.gpg.XCertificate_GpgImpl")
146 xSecurityContext = aSignatureManager.getGpgSecurityContext();
147 else
148 xSecurityContext = aSignatureManager.getSecurityContext();
149
150 sal_Int32 nSecurityId;
151 OUString aDescription("");
152 bool bSuccess = aSignatureManager.add(xCertificate, xSecurityContext, aDescription, nSecurityId,
153 true, aSignatureLineId);
154 if (!bSuccess)
155 return false;
156
157 // Need to have this to verify the signature
158 aSignatureManager.read(/*bUseTempStream=*/true, /*bCacheLastSignature=*/false);
159 aSignatureManager.write(true);
160
161 if (rxStorage.is() && !xSignStream.is())
162 {
163 uno::Reference<embed::XTransactedObject> xTrans(rxStorage, uno::UNO_QUERY);
164 xTrans->commit();
165 }
166
167 return true;
168 }
169
170 Sequence< css::security::DocumentSignatureInformation >
171 DocumentDigitalSignatures::verifyDocumentContentSignatures(
172 const Reference< css::embed::XStorage >& rxStorage,
173 const Reference< css::io::XInputStream >& xSignInStream )
174 {
175 OSL_ENSURE(!m_sODFVersion.isEmpty(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
176 return ImplVerifySignatures( rxStorage, xSignInStream, DocumentSignatureMode::Content );
177 }
178
179 void DocumentDigitalSignatures::showDocumentContentSignatures(
180 const Reference< css::embed::XStorage >& rxStorage,
181 const Reference< css::io::XInputStream >& xSignInStream )
182 {
183 OSL_ENSURE(!m_sODFVersion.isEmpty(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
184 ImplViewSignatures( rxStorage, xSignInStream, DocumentSignatureMode::Content, true );
185 }
186
187 OUString DocumentDigitalSignatures::getDocumentContentSignatureDefaultStreamName()
188 {
189 return DocumentSignatureHelper::GetDocumentContentSignatureDefaultStreamName();
190 }
191
192 sal_Bool DocumentDigitalSignatures::signScriptingContent(
193 const Reference< css::embed::XStorage >& rxStorage,
194 const Reference< css::io::XStream >& xSignStream )
195 {
196 OSL_ENSURE(!m_sODFVersion.isEmpty(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
197 OSL_ENSURE(m_nArgumentsCount == 2, "DocumentDigitalSignatures: Service was not initialized properly");
198 return ImplViewSignatures( rxStorage, xSignStream, DocumentSignatureMode::Macros, false );
199 }
200
201 Sequence< css::security::DocumentSignatureInformation >
202 DocumentDigitalSignatures::verifyScriptingContentSignatures(
203 const Reference< css::embed::XStorage >& rxStorage,
204 const Reference< css::io::XInputStream >& xSignInStream )
205 {
206 OSL_ENSURE(!m_sODFVersion.isEmpty(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
207 return ImplVerifySignatures( rxStorage, xSignInStream, DocumentSignatureMode::Macros );
208 }
209
210 void DocumentDigitalSignatures::showScriptingContentSignatures(
211 const Reference< css::embed::XStorage >& rxStorage,
212 const Reference< css::io::XInputStream >& xSignInStream )
213 {
214 OSL_ENSURE(!m_sODFVersion.isEmpty(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
215 ImplViewSignatures( rxStorage, xSignInStream, DocumentSignatureMode::Macros, true );
216 }
217
218 OUString DocumentDigitalSignatures::getScriptingContentSignatureDefaultStreamName()
219 {
220 return DocumentSignatureHelper::GetScriptingContentSignatureDefaultStreamName();
221 }
222
223
224 sal_Bool DocumentDigitalSignatures::signPackage(
225 const Reference< css::embed::XStorage >& rxStorage,
226 const Reference< css::io::XStream >& xSignStream )
227 {
228 OSL_ENSURE(!m_sODFVersion.isEmpty(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
229 return ImplViewSignatures( rxStorage, xSignStream, DocumentSignatureMode::Package, false );
230 }
231
232 Sequence< css::security::DocumentSignatureInformation >
233 DocumentDigitalSignatures::verifyPackageSignatures(
234 const Reference< css::embed::XStorage >& rxStorage,
235 const Reference< css::io::XInputStream >& xSignInStream )
236 {
237 OSL_ENSURE(!m_sODFVersion.isEmpty(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
238 return ImplVerifySignatures( rxStorage, xSignInStream, DocumentSignatureMode::Package );
239 }
240
241 void DocumentDigitalSignatures::showPackageSignatures(
242 const Reference< css::embed::XStorage >& rxStorage,
243 const Reference< css::io::XInputStream >& xSignInStream )
244 {
245 OSL_ENSURE(!m_sODFVersion.isEmpty(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
246 ImplViewSignatures( rxStorage, xSignInStream, DocumentSignatureMode::Package, true );
247 }
248
249 OUString DocumentDigitalSignatures::getPackageSignatureDefaultStreamName( )
250 {
251 return DocumentSignatureHelper::GetPackageSignatureDefaultStreamName();
252 }
253
254
255 void DocumentDigitalSignatures::ImplViewSignatures(
256 const Reference< css::embed::XStorage >& rxStorage,
257 const Reference< css::io::XInputStream >& xSignStream,
258 DocumentSignatureMode eMode, bool bReadOnly )
259 {
260 Reference< io::XStream > xStream;
261 if ( xSignStream.is() )
262 xStream.set( xSignStream, UNO_QUERY );
263 ImplViewSignatures( rxStorage, xStream, eMode, bReadOnly );
264 }
265
266 bool DocumentDigitalSignatures::ImplViewSignatures(
267 const Reference< css::embed::XStorage >& rxStorage, const Reference< css::io::XStream >& xSignStream,
268 DocumentSignatureMode eMode, bool bReadOnly )
269 {
270 bool bChanges = false;
271 ScopedVclPtrInstance<DigitalSignaturesDialog> aSignaturesDialog(
272 nullptr, mxCtx, eMode, bReadOnly, m_sODFVersion,
273 m_bHasDocumentSignature);
274 bool bInit = aSignaturesDialog->Init();
275 SAL_WARN_IF( !bInit, "xmlsecurity.comp", "Error initializing security context!" );
276 if ( bInit )
277 {
278 if (rxStorage.is())
279 // Something ZIP based: ODF or OOXML.
280 aSignaturesDialog->SetStorage( rxStorage );
281
282 aSignaturesDialog->SetSignatureStream( xSignStream );
283 if ( aSignaturesDialog->Execute() )
284 {
285 if ( aSignaturesDialog->SignaturesChanged() )
286 {
287 bChanges = true;
288 // If we have a storage and no stream, we are responsible for commit
289 if ( rxStorage.is() && !xSignStream.is() )
290 {
291 uno::Reference< embed::XTransactedObject > xTrans( rxStorage, uno::UNO_QUERY );
292 xTrans->commit();
293 }
294 }
295 }
296 }
297 else
298 {
299 ScopedVclPtrInstance< MessageDialog > aBox(nullptr, XsResId(RID_XMLSECWB_NO_MOZILLA_PROFILE), VclMessageType::Warning);
300 aBox->Execute();
301 }
302
303 return bChanges;
304 }
305
306 Sequence< css::security::DocumentSignatureInformation >
307 DocumentDigitalSignatures::ImplVerifySignatures(
308 const Reference< css::embed::XStorage >& rxStorage,
309 const Reference< css::io::XInputStream >& xSignStream, DocumentSignatureMode eMode )
310 {
311 DocumentSignatureManager aSignatureManager(mxCtx, eMode);
312
313 bool bInit = aSignatureManager.init();
314
315 SAL_WARN_IF(!bInit, "xmlsecurity.comp", "Error initializing security context!");
316
317 if (!bInit)
318 return uno::Sequence<security::DocumentSignatureInformation>(0);
319
320 if (!rxStorage.is())
321 {
322 if (xSignStream.is())
323 {
324 // Something not ZIP-based, try PDF.
325 PDFSignatureHelper& rSignatureHelper = aSignatureManager.getPDFSignatureHelper();
326 if (rSignatureHelper.ReadAndVerifySignature(xSignStream))
327 return rSignatureHelper.GetDocumentSignatureInformations(aSignatureManager.getSecurityEnvironment());
328 }
329
330 SAL_WARN( "xmlsecurity.comp", "Error, no XStorage provided");
331 return Sequence<css::security::DocumentSignatureInformation>();
332 }
333 // First check for the InputStream, to avoid unnecessary initialization of the security environment...
334 SignatureStreamHelper aStreamHelper;
335 Reference< io::XInputStream > xInputStream = xSignStream;
336
337 if ( !xInputStream.is() )
338 {
339 aStreamHelper = DocumentSignatureHelper::OpenSignatureStream( rxStorage, embed::ElementModes::READ, eMode );
340 if ( aStreamHelper.xSignatureStream.is() )
341 xInputStream.set( aStreamHelper.xSignatureStream, UNO_QUERY );
342 }
343
344 if (!xInputStream.is() && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
345 return Sequence< css::security::DocumentSignatureInformation >(0);
346
347
348 XMLSignatureHelper& rSignatureHelper = aSignatureManager.maSignatureHelper;
349 rSignatureHelper.SetStorage(rxStorage, m_sODFVersion);
350
351 rSignatureHelper.StartMission(aSignatureManager.mxSecurityContext);
352
353 if (xInputStream.is())
354 rSignatureHelper.ReadAndVerifySignature(xInputStream);
355 else if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
356 rSignatureHelper.ReadAndVerifySignatureStorage(aStreamHelper.xSignatureStorage);
357
358 rSignatureHelper.EndMission();
359
360 uno::Reference<xml::crypto::XSecurityEnvironment> xSecEnv = aSignatureManager.getSecurityEnvironment();
361 uno::Reference<xml::crypto::XSecurityEnvironment> xGpgSecEnv = aSignatureManager.getGpgSecurityEnvironment();
362
363 SignatureInformations aSignInfos = rSignatureHelper.GetSignatureInformations();
364 int nInfos = aSignInfos.size();
365 Sequence< css::security::DocumentSignatureInformation > aInfos(nInfos);
366 css::security::DocumentSignatureInformation* arInfos = aInfos.getArray();
367
368 if ( nInfos )
369 {
370 for( int n = 0; n < nInfos; ++n )
371 {
372 DocumentSignatureAlgorithm mode = DocumentSignatureHelper::getDocumentAlgorithm(
373 m_sODFVersion, aSignInfos[n]);
374 const std::vector< OUString > aElementsToBeVerified =
375 DocumentSignatureHelper::CreateElementList(
376 rxStorage, eMode, mode);
377
378 const SignatureInformation& rInfo = aSignInfos[n];
379 css::security::DocumentSignatureInformation& rSigInfo = arInfos[n];
380
381 if (rInfo.ouGpgCertificate.isEmpty()) // X.509
382 {
383 if (!rInfo.ouX509Certificate.isEmpty())
384 rSigInfo.Signer = xSecEnv->createCertificateFromAscii( rInfo.ouX509Certificate ) ;
385 if (!rSigInfo.Signer.is())
386 rSigInfo.Signer = xSecEnv->getCertificate( rInfo.ouX509IssuerName,
387 xmlsecurity::numericStringToBigInteger( rInfo.ouX509SerialNumber ) );
388
389 // On Windows checking the certificate path is buggy. It does name matching (issuer, subject name)
390 // to find the parent certificate. It does not take into account that there can be several certificates
391 // with the same subject name.
392
393 try {
394 rSigInfo.CertificateStatus = xSecEnv->verifyCertificate(rSigInfo.Signer,
395 Sequence<Reference<css::security::XCertificate> >());
396 } catch (SecurityException& ) {
397 OSL_FAIL("Verification of certificate failed");
398 rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID;
399 }
400 }
401 else if (xGpgSecEnv.is()) // GPG
402 {
403 // TODO not ideal to retrieve cert by keyID, might
404 // collide, or PGPKeyID format might change - can't we
405 // keep the xCert itself in rInfo?
406 rSigInfo.Signer = xGpgSecEnv->getCertificate( rInfo.ouGpgKeyID, xmlsecurity::numericStringToBigInteger("") );
407 rSigInfo.CertificateStatus = xGpgSecEnv->verifyCertificate(rSigInfo.Signer,
408 Sequence<Reference<css::security::XCertificate> >());
409 }
410
411 // Time support again (#i38744#)
412 Date aDate( rInfo.stDateTime.Day, rInfo.stDateTime.Month, rInfo.stDateTime.Year );
413 tools::Time aTime( rInfo.stDateTime.Hours, rInfo.stDateTime.Minutes,
414 rInfo.stDateTime.Seconds, rInfo.stDateTime.NanoSeconds );
415 rSigInfo.SignatureDate = aDate.GetDate();
416 rSigInfo.SignatureTime = aTime.GetTime();
417
418 rSigInfo.SignatureIsValid = ( rInfo.nStatus == css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED );
419
420 // OOXML Signature line info (ID + Images)
421 if (!rInfo.ouSignatureLineId.isEmpty())
422 rSigInfo.SignatureLineId = rInfo.ouSignatureLineId;
423
424 if (rInfo.aValidSignatureImage.is())
425 rSigInfo.ValidSignatureLineImage = rInfo.aValidSignatureImage;
426
427 if (rInfo.aInvalidSignatureImage.is())
428 rSigInfo.InvalidSignatureLineImage = rInfo.aInvalidSignatureImage;
429
430 // OOXML intentionally doesn't sign metadata.
431 if ( rSigInfo.SignatureIsValid && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
432 {
433 rSigInfo.SignatureIsValid =
434 DocumentSignatureHelper::checkIfAllFilesAreSigned(
435 aElementsToBeVerified, rInfo, mode);
436 }
437 if (eMode == DocumentSignatureMode::Content)
438 {
439 if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
440 rSigInfo.PartialDocumentSignature = true;
441 else
442 rSigInfo.PartialDocumentSignature = !DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos[n]);
443 }
444
445 }
446 }
447 return aInfos;
448
449 }
450
451 void DocumentDigitalSignatures::manageTrustedSources( )
452 {
453 // MT: i45295
454 // SecEnv is only needed to display certificate information from trusted sources.
455 // Macro Security also has some options where no security environment is needed, so raise dialog anyway.
456 // Later I should change the code so the Dialog creates the SecEnv on demand...
457
458 Reference< css::xml::crypto::XSecurityEnvironment > xSecEnv;
459
460 DocumentSignatureManager aSignatureManager(mxCtx, {});
461 if (aSignatureManager.init())
462 xSecEnv = aSignatureManager.getSecurityEnvironment();
463
464 ScopedVclPtrInstance< MacroSecurity > aDlg( nullptr, xSecEnv );
465 aDlg->Execute();
466 }
467
468 void DocumentDigitalSignatures::showCertificate(
469 const Reference< css::security::XCertificate >& Certificate )
470 {
471 DocumentSignatureManager aSignatureManager(mxCtx, {});
472
473 bool bInit = aSignatureManager.init();
474
475 SAL_WARN_IF( !bInit, "xmlsecurity.comp", "Error initializing security context!" );
476
477 if ( bInit )
478 {
479 ScopedVclPtrInstance<CertificateViewer> aViewer(nullptr, aSignatureManager.getSecurityEnvironment(), Certificate, false);
480 aViewer->Execute();
481 }
482
483 }
484
485 sal_Bool DocumentDigitalSignatures::isAuthorTrusted(
486 const Reference< css::security::XCertificate >& Author )
487 {
488 bool bFound = false;
489
490 OUString sSerialNum = xmlsecurity::bigIntegerToNumericString( Author->getSerialNumber() );
491
492 Sequence< SvtSecurityOptions::Certificate > aTrustedAuthors = SvtSecurityOptions().GetTrustedAuthors();
493 const SvtSecurityOptions::Certificate* pAuthors = aTrustedAuthors.getConstArray();
494 const SvtSecurityOptions::Certificate* pAuthorsEnd = pAuthors + aTrustedAuthors.getLength();
495 for ( ; pAuthors != pAuthorsEnd; ++pAuthors )
496 {
497 SvtSecurityOptions::Certificate aAuthor = *pAuthors;
498 if ( ( aAuthor[0] == Author->getIssuerName() ) && ( aAuthor[1] == sSerialNum ) )
499 {
500 bFound = true;
501 break;
502 }
503 }
504
505 return bFound;
506 }
507
508 uno::Sequence< Reference< css::security::XCertificate > > DocumentDigitalSignatures::chooseCertificatesImpl(std::map<OUString, OUString>& rProperties, const UserAction eAction)
509 {
510 std::vector< Reference< css::xml::crypto::XXMLSecurityContext > > xSecContexts;
511
512 DocumentSignatureManager aSignatureManager(mxCtx, {});
513 if (aSignatureManager.init()) {
514 xSecContexts.push_back(aSignatureManager.getSecurityContext());
515 xSecContexts.push_back(aSignatureManager.getGpgSecurityContext());
516 }
517
518 ScopedVclPtrInstance< CertificateChooser > aChooser(nullptr, mxCtx, xSecContexts, eAction);
519
520 uno::Sequence< Reference< css::security::XCertificate > > xCerts(1);
521 xCerts[0] = Reference< css::security::XCertificate >(nullptr);
522
523 if (aChooser->Execute() != RET_OK)
524 return xCerts;
525
526 xCerts = aChooser->GetSelectedCertificates();
527 rProperties["Description"] = aChooser->GetDescription();
528 rProperties["Usage"] = aChooser->GetUsageText();
529
530 return xCerts;
531 }
532
533 Reference< css::security::XCertificate > DocumentDigitalSignatures::chooseCertificate(OUString& rDescription)
534 {
535 return chooseSigningCertificate( rDescription );
536 }
537
538 Reference< css::security::XCertificate > DocumentDigitalSignatures::chooseSigningCertificate(OUString& rDescription)
539 {
540 std::map<OUString, OUString> aProperties;
541 Reference< css::security::XCertificate > xCert = chooseCertificatesImpl( aProperties, UserAction::Sign )[0];
542 rDescription = aProperties["Description"];
543 return xCert;
544 }
545
546 css::uno::Sequence< Reference< css::security::XCertificate > > DocumentDigitalSignatures::chooseEncryptionCertificate()
547 {
548 std::map<OUString, OUString> aProperties;
549 uno::Sequence< Reference< css::security::XCertificate > > aCerts=
550 chooseCertificatesImpl( aProperties, UserAction::Encrypt );
551 if (aCerts.getLength() == 1 && !aCerts[0].is())
552 // our error case contract is: empty sequence, so map that!
553 return uno::Sequence< Reference< css::security::XCertificate > >();
554 else
555 return aCerts;
556 }
557
558 css::uno::Reference< css::security::XCertificate > DocumentDigitalSignatures::chooseCertificateWithProps(Sequence<::com::sun::star::beans::PropertyValue>& rProperties)
559 {
560 std::map<OUString, OUString> aProperties;
561 auto xCert = chooseCertificatesImpl( aProperties, UserAction::Sign )[0];
562
563 std::vector<css::beans::PropertyValue> vec;
564 for (const auto& pair : aProperties)
565 {
566 vec.emplace_back(comphelper::makePropertyValue(pair.first, pair.second));
567 }
568
569 rProperties = comphelper::containerToSequence(vec);
570 return xCert;
571 }
572
573 sal_Bool DocumentDigitalSignatures::isLocationTrusted( const OUString& Location )
574 {
575 return SvtSecurityOptions().isTrustedLocationUri(Location);
576 }
577
578 void DocumentDigitalSignatures::addAuthorToTrustedSources(
579 const Reference< css::security::XCertificate >& Author )
580 {
581 SvtSecurityOptions aSecOpts;
582
583 SvtSecurityOptions::Certificate aNewCert( 3 );
584 aNewCert[ 0 ] = Author->getIssuerName();
585 aNewCert[ 1 ] = xmlsecurity::bigIntegerToNumericString( Author->getSerialNumber() );
586
587 OUStringBuffer aStrBuffer;
588 ::sax::Converter::encodeBase64(aStrBuffer, Author->getEncoded());
589 aNewCert[ 2 ] = aStrBuffer.makeStringAndClear();
590
591
592 Sequence< SvtSecurityOptions::Certificate > aTrustedAuthors = aSecOpts.GetTrustedAuthors();
593 sal_Int32 nCnt = aTrustedAuthors.getLength();
594 aTrustedAuthors.realloc( nCnt + 1 );
595 aTrustedAuthors[ nCnt ] = aNewCert;
596
597 aSecOpts.SetTrustedAuthors( aTrustedAuthors );
598 }
599
600 void DocumentDigitalSignatures::addLocationToTrustedSources( const OUString& Location )
601 {
602 SvtSecurityOptions aSecOpt;
603
604 Sequence< OUString > aSecURLs = aSecOpt.GetSecureURLs();
605 sal_Int32 nCnt = aSecURLs.getLength();
606 aSecURLs.realloc( nCnt + 1 );
607 aSecURLs[ nCnt ] = Location;
608
609 aSecOpt.SetSecureURLs( aSecURLs );
610 }
611
612 OUString DocumentDigitalSignatures::GetImplementationName()
613 {
614 return OUString( "com.sun.star.security.DocumentDigitalSignatures" );
615 }
616
617 Sequence< OUString > DocumentDigitalSignatures::GetSupportedServiceNames()
618 {
619 Sequence<OUString> aRet { "com.sun.star.security.DocumentDigitalSignatures" };
620 return aRet;
621 }
622
623
624 Reference< XInterface > DocumentDigitalSignatures_CreateInstance(
625 const Reference< XComponentContext >& rCtx)
626 {
627 return static_cast<cppu::OWeakObject*>(new DocumentDigitalSignatures( rCtx ));
628 }
629
630 sal_Bool DocumentDigitalSignatures::signDocumentWithCertificate(
631 css::uno::Reference<css::security::XCertificate> const & xCertificate,
632 css::uno::Reference<css::embed::XStorage> const & xStorage,
633 css::uno::Reference<css::io::XStream> const & xStream)
634 {
635 DocumentSignatureManager aSignatureManager(mxCtx, DocumentSignatureMode::Content);
636
637 if (!aSignatureManager.init())
638 return false;
639
640 aSignatureManager.mxStore = xStorage;
641 aSignatureManager.maSignatureHelper.SetStorage(xStorage, m_sODFVersion);
642 aSignatureManager.mxSignatureStream = xStream;
643
644 Reference<XXMLSecurityContext> xSecurityContext;
645 Reference<XServiceInfo> xServiceInfo(xCertificate, UNO_QUERY);
646 xSecurityContext = aSignatureManager.getSecurityContext();
647
648 sal_Int32 nSecurityId;
649
650 bool bSuccess = aSignatureManager.add(xCertificate, xSecurityContext, "", nSecurityId, true);
651 if (!bSuccess)
652 return false;
653
654 aSignatureManager.read(/*bUseTempStream=*/true, /*bCacheLastSignature=*/false);
655 aSignatureManager.write(true);
656
657 if (xStorage.is() && !xStream.is())
658 {
659 uno::Reference<embed::XTransactedObject> xTransaction(xStorage, uno::UNO_QUERY);
660 xTransaction->commit();
661 }
662
663 return true;
664 }
665
666 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
FREE OFFICE SUITE