search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Get the style color and number just once
[LibreOffice.git] / xmlsecurity / source / helper / documentsignaturehelper.cxx
blobca4446bdf7403bfabd739bd4e5b8273636d696a1
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3 * This file is part of the LibreOffice project.
4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 *
9 * This file incorporates work covered by the following license notice:
10 *
11 * Licensed to the Apache Software Foundation (ASF) under one or more
12 * contributor license agreements. See the NOTICE file distributed
13 * with this work for additional information regarding copyright
14 * ownership. The ASF licenses this file to you under the Apache
15 * License, Version 2.0 (the "License"); you may not use this file
16 * except in compliance with the License. You may obtain a copy of
17 * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18 */
19
20
21 #include <documentsignaturehelper.hxx>
22
23 #include <algorithm>
24 #include <functional>
25 #include <string_view>
26
27 #include <com/sun/star/io/IOException.hpp>
28 #include <com/sun/star/embed/XStorage.hpp>
29 #include <com/sun/star/embed/StorageFormats.hpp>
30 #include <com/sun/star/embed/ElementModes.hpp>
31 #include <com/sun/star/beans/StringPair.hpp>
32 #include <com/sun/star/beans/XPropertySet.hpp>
33 #include <com/sun/star/xml/sax/XDocumentHandler.hpp>
34
35 #include <comphelper/attributelist.hxx>
36 #include <comphelper/documentconstants.hxx>
37 #include <comphelper/ofopxmlhelper.hxx>
38 #include <comphelper/processfactory.hxx>
39 #include <osl/diagnose.h>
40 #include <rtl/ref.hxx>
41 #include <rtl/uri.hxx>
42 #include <sal/log.hxx>
43 #include <svx/xoutbmp.hxx>
44 #include <comphelper/diagnose_ex.hxx>
45 #include <o3tl/string_view.hxx>
46
47 #include <xsecctl.hxx>
48
49 using namespace ::com::sun::star;
50 using namespace ::com::sun::star::uno;
51 using namespace css::xml::sax;
52
53 namespace
54 {
55 std::u16string_view getElement(std::u16string_view version, size_t * index)
56 {
57 while (*index < version.size() && version[*index] == '0') {
58 ++*index;
59 }
60 return o3tl::getToken(version, u'.', *index);
61 }
62
63
64 // Return 1 if version1 is greater than version 2, 0 if they are equal
65 //and -1 if version1 is less version 2
66 int compareVersions(
67 std::u16string_view version1, std::u16string_view version2)
68 {
69 for (size_t i1 = 0, i2 = 0; i1 != std::u16string_view::npos || i2 != std::u16string_view::npos;) {
70 std::u16string_view e1(getElement(version1, &i1));
71 std::u16string_view e2(getElement(version2, &i2));
72 if (e1.size() < e2.size()) {
73 return -1;
74 } else if (e1.size() > e2.size()) {
75 return 1;
76 } else if (e1 < e2) {
77 return -1;
78 } else if (e1 > e2) {
79 return 1;
80 }
81 }
82 return 0;
83 }
84 }
85
86 static void ImplFillElementList(
87 std::vector< OUString >& rList, const Reference < css::embed::XStorage >& rxStore,
88 std::u16string_view rRootStorageName, const bool bRecursive,
89 const DocumentSignatureAlgorithm mode)
90 {
91 const Sequence< OUString > aElements = rxStore->getElementNames();
92
93 for ( const auto& rName : aElements )
94 {
95 if (rName == "[Content_Types].xml")
96 // OOXML
97 continue;
98
99 // If the user enabled validating according to OOo 3.0
100 // then mimetype and all content of META-INF must be excluded.
101 if (mode != DocumentSignatureAlgorithm::OOo3_2
102 && (rName == "META-INF" || rName == "mimetype"))
103 {
104 continue;
105 }
106 else
107 {
108 OUString sEncName = ::rtl::Uri::encode(
109 rName, rtl_UriCharClassRelSegment,
110 rtl_UriEncodeStrict, RTL_TEXTENCODING_UTF8);
111 if (sEncName.isEmpty() && !rName.isEmpty())
112 throw css::uno::RuntimeException(u"Failed to encode element name of XStorage"_ustr, nullptr);
113
114 if ( rxStore->isStreamElement( rName ) )
115 {
116 //Exclude documentsignatures.xml!
117 if (rName ==
118 DocumentSignatureHelper::GetDocumentContentSignatureDefaultStreamName())
119 continue;
120 OUString aFullName( rRootStorageName + sEncName );
121 rList.push_back(aFullName);
122 }
123 else if ( bRecursive && rxStore->isStorageElement( rName ) )
124 {
125 Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( rName, css::embed::ElementModes::READ );
126 OUString aFullRootName( rRootStorageName + sEncName + "/" );
127 ImplFillElementList(rList, xSubStore, aFullRootName, bRecursive, mode);
128 }
129 }
130 }
131 }
132
133
134 bool DocumentSignatureHelper::isODFPre_1_2(std::u16string_view sVersion)
135 {
136 //The property version exists only if the document is at least version 1.2
137 //That is, if the document has version 1.1 and sVersion is empty.
138 //The constant is defined in comphelper/documentconstants.hxx
139 return compareVersions(sVersion, ODFVER_012_TEXT) == -1;
140 }
141
142 bool DocumentSignatureHelper::isOOo3_2_Signature(const SignatureInformation & sigInfo)
143 {
144 return std::any_of(sigInfo.vSignatureReferenceInfors.cbegin(),
145 sigInfo.vSignatureReferenceInfors.cend(),
146 [](const SignatureReferenceInformation& info) { return info.ouURI == "META-INF/manifest.xml"; });
147 }
148
149 DocumentSignatureAlgorithm
150 DocumentSignatureHelper::getDocumentAlgorithm(
151 std::u16string_view sODFVersion, const SignatureInformation & sigInfo)
152 {
153 OSL_ASSERT(!sODFVersion.empty());
154 DocumentSignatureAlgorithm mode = DocumentSignatureAlgorithm::OOo3_2;
155 if (!isOOo3_2_Signature(sigInfo))
156 {
157 if (isODFPre_1_2(sODFVersion))
158 mode = DocumentSignatureAlgorithm::OOo2;
159 else
160 mode = DocumentSignatureAlgorithm::OOo3_0;
161 }
162 return mode;
163 }
164
165 //The function creates a list of files which are to be signed or for which
166 //the signature is to be validated. The strings are UTF8 encoded URIs which
167 //contain '/' as path separators.
168 //
169 //The algorithm how document signatures are created and validated has
170 //changed over time. The change affects only which files within the document
171 //are changed. Document signatures created by OOo 2.x only used particular files. Since
172 //OOo 3.0 everything except "mimetype" and "META-INF" are signed. As of OOo 3.2 everything
173 //except META-INF/documentsignatures.xml is signed.
174 //Signatures are validated according to the algorithm which was then used for validation.
175 //That is, when validating a signature which was created by OOo 3.0, then mimetype and
176 //META-INF are not used.
177 //
178 //When a signature is created then we always use the latest algorithm. That is, we use
179 //that of OOo 3.2
180 std::vector< OUString >
181 DocumentSignatureHelper::CreateElementList(
182 const Reference < css::embed::XStorage >& rxStore,
183 DocumentSignatureMode eMode,
184 const DocumentSignatureAlgorithm mode)
185 {
186 std::vector< OUString > aElements;
187 OUString aSep( u"/"_ustr );
188
189 switch ( eMode )
190 {
191 case DocumentSignatureMode::Content:
192 {
193 if (mode == DocumentSignatureAlgorithm::OOo2) //that is, ODF 1.0, 1.1
194 {
195 // 1) Main content
196 ImplFillElementList(aElements, rxStore, std::u16string_view(), false, mode);
197
198 // 2) Pictures...
199 OUString aSubStorageName( u"Pictures"_ustr );
200 try
201 {
202 Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ );
203 ImplFillElementList(
204 aElements, xSubStore, Concat2View(aSubStorageName+aSep), true, mode);
205 }
206 catch(css::io::IOException& )
207 {
208 ; // Doesn't have to exist...
209 }
210 // 3) OLE...
211 aSubStorageName = "ObjectReplacements";
212 try
213 {
214 Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ );
215 ImplFillElementList(
216 aElements, xSubStore, Concat2View(aSubStorageName+aSep), true, mode);
217 xSubStore.clear();
218
219 // Object folders...
220 const Sequence< OUString > aElementNames = rxStore->getElementNames();
221 for ( const auto& rName : aElementNames )
222 {
223 if ( ( rName.match( "Object " ) ) && rxStore->isStorageElement( rName ) )
224 {
225 Reference < css::embed::XStorage > xTmpSubStore = rxStore->openStorageElement( rName, css::embed::ElementModes::READ );
226 ImplFillElementList(
227 aElements, xTmpSubStore, Concat2View(rName+aSep), true, mode);
228 }
229 }
230 }
231 catch( css::io::IOException& )
232 {
233 ; // Doesn't have to exist...
234 }
235 }
236 else
237 {
238 // Everything except META-INF
239 ImplFillElementList(aElements, rxStore, std::u16string_view(), true, mode);
240 }
241 }
242 break;
243 case DocumentSignatureMode::Macros:
244 {
245 // 1) Macros
246 OUString aSubStorageName( u"Basic"_ustr );
247 try
248 {
249 Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ );
250 ImplFillElementList(
251 aElements, xSubStore, Concat2View(aSubStorageName+aSep), true, mode);
252 }
253 catch( css::io::IOException& )
254 {
255 ; // Doesn't have to exist...
256 }
257
258 // 2) Dialogs
259 aSubStorageName = "Dialogs";
260 try
261 {
262 Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ );
263 ImplFillElementList(
264 aElements, xSubStore, Concat2View(aSubStorageName+aSep), true, mode);
265 }
266 catch( css::io::IOException& )
267 {
268 ; // Doesn't have to exist...
269 }
270 // 3) Scripts
271 aSubStorageName = "Scripts";
272 try
273 {
274 Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ );
275 ImplFillElementList(
276 aElements, xSubStore, Concat2View(aSubStorageName+aSep), true, mode);
277 }
278 catch( css::io::IOException& )
279 {
280 ; // Doesn't have to exist...
281 }
282 }
283 break;
284 }
285
286 return aElements;
287 }
288
289 void DocumentSignatureHelper::AppendContentTypes(const uno::Reference<embed::XStorage>& xStorage, std::vector<OUString>& rElements)
290 {
291 if (!xStorage.is() || !xStorage->hasByName(u"[Content_Types].xml"_ustr))
292 // ODF
293 return;
294
295 uno::Reference<io::XInputStream> xRelStream(xStorage->openStreamElement(u"[Content_Types].xml"_ustr, embed::ElementModes::READ), uno::UNO_QUERY);
296 uno::Sequence< uno::Sequence<beans::StringPair> > aContentTypeInfo = comphelper::OFOPXMLHelper::ReadContentTypeSequence(xRelStream, comphelper::getProcessComponentContext());
297 if (aContentTypeInfo.getLength() < 2)
298 {
299 SAL_WARN("xmlsecurity.helper", "no defaults or overrides in aContentTypeInfo");
300 return;
301 }
302 const uno::Sequence<beans::StringPair>& rDefaults = aContentTypeInfo[0];
303 const uno::Sequence<beans::StringPair>& rOverrides = aContentTypeInfo[1];
304
305 for (OUString& rElement : rElements)
306 {
307 auto it = std::find_if(rOverrides.begin(), rOverrides.end(), [&](const beans::StringPair& rPair)
308 {
309 return rPair.First == Concat2View("/" + rElement);
310 });
311
312 if (it != rOverrides.end())
313 {
314 rElement = "/" + rElement + "?ContentType=" + it->Second;
315 continue;
316 }
317
318 it = std::find_if(rDefaults.begin(), rDefaults.end(), [&](const beans::StringPair& rPair)
319 {
320 return rElement.endsWith(Concat2View("." + rPair.First));
321 });
322
323 if (it != rDefaults.end())
324 {
325 rElement = "/" + rElement + "?ContentType=" + it->Second;
326 continue;
327 }
328 SAL_WARN("xmlsecurity.helper", "found no content type for " << rElement);
329 }
330
331 std::sort(rElements.begin(), rElements.end());
332 }
333
334 SignatureStreamHelper DocumentSignatureHelper::OpenSignatureStream(
335 const Reference < css::embed::XStorage >& rxStore, sal_Int32 nOpenMode, DocumentSignatureMode eDocSigMode )
336 {
337 sal_Int32 nSubStorageOpenMode = css::embed::ElementModes::READ;
338 if ( nOpenMode & css::embed::ElementModes::WRITE )
339 nSubStorageOpenMode = css::embed::ElementModes::WRITE;
340
341 SignatureStreamHelper aHelper;
342
343 if (!rxStore.is())
344 return aHelper;
345
346 if (rxStore->hasByName(u"META-INF"_ustr))
347 {
348 try
349 {
350 aHelper.xSignatureStorage = rxStore->openStorageElement( u"META-INF"_ustr, nSubStorageOpenMode );
351 if ( aHelper.xSignatureStorage.is() )
352 {
353 OUString aSIGStreamName;
354 if ( eDocSigMode == DocumentSignatureMode::Content )
355 aSIGStreamName = DocumentSignatureHelper::GetDocumentContentSignatureDefaultStreamName();
356 else if ( eDocSigMode == DocumentSignatureMode::Macros )
357 aSIGStreamName = DocumentSignatureHelper::GetScriptingContentSignatureDefaultStreamName();
358 else
359 aSIGStreamName = DocumentSignatureHelper::GetPackageSignatureDefaultStreamName();
360
361 #ifdef SAL_LOG_INFO
362 aHelper.xSignatureStream
363 = aHelper.xSignatureStorage->openStreamElement(aSIGStreamName, nOpenMode);
364 SAL_INFO("xmlsecurity.helper",
365 "DocumentSignatureHelper::OpenSignatureStream: stream name is '"
366 << aSIGStreamName << "'");
367 if (aHelper.xSignatureStream.is())
368 {
369 uno::Reference<io::XInputStream> xInputStream(aHelper.xSignatureStream,
370 uno::UNO_QUERY);
371 sal_Int64 nSize = 0;
372 uno::Reference<beans::XPropertySet> xPropertySet(xInputStream, uno::UNO_QUERY);
373 xPropertySet->getPropertyValue(u"Size"_ustr) >>= nSize;
374 if (nSize >= 0 && nSize < SAL_MAX_INT32)
375 {
376 uno::Sequence<sal_Int8> aData;
377 xInputStream->readBytes(aData, nSize);
378 SAL_INFO("xmlsecurity.helper",
379 "DocumentSignatureHelper::OpenSignatureStream: stream content is '"
380 << OString(reinterpret_cast<const char*>(aData.getArray()),
381 aData.getLength())
382 << "'");
383 }
384 }
385 aHelper.xSignatureStream.clear();
386 #endif
387
388 aHelper.xSignatureStream = aHelper.xSignatureStorage->openStreamElement( aSIGStreamName, nOpenMode );
389 }
390 }
391 catch(css::io::IOException& )
392 {
393 // Doesn't have to exist...
394 SAL_WARN_IF( nOpenMode != css::embed::ElementModes::READ, "xmlsecurity.helper", "Error creating signature stream..." );
395 }
396 }
397 else if(rxStore->hasByName(u"[Content_Types].xml"_ustr))
398 {
399 try
400 {
401 if (rxStore->hasByName(u"_xmlsignatures"_ustr) && (nOpenMode & embed::ElementModes::TRUNCATE))
402 // Truncate, then all signatures will be written -> remove previous ones.
403 rxStore->removeElement(u"_xmlsignatures"_ustr);
404
405 aHelper.xSignatureStorage = rxStore->openStorageElement(u"_xmlsignatures"_ustr, nSubStorageOpenMode);
406 aHelper.nStorageFormat = embed::StorageFormats::OFOPXML;
407 }
408 catch (const io::IOException&)
409 {
410 TOOLS_WARN_EXCEPTION_IF(nOpenMode != css::embed::ElementModes::READ, "xmlsecurity.helper", "DocumentSignatureHelper::OpenSignatureStream:");
411 }
412 }
413
414 return aHelper;
415 }
416
417 /** Check whether the current file can be signed with GPG (only ODF >= 1.2 can currently) */
418 bool DocumentSignatureHelper::CanSignWithGPG(
419 const Reference < css::embed::XStorage >& rxStore,
420 std::u16string_view sOdfVersion)
421 {
422 if (!rxStore.is())
423 return false;
424
425 if (rxStore->hasByName(u"META-INF"_ustr)) // ODF
426 {
427 return !isODFPre_1_2(sOdfVersion);
428 }
429
430 return false;
431 }
432
433
434
435 //sElementList contains all files which are expected to be signed. Only those files must me signed,
436 //no more, no less.
437 //The DocumentSignatureAlgorithm indicates if the document was created with OOo 2.x. Then
438 //the uri s in the Reference elements in the signature, were not properly encoded.
439 // For example: <Reference URI="ObjectReplacements/Object 1">
440 bool DocumentSignatureHelper::checkIfAllFilesAreSigned(
441 const ::std::vector< OUString > & sElementList,
442 const SignatureInformation & sigInfo,
443 const DocumentSignatureAlgorithm alg)
444 {
445 // Can only be valid if ALL streams are signed, which means real stream count == signed stream count
446 unsigned int nRealCount = 0;
447 std::function<OUString(const OUString&)> fEncode = [](const OUString& rStr) { return rStr; };
448 if (alg == DocumentSignatureAlgorithm::OOo2)
449 //Comparing URIs is a difficult. Therefore we kind of normalize
450 //it before comparing. We assume that our URI do not have a leading "./"
451 //and fragments at the end (...#...)
452 fEncode = [](const OUString& rStr) {
453 return rtl::Uri::encode(rStr, rtl_UriCharClassPchar, rtl_UriEncodeCheckEscapes, RTL_TEXTENCODING_UTF8);
454 };
455
456 for ( int i = sigInfo.vSignatureReferenceInfors.size(); i; )
457 {
458 const SignatureReferenceInformation& rInf = sigInfo.vSignatureReferenceInfors[--i];
459 // There is also an extra entry of type SignatureReferenceType::SAMEDOCUMENT because of signature date.
460 if ( ( rInf.nType == SignatureReferenceType::BINARYSTREAM ) || ( rInf.nType == SignatureReferenceType::XMLSTREAM ) )
461 {
462 //find the file in the element list
463 if (std::any_of(sElementList.cbegin(), sElementList.cend(),
464 [&fEncode, &rInf](const OUString& rElement) { return fEncode(rElement) == fEncode(rInf.ouURI); }))
465 nRealCount++;
466 }
467 }
468 return sElementList.size() == nRealCount;
469 }
470
471 /*Compares the Uri which are obtained from CreateElementList with
472 the path obtained from the manifest.xml.
473 Returns true if both strings are equal.
474 */
475 bool DocumentSignatureHelper::equalsReferenceUriManifestPath(
476 std::u16string_view rUri, std::u16string_view rPath)
477 {
478 //split up the uri and path into segments. Both are separated by '/'
479 std::vector<OUString> vUriSegments;
480 for (sal_Int32 nIndex = 0; nIndex >= 0; )
481 vUriSegments.push_back(OUString(o3tl::getToken(rUri, 0, '/', nIndex )));
482
483 std::vector<OUString> vPathSegments;
484 for (sal_Int32 nIndex = 0; nIndex >= 0; )
485 vPathSegments.push_back(OUString(o3tl::getToken(rPath, 0, '/', nIndex )));
486
487 if (vUriSegments.size() != vPathSegments.size())
488 return false;
489
490 //Now compare each segment of the uri with its counterpart from the path
491 return std::equal(
492 vUriSegments.cbegin(), vUriSegments.cend(), vPathSegments.cbegin(),
493 [](const OUString& rUriSegment, const OUString& rPathSegment) {
494 //Decode the uri segment, so that %20 becomes ' ', etc.
495 OUString sDecUri = rtl::Uri::decode(rUriSegment, rtl_UriDecodeWithCharset, RTL_TEXTENCODING_UTF8);
496 return sDecUri == rPathSegment;
497 });
498 }
499
500 OUString DocumentSignatureHelper::GetDocumentContentSignatureDefaultStreamName()
501 {
502 return u"documentsignatures.xml"_ustr;
503 }
504
505 OUString DocumentSignatureHelper::GetScriptingContentSignatureDefaultStreamName()
506 {
507 return u"macrosignatures.xml"_ustr;
508 }
509
510 OUString DocumentSignatureHelper::GetPackageSignatureDefaultStreamName()
511 {
512 return u"packagesignatures.xml"_ustr;
513 }
514
515 void DocumentSignatureHelper::writeDigestMethod(
516 const uno::Reference<xml::sax::XDocumentHandler>& xDocumentHandler)
517 {
518 rtl::Reference<comphelper::AttributeList> pAttributeList(new comphelper::AttributeList());
519 pAttributeList->AddAttribute(u"Algorithm"_ustr, ALGO_XMLDSIGSHA256);
520 xDocumentHandler->startElement(u"DigestMethod"_ustr, uno::Reference<xml::sax::XAttributeList>(pAttributeList));
521 xDocumentHandler->endElement(u"DigestMethod"_ustr);
522 }
523
524 static void WriteXadesCert(
525 uno::Reference<xml::sax::XDocumentHandler> const& xDocumentHandler,
526 SignatureInformation::X509CertInfo const& rCertInfo)
527 {
528 xDocumentHandler->startElement(u"xd:Cert"_ustr, uno::Reference<xml::sax::XAttributeList>(new comphelper::AttributeList()));
529 xDocumentHandler->startElement(u"xd:CertDigest"_ustr, uno::Reference<xml::sax::XAttributeList>(new comphelper::AttributeList()));
530 DocumentSignatureHelper::writeDigestMethod(xDocumentHandler);
531 xDocumentHandler->startElement(u"DigestValue"_ustr, uno::Reference<xml::sax::XAttributeList>(new comphelper::AttributeList()));
532 assert(!rCertInfo.CertDigest.isEmpty());
533 xDocumentHandler->characters(rCertInfo.CertDigest);
534 xDocumentHandler->endElement(u"DigestValue"_ustr);
535 xDocumentHandler->endElement(u"xd:CertDigest"_ustr);
536 xDocumentHandler->startElement(u"xd:IssuerSerial"_ustr, uno::Reference<xml::sax::XAttributeList>(new comphelper::AttributeList()));
537 xDocumentHandler->startElement(u"X509IssuerName"_ustr, uno::Reference<xml::sax::XAttributeList>(new comphelper::AttributeList()));
538 xDocumentHandler->characters(rCertInfo.X509IssuerName);
539 xDocumentHandler->endElement(u"X509IssuerName"_ustr);
540 xDocumentHandler->startElement(u"X509SerialNumber"_ustr, uno::Reference<xml::sax::XAttributeList>(new comphelper::AttributeList()));
541 xDocumentHandler->characters(rCertInfo.X509SerialNumber);
542 xDocumentHandler->endElement(u"X509SerialNumber"_ustr);
543 xDocumentHandler->endElement(u"xd:IssuerSerial"_ustr);
544 xDocumentHandler->endElement(u"xd:Cert"_ustr);
545 }
546
547 void DocumentSignatureHelper::writeSignedProperties(
548 const uno::Reference<xml::sax::XDocumentHandler>& xDocumentHandler,
549 const SignatureInformation& signatureInfo,
550 const OUString& sDate, const bool bWriteSignatureLineData)
551 {
552 {
553 rtl::Reference<comphelper::AttributeList> pAttributeList(new comphelper::AttributeList());
554 pAttributeList->AddAttribute(u"Id"_ustr, "idSignedProperties_" + signatureInfo.ouSignatureId);
555 xDocumentHandler->startElement(u"xd:SignedProperties"_ustr, uno::Reference<xml::sax::XAttributeList>(pAttributeList));
556 }
557
558 xDocumentHandler->startElement(u"xd:SignedSignatureProperties"_ustr, uno::Reference<xml::sax::XAttributeList>(new comphelper::AttributeList()));
559 xDocumentHandler->startElement(u"xd:SigningTime"_ustr, uno::Reference<xml::sax::XAttributeList>(new comphelper::AttributeList()));
560 xDocumentHandler->characters(sDate);
561 xDocumentHandler->endElement(u"xd:SigningTime"_ustr);
562 xDocumentHandler->startElement(u"xd:SigningCertificate"_ustr, uno::Reference<xml::sax::XAttributeList>(new comphelper::AttributeList()));
563 assert(signatureInfo.GetSigningCertificate() || !signatureInfo.ouGpgKeyID.isEmpty());
564 if (signatureInfo.GetSigningCertificate())
565 {
566 // how should this deal with multiple X509Data elements?
567 // for now, let's write all of the certificates ...
568 for (auto const& rData : signatureInfo.X509Datas)
569 {
570 for (auto const& it : rData)
571 {
572 WriteXadesCert(xDocumentHandler, it);
573 }
574 }
575 }
576 else
577 {
578 // for PGP, write empty mandatory X509IssuerName, X509SerialNumber
579 SignatureInformation::X509CertInfo temp;
580 temp.CertDigest = signatureInfo.ouGpgKeyID;
581 WriteXadesCert(xDocumentHandler, temp);
582 }
583 xDocumentHandler->endElement(u"xd:SigningCertificate"_ustr);
584 xDocumentHandler->startElement(u"xd:SignaturePolicyIdentifier"_ustr, uno::Reference<xml::sax::XAttributeList>(new comphelper::AttributeList()));
585 xDocumentHandler->startElement(u"xd:SignaturePolicyImplied"_ustr, uno::Reference<xml::sax::XAttributeList>(new comphelper::AttributeList()));
586 xDocumentHandler->endElement(u"xd:SignaturePolicyImplied"_ustr);
587 xDocumentHandler->endElement(u"xd:SignaturePolicyIdentifier"_ustr);
588
589 if (bWriteSignatureLineData && !signatureInfo.ouSignatureLineId.isEmpty()
590 && signatureInfo.aValidSignatureImage.is() && signatureInfo.aInvalidSignatureImage.is())
591 {
592 rtl::Reference<comphelper::AttributeList> pAttributeList(new comphelper::AttributeList());
593 pAttributeList->AddAttribute(
594 u"xmlns:loext"_ustr, u"urn:org:documentfoundation:names:experimental:office:xmlns:loext:1.0"_ustr);
595 xDocumentHandler->startElement(
596 u"loext:SignatureLine"_ustr,
597 Reference<XAttributeList>(pAttributeList));
598
599 {
600 // Write SignatureLineId element
601 xDocumentHandler->startElement(
602 u"loext:SignatureLineId"_ustr,
603 Reference<XAttributeList>(new comphelper::AttributeList()));
604 xDocumentHandler->characters(signatureInfo.ouSignatureLineId);
605 xDocumentHandler->endElement(u"loext:SignatureLineId"_ustr);
606 }
607
608 {
609 // Write SignatureLineValidImage element
610 xDocumentHandler->startElement(
611 u"loext:SignatureLineValidImage"_ustr,
612 Reference<XAttributeList>(new comphelper::AttributeList()));
613
614 OUString aGraphicInBase64;
615 Graphic aGraphic(signatureInfo.aValidSignatureImage);
616 if (!XOutBitmap::GraphicToBase64(aGraphic, aGraphicInBase64, false))
617 SAL_WARN("xmlsecurity.helper", "could not convert graphic to base64");
618
619 xDocumentHandler->characters(aGraphicInBase64);
620 xDocumentHandler->endElement(u"loext:SignatureLineValidImage"_ustr);
621 }
622
623 {
624 // Write SignatureLineInvalidImage element
625 xDocumentHandler->startElement(
626 u"loext:SignatureLineInvalidImage"_ustr,
627 Reference<XAttributeList>(new comphelper::AttributeList()));
628 OUString aGraphicInBase64;
629 Graphic aGraphic(signatureInfo.aInvalidSignatureImage);
630 if (!XOutBitmap::GraphicToBase64(aGraphic, aGraphicInBase64, false))
631 SAL_WARN("xmlsecurity.helper", "could not convert graphic to base64");
632 xDocumentHandler->characters(aGraphicInBase64);
633 xDocumentHandler->endElement(u"loext:SignatureLineInvalidImage"_ustr);
634 }
635
636 xDocumentHandler->endElement(u"loext:SignatureLine"_ustr);
637 }
638
639 xDocumentHandler->endElement(u"xd:SignedSignatureProperties"_ustr);
640
641 xDocumentHandler->endElement(u"xd:SignedProperties"_ustr);
642 }
643
644 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
FREE OFFICE SUITE