search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Gtk-WARNING gtktreestore.c:1047: Invalid column number 1 added to iter
[LibreOffice.git] / xmlsecurity / source / xmlsec / nss / xmlsignature_nssimpl.cxx
blobce61942dda27fdb9b2bfc88b635b7a74774c6389
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3 * This file is part of the LibreOffice project.
4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 *
9 * This file incorporates work covered by the following license notice:
10 *
11 * Licensed to the Apache Software Foundation (ASF) under one or more
12 * contributor license agreements. See the NOTICE file distributed
13 * with this work for additional information regarding copyright
14 * ownership. The ASF licenses this file to you under the Apache
15 * License, Version 2.0 (the "License"); you may not use this file
16 * except in compliance with the License. You may obtain a copy of
17 * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18 */
19
20 #include <sal/config.h>
21
22 #include <xmlsec/nss/x509.h>
23
24 #include <xmlelementwrapper_xmlsecimpl.hxx>
25 #include <xmlsec/xmlstreamio.hxx>
26 #include <xmlsec/errorcallback.hxx>
27
28 #include "securityenvironment_nssimpl.hxx"
29
30 #include <xmlsec/xmldsig.h>
31 #include <sal/log.hxx>
32
33 #include <com/sun/star/xml/crypto/XXMLSignature.hpp>
34 #include <memory>
35
36 namespace com::sun::star::uno { class XComponentContext; }
37
38 using namespace ::com::sun::star;
39 using namespace ::com::sun::star::uno ;
40 using namespace ::com::sun::star::lang ;
41
42 using ::com::sun::star::xml::wrapper::XXMLElementWrapper ;
43 using ::com::sun::star::xml::crypto::XSecurityEnvironment ;
44 using ::com::sun::star::xml::crypto::XXMLSignature ;
45 using ::com::sun::star::xml::crypto::XXMLSignatureTemplate ;
46 using ::com::sun::star::xml::crypto::XXMLSecurityContext ;
47 using ::com::sun::star::xml::crypto::XUriBinding ;
48
49 namespace std
50 {
51 template <> struct default_delete<xmlSecKeysMngr>
52 {
53 void operator()(xmlSecKeysMngrPtr ptr) { SecurityEnvironment_NssImpl::destroyKeysManager(ptr); }
54 };
55 template <> struct default_delete<xmlSecDSigCtx>
56 {
57 void operator()(xmlSecDSigCtxPtr ptr) { xmlSecDSigCtxDestroy(ptr); }
58 };
59 }
60
61 namespace {
62
63 class XMLSignature_NssImpl
64 : public ::cppu::WeakImplHelper<xml::crypto::XXMLSignature, lang::XServiceInfo>
65 {
66 public:
67 explicit XMLSignature_NssImpl();
68
69 //Methods from XXMLSignature
70 virtual uno::Reference<xml::crypto::XXMLSignatureTemplate> SAL_CALL
71 generate(const uno::Reference<xml::crypto::XXMLSignatureTemplate>& aTemplate,
72 const uno::Reference<xml::crypto::XSecurityEnvironment>& aEnvironment) override;
73
74 virtual uno::Reference<xml::crypto::XXMLSignatureTemplate> SAL_CALL
75 validate(const uno::Reference<xml::crypto::XXMLSignatureTemplate>& aTemplate,
76 const uno::Reference<xml::crypto::XXMLSecurityContext>& aContext) override;
77
78 //Methods from XServiceInfo
79 virtual OUString SAL_CALL getImplementationName() override;
80
81 virtual sal_Bool SAL_CALL supportsService(const OUString& ServiceName) override;
82
83 virtual uno::Sequence<OUString> SAL_CALL getSupportedServiceNames() override;
84 };
85
86 }
87
88 XMLSignature_NssImpl::XMLSignature_NssImpl() {
89 }
90
91 /* XXMLSignature */
92 Reference< XXMLSignatureTemplate >
93 SAL_CALL XMLSignature_NssImpl::generate(
94 const Reference< XXMLSignatureTemplate >& aTemplate ,
95 const Reference< XSecurityEnvironment >& aEnvironment
96 )
97 {
98 xmlNodePtr pNode = nullptr ;
99
100 if( !aTemplate.is() )
101 throw RuntimeException() ;
102
103 if( !aEnvironment.is() )
104 throw RuntimeException() ;
105
106 //Get the xml node
107 Reference< XXMLElementWrapper > xElement = aTemplate->getTemplate() ;
108 if( !xElement.is() ) {
109 throw RuntimeException() ;
110 }
111
112 XMLElementWrapper_XmlSecImpl* pElement
113 = dynamic_cast<XMLElementWrapper_XmlSecImpl*>(xElement.get());
114 if( pElement == nullptr ) {
115 throw RuntimeException() ;
116 }
117
118 pNode = pElement->getNativeElement() ;
119
120 //Get the stream/URI binding
121 Reference< XUriBinding > xUriBinding = aTemplate->getBinding() ;
122 if( xUriBinding.is() ) {
123 //Register the stream input callbacks into libxml2
124 if( xmlRegisterStreamInputCallbacks( xUriBinding ) < 0 )
125 throw RuntimeException() ;
126 }
127
128 //Get Keys Manager
129
130 // the key manager should be retrieved from SecurityEnvironment, instead of SecurityContext
131 SecurityEnvironment_NssImpl* pSecEnv
132 = dynamic_cast<SecurityEnvironment_NssImpl*>(aEnvironment.get());
133 if( pSecEnv == nullptr )
134 throw RuntimeException() ;
135
136 setErrorRecorder();
137
138 std::unique_ptr<xmlSecKeysMngr> pMngr(pSecEnv->createKeysManager());
139 if( !pMngr ) {
140 throw RuntimeException() ;
141 }
142
143 //Create Signature context
144 std::unique_ptr<xmlSecDSigCtx> pDsigCtx(xmlSecDSigCtxCreate(pMngr.get()));
145 if( pDsigCtx == nullptr )
146 {
147 //throw XMLSignatureException() ;
148 clearErrorRecorder();
149 return aTemplate;
150 }
151
152 //Sign the template
153 if( xmlSecDSigCtxSign( pDsigCtx.get() , pNode ) == 0 )
154 {
155 if (pDsigCtx->status == xmlSecDSigStatusSucceeded)
156 aTemplate->setStatus(css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED);
157 else
158 aTemplate->setStatus(css::xml::crypto::SecurityOperationStatus_UNKNOWN);
159 }
160 else
161 {
162 aTemplate->setStatus(css::xml::crypto::SecurityOperationStatus_UNKNOWN);
163 }
164
165 //Unregistered the stream/URI binding
166 if( xUriBinding.is() )
167 xmlUnregisterStreamInputCallbacks() ;
168
169 clearErrorRecorder();
170 return aTemplate ;
171 }
172
173 /* XXMLSignature */
174 Reference< XXMLSignatureTemplate >
175 SAL_CALL XMLSignature_NssImpl::validate(
176 const Reference< XXMLSignatureTemplate >& aTemplate ,
177 const Reference< XXMLSecurityContext >& aSecurityCtx
178 ) {
179 xmlNodePtr pNode = nullptr ;
180 //sal_Bool valid ;
181
182 if( !aTemplate.is() )
183 throw RuntimeException() ;
184
185 if( !aSecurityCtx.is() )
186 throw RuntimeException() ;
187
188 //Get the xml node
189 Reference< XXMLElementWrapper > xElement = aTemplate->getTemplate() ;
190 if( !xElement.is() )
191 throw RuntimeException() ;
192
193 XMLElementWrapper_XmlSecImpl* pElement
194 = dynamic_cast<XMLElementWrapper_XmlSecImpl*>(xElement.get());
195 if( pElement == nullptr )
196 throw RuntimeException() ;
197
198 pNode = pElement->getNativeElement() ;
199
200 //Get the stream/URI binding
201 Reference< XUriBinding > xUriBinding = aTemplate->getBinding() ;
202 if( xUriBinding.is() ) {
203 //Register the stream input callbacks into libxml2
204 if( xmlRegisterStreamInputCallbacks( xUriBinding ) < 0 )
205 throw RuntimeException() ;
206 }
207
208 setErrorRecorder();
209
210 sal_Int32 nSecurityEnvironment = aSecurityCtx->getSecurityEnvironmentNumber();
211 sal_Int32 i;
212
213 for (i=0; i<nSecurityEnvironment; ++i)
214 {
215 Reference< XSecurityEnvironment > aEnvironment = aSecurityCtx->getSecurityEnvironmentByIndex(i);
216
217 //Get Keys Manager
218 SecurityEnvironment_NssImpl* pSecEnv
219 = dynamic_cast<SecurityEnvironment_NssImpl*>(aEnvironment.get());
220 if( pSecEnv == nullptr )
221 throw RuntimeException() ;
222
223 std::unique_ptr<xmlSecKeysMngr> pMngr(pSecEnv->createKeysManager());
224 if( !pMngr ) {
225 throw RuntimeException() ;
226 }
227
228 //Create Signature context
229 std::unique_ptr<xmlSecDSigCtx> pDsigCtx(xmlSecDSigCtxCreate(pMngr.get()));
230 if( pDsigCtx == nullptr )
231 {
232 clearErrorRecorder();
233 return aTemplate;
234 }
235
236 // We do certificate verification ourselves.
237 pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
238
239 // limit possible key data to valid X509 certificates only, no KeyValues
240 if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecNssKeyDataX509GetKlass()) < 0)
241 throw RuntimeException(u"failed to limit allowed key data"_ustr);
242
243 xmlBufferPtr pBuf = xmlBufferCreate();
244 xmlNodeDump(pBuf, nullptr, pNode, 0, 0);
245 SAL_INFO("xmlsecurity.xmlsec", "xmlSecDSigCtxVerify input XML node is '"
246 << reinterpret_cast<const char*>(xmlBufferContent(pBuf))
247 << "'");
248 xmlBufferFree(pBuf);
249
250 //Verify signature
251 int rs = xmlSecDSigCtxVerify( pDsigCtx.get() , pNode );
252
253 // Also verify manifest: this is empty for ODF, but contains everything (except signature metadata) for OOXML.
254 xmlSecSize nReferenceCount = xmlSecPtrListGetSize(&pDsigCtx->manifestReferences);
255 // Require that all manifest references are also good.
256 xmlSecSize nReferenceGood = 0;
257 for (xmlSecSize nReference = 0; nReference < nReferenceCount; ++nReference)
258 {
259 xmlSecDSigReferenceCtxPtr pReference = static_cast<xmlSecDSigReferenceCtxPtr>(xmlSecPtrListGetItem(&pDsigCtx->manifestReferences, nReference));
260 if (pReference)
261 {
262 if (pReference->status == xmlSecDSigStatusSucceeded)
263 ++nReferenceGood;
264 }
265 }
266 SAL_INFO("xmlsecurity.xmlsec", "xmlSecDSigCtxVerify status " << pDsigCtx->status << ", references good " << nReferenceGood << " of " << nReferenceCount);
267
268 if (rs == 0 && pDsigCtx->status == xmlSecDSigStatusSucceeded && nReferenceCount == nReferenceGood)
269 {
270 aTemplate->setStatus(css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED);
271 break;
272 }
273 else
274 {
275 aTemplate->setStatus(css::xml::crypto::SecurityOperationStatus_UNKNOWN);
276 }
277 }
278
279
280 //Unregistered the stream/URI binding
281 if( xUriBinding.is() )
282 xmlUnregisterStreamInputCallbacks() ;
283
284 //return valid ;
285 clearErrorRecorder();
286 return aTemplate;
287 }
288
289 /* XServiceInfo */
290 OUString SAL_CALL XMLSignature_NssImpl::getImplementationName()
291 {
292 return u"com.sun.star.xml.crypto.XMLSignature"_ustr;
293 }
294
295 /* XServiceInfo */
296 sal_Bool SAL_CALL XMLSignature_NssImpl::supportsService(const OUString& rServiceName)
297 {
298 const css::uno::Sequence<OUString> aServiceNames = getSupportedServiceNames();
299 for (OUString const & rCurrentServiceName : aServiceNames)
300 {
301 if (rCurrentServiceName == rServiceName)
302 return true;
303 }
304 return false;
305 }
306
307 /* XServiceInfo */
308 Sequence<OUString> SAL_CALL XMLSignature_NssImpl::getSupportedServiceNames()
309 {
310 return { u"com.sun.star.xml.crypto.XMLSignature"_ustr };
311 }
312
313 extern "C" SAL_DLLPUBLIC_EXPORT uno::XInterface*
314 com_sun_star_xml_crypto_XMLSignature_get_implementation(uno::XComponentContext* /*pCtx*/,
315 uno::Sequence<uno::Any> const& /*rSeq*/)
316 {
317 return cppu::acquire(new XMLSignature_NssImpl);
318 }
319
320 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
FREE OFFICE SUITE