| blob | 7b63ca0f94e0215549fe17721ef5ef10b095ad40 |
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3 * This file is part of the LibreOffice project.
4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 *
9 * This file incorporates work covered by the following license notice:
10 *
11 * Licensed to the Apache Software Foundation (ASF) under one or more
12 * contributor license agreements. See the NOTICE file distributed
13 * with this work for additional information regarding copyright
14 * ownership. The ASF licenses this file to you under the Apache
15 * License, Version 2.0 (the "License"); you may not use this file
16 * except in compliance with the License. You may obtain a copy of
17 * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18 */
20 #ifndef INCLUDED_XMLSECURITY_SOURCE_HELPER_XSECCTL_HXX
21 #define INCLUDED_XMLSECURITY_SOURCE_HELPER_XSECCTL_HXX
23 #include <xmlsecurity/sigstruct.hxx>
25 #include <com/sun/star/uno/XComponentContext.hpp>
26 #include <com/sun/star/xml/sax/XParser.hpp>
27 #include <com/sun/star/lang/XInitialization.hpp>
28 #include <com/sun/star/xml/sax/XDocumentHandler.hpp>
29 #include <com/sun/star/xml/sax/XAttributeList.hpp>
30 #include <com/sun/star/xml/crypto/XXMLSignature.hpp>
31 #include <com/sun/star/xml/crypto/XSEInitializer.hpp>
32 #include <com/sun/star/xml/crypto/sax/XSecurityController.hpp>
33 #include <com/sun/star/xml/crypto/sax/XElementStackKeeper.hpp>
34 #include <com/sun/star/xml/crypto/sax/XSecuritySAXEventKeeper.hpp>
35 #include <com/sun/star/xml/crypto/sax/XReferenceResolvedListener.hpp>
36 #include <com/sun/star/xml/crypto/sax/XSAXEventKeeperStatusChangeListener.hpp>
37 #include <com/sun/star/xml/crypto/sax/XSignatureCreationResultListener.hpp>
38 #include <com/sun/star/xml/crypto/sax/XSignatureVerifyResultListener.hpp>
39 #include <com/sun/star/xml/wrapper/XXMLDocumentWrapper.hpp>
40 #include <com/sun/star/beans/XFastPropertySet.hpp>
41 #include <com/sun/star/io/XOutputStream.hpp>
42 #include <com/sun/star/io/XInputStream.hpp>
44 #include <rtl/ustrbuf.hxx>
46 #include <cppuhelper/implbase4.hxx>
48 #include <vector>
50 /*
51 * all error information
52 */
58 /*
59 * all stringS in signature element
60 */
82 //#define TAG_TIME "time"
93 //#define NS_DATETIME "http://www.ietf.org/rfcXXXX.txt"
104 /*
105 * status of security related components
106 */
107 #define UNINITIALIZED 0
108 #define INITIALIZED 1
109 #define FAILTOINITIALIZED 2
113 class InternalSignatureInformation
114 {
116 SignatureInformation signatureInfor;
120 xReferenceResolvedListener;
125 sal_Int32 nId,
127 xListener)
129 {
131 }
134 {
138 }
139 };
144 <
146 //com::sun::star::beans::XFastPropertySet,
150 >
151 /****** XSecController.hxx/CLASS XSecController *******************************
152 *
153 * NAME
154 * XSecController -- the xml security framework controller
155 *
156 * FUNCTION
157 * Controls the whole xml security framework to create signatures or to
158 * verify signatures.
159 *
160 * NOTES
161 * The XFastPropertySet interface is used to transfer common values to
162 * classes in other module, for instance, the signature id for all
163 * sessions is transferred to xmloff module through this interface.
164 *
165 * AUTHOR
166 * Michael Mi
167 * Email: michael.mi@sun.com
168 ******************************************************************************/
169 {
175 /*
176 * used to buffer SAX events
177 */
181 /*
182 * the SAX events keeper
183 */
187 /*
188 * the bridge component which creates/verifies signature
189 */
193 /*
194 * the Security Context
195 */
199 /*
200 * the security id incrementer, in order to make any security id unique
201 * to the SAXEventKeeper.
202 * Because each XSecController has its own SAXEventKeeper, so this variable
203 * is not necessary to be static.
204 */
205 sal_Int32 m_nNextSecurityId;
207 /*
208 * Signature information
209 */
210 InternalSignatureInformations m_vInternalSignatureInformations;
212 /*
213 * the previous node on the SAX chain.
214 * The reason that use a Reference<XInterface> type variable
215 * is that the previous components are different when exporting
216 * and importing, and there is no other common interface they
217 * can provided.
218 */
221 /*
222 * whether the preivous node can provide an XInitiazlize interface,
223 * use this variable in order to typecast the XInterface to the
224 * correct interface type.
225 */
228 /*
229 * the next node on the SAX chain.
230 * it can always provide an XDocumentHandler interface.
231 */
235 /*
236 * the ElementStackKeeper is used to reserve the key SAX events.
237 * when the SAXEventKeeper is chained on the SAX chain, it need
238 * first get all missed key SAX events in order to make sure the
239 * DOM tree it buffering has the same structure with the original
240 * document.
241 *
242 * For a given section of a SAX event stream, the key SAX events
243 * are the minimal SAX event subset of that section, which,
244 * combining with SAX events outside of this section, has the same
245 * structure with the original document.
246 *
247 * For example, sees the following dom fragment:
248 * <A>
249 * <B/>
250 * <C>
251 * <D>
252 * <E/>
253 * </D>
254 * </C>
255 * </A>
256 *
257 * If we consider the SAX event section from startElement(<A>) to
258 * startElement(<D>), then the key SAX events are:
259 *
260 * startElement(<A>), startElement(<C>), startElement(<D>)
261 *
262 * The startElement(<B>) and endElement(<B>) is ignored, because
263 * they are unimportant for the tree structure in this section.
264 *
265 * If we consider the SAX event section from startElement(<D>) to
266 * endElement(<A>), the key SAX events are:
267 *
268 * startElement(<D>), endElement(<D>), endElement(<C>),
269 * endElement(<A>).
270 */
274 /*
275 * a flag representing whether the SAXEventKeeper is now on the
276 * SAX chain.
277 */
280 /*
281 * a flag representing whether it is collecting some element,
282 * which means that the SAXEventKeeper can't be chained off the
283 * SAX chain.
284 */
287 /*
288 * a flag representing whether the SAX event stream is blocking,
289 * which also means that the SAXEventKeeper can't be chained off
290 * the SAX chain.
291 */
294 /*
295 * a flag representing the current status of security related
296 * components.
297 */
298 sal_Int32 m_nStatusOfSecurityComponents;
300 /*
301 * a flag representing whether the SAXEventKeeper need to be
302 * on the SAX chain all the time.
303 * This flag is used to the situation when creating signature.
304 */
307 /*
308 * fast property vector
309 */
313 /*
314 * error message pointer
315 */
318 /*
319 * the XSecParser which is used to parse the signature stream
320 */
323 /*
324 * the caller assigned signature id for the next signature in the
325 * signature stream
326 */
327 sal_Int32 m_nReservedSignatureId;
329 /*
330 * representing whether to verify the current signature
331 */
334 /*
335 * An xUriBinding is provided to map Uris to XInputStream interfaces.
336 */
342 /*
343 * Common methods
344 */
355 //sal_Int32 getFastPropertyIndex(sal_Int32 nHandle) const;
357 /*
358 * For signature generation
359 */
365 /*
366 * For signature verification
367 */
388 sal_Int32 nSecurityId );
391 explicit XSecController(const com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext>& rxCtx);
421 /*
422 * For signature generation
423 */
424 void signAStream( sal_Int32 securityId, const OUString& uri, const OUString& objectURL, bool isBinary);
427 /** sets data that describes the certificate.
429 It is absolutely necessary that the parameter ouX509IssuerName is set. It contains
430 the base64 encoded certificate, which is DER encoded. The XMLSec needs it to find
431 the private key. Although issuer name and certificate should be sufficient to identify
432 the certificate the implementation in XMLSec is broken, both for Windows and mozilla.
433 The reason is that they use functions to find the certificate which take as parameter
434 the DER encoded ASN.1 issuer name. The issuer name is a DName, where most attributes
435 are of type DirectoryName, which is a choice of 5 string types. This information is
436 not contained in the issuer string and while it is converted to the ASN.1 name the
437 conversion function must assume a particular type, which is often wrong. For example,
438 the Windows function CertStrToName will use a T.61 string if the string does not contain
439 special characters. So if the certificate uses simple characters but encodes the
440 issuer attributes in Utf8, then CertStrToName will use T.61. The resulting DER encoded
441 ASN.1 name now contains different bytes which indicate the string type. The functions
442 for finding the certificate apparently use memcmp - hence they fail to find the
443 certificate.
444 */
446 sal_Int32 nSecurityId,
450 // see the other setX509Certifcate function
452 sal_Int32 nSecurityId,
459 sal_Int32 nSecurityId,
467 /*
468 * For signature verification
469 */
472 com::sun::star::uno::Reference< com::sun::star::xml::sax::XDocumentHandler > createSignatureReader();
476 /* Interface methods */
478 /*
479 * XSecurityController
480 *
481 * no method in XSecurityController interface
482 */
484 /*
485 * XFastPropertySet
486 */
488 /*
489 * XSAXEventKeeperStatusChangeListener
490 */
494 sal_Bool isInsideCollectedElement )
499 /*
500 * XSignatureCreationResultListener
501 */
502 virtual void SAL_CALL signatureCreated( sal_Int32 securityId, com::sun::star::xml::crypto::SecurityOperationStatus nResult )
505 /*
506 * XSignatureVerifyResultListener
507 */
508 virtual void SAL_CALL signatureVerified( sal_Int32 securityId, com::sun::star::xml::crypto::SecurityOperationStatus nResult )
510 };
512 #endif
514 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */