search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Version 5.4.3.2, tag libreoffice-5.4.3.2
[LibreOffice.git] / xmlsecurity / source / helper / documentsignaturemanager.cxx
blob4718555d54c2fcbb169966bec9f3128a675b032e
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3 * This file is part of the LibreOffice project.
4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 *
9 * This file incorporates work covered by the following license notice:
10 *
11 * Licensed to the Apache Software Foundation (ASF) under one or more
12 * contributor license agreements. See the NOTICE file distributed
13 * with this work for additional information regarding copyright
14 * ownership. The ASF licenses this file to you under the Apache
15 * License, Version 2.0 (the "License"); you may not use this file
16 * except in compliance with the License. You may obtain a copy of
17 * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18 */
19
20 #include <documentsignaturemanager.hxx>
21 #include "gpg/SEInitializer.hxx"
22
23 #include <com/sun/star/embed/StorageFormats.hpp>
24 #include <com/sun/star/embed/ElementModes.hpp>
25 #include <com/sun/star/io/TempFile.hpp>
26 #include <com/sun/star/io/XTruncate.hpp>
27 #include <com/sun/star/embed/XTransactedObject.hpp>
28 #include <com/sun/star/xml/crypto/SEInitializer.hpp>
29 #include <com/sun/star/lang/XServiceInfo.hpp>
30
31 #include <comphelper/storagehelper.hxx>
32 #include <rtl/ustrbuf.hxx>
33 #include <sax/tools/converter.hxx>
34 #include <tools/date.hxx>
35 #include <tools/time.hxx>
36 #include <o3tl/make_unique.hxx>
37
38 #include <certificate.hxx>
39 #include <biginteger.hxx>
40
41 #include <xmlsec/xmlsec_init.hxx>
42
43 using namespace css;
44
45 DocumentSignatureManager::DocumentSignatureManager(const uno::Reference<uno::XComponentContext>& xContext, DocumentSignatureMode eMode)
46 : mxContext(xContext),
47 maSignatureHelper(xContext),
48 meSignatureMode(eMode)
49 {
50 }
51
52 DocumentSignatureManager::~DocumentSignatureManager()
53 {
54 deInitXmlSec();
55 }
56
57 bool DocumentSignatureManager::init()
58 {
59 SAL_WARN_IF(mxSEInitializer.is(), "xmlsecurity.helper", "DocumentSignatureManager::Init - mxSEInitializer already set!");
60 SAL_WARN_IF(mxSecurityContext.is(), "xmlsecurity.helper", "DocumentSignatureManager::Init - mxSecurityContext already set!");
61 SAL_WARN_IF(mxGpgSEInitializer.is(), "xmlsecurity.helper", "DocumentSignatureManager::Init - mxGpgSEInitializer already set!");
62
63 // xmlsec is needed by both services, so init before those
64 initXmlSec();
65
66 mxSEInitializer = xml::crypto::SEInitializer::create(mxContext);
67 #if !defined(MACOSX) && !defined(WNT)
68 mxGpgSEInitializer.set(new SEInitializerGpg());
69 #endif
70
71 if (mxSEInitializer.is())
72 mxSecurityContext = mxSEInitializer->createSecurityContext(OUString());
73
74 #if !defined(MACOSX) && !defined(WNT)
75 if (mxGpgSEInitializer.is())
76 mxGpgSecurityContext = mxGpgSEInitializer->createSecurityContext(OUString());
77
78 return mxSecurityContext.is() || mxGpgSecurityContext.is();
79 #else
80 return mxSecurityContext.is();
81 #endif
82 }
83
84 PDFSignatureHelper& DocumentSignatureManager::getPDFSignatureHelper()
85 {
86 bool bInit = true;
87 if (!mxSecurityContext.is())
88 bInit = init();
89
90 SAL_WARN_IF(!bInit, "xmlsecurity.comp", "Error initializing security context!");
91
92 if (!mpPDFSignatureHelper)
93 mpPDFSignatureHelper = o3tl::make_unique<PDFSignatureHelper>();
94
95 return *mpPDFSignatureHelper;
96 }
97
98 #if 0 // For some reason does not work
99 bool DocumentSignatureManager::IsXAdESRelevant()
100 {
101 if (mxStore.is())
102 {
103 // ZIP-based: ODF or OOXML.
104 maSignatureHelper.StartMission();
105
106 SignatureStreamHelper aStreamHelper = ImplOpenSignatureStream(embed::ElementModes::READ, /*bUseTempStream=*/true);
107 if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
108 {
109 maSignatureHelper.EndMission();
110 return false;
111 }
112 // FIXME: How to figure out if it is ODF 1.2?
113 maSignatureHelper.EndMission();
114 return true;
115 }
116 return false;
117 }
118 #endif
119
120 /* Using the zip storage, we cannot get the properties "MediaType" and "IsEncrypted"
121 We use the manifest to find out if a file is xml and if it is encrypted.
122 The parameter is an encoded uri. However, the manifest contains paths. Therefore
123 the path is encoded as uri, so they can be compared.
124 */
125 bool DocumentSignatureManager::isXML(const OUString& rURI)
126 {
127 SAL_WARN_IF(!mxStore.is(), "xmlsecurity.helper", "empty storage reference");
128
129 bool bIsXML = false;
130 bool bPropsAvailable = false;
131 const OUString sPropFullPath("FullPath");
132 const OUString sPropMediaType("MediaType");
133 const OUString sPropDigest("Digest");
134
135 for (int i = 0; i < m_manifest.getLength(); i++)
136 {
137 const uno::Sequence<beans::PropertyValue>& entry = m_manifest[i];
138 OUString sPath, sMediaType;
139 bool bEncrypted = false;
140 for (int j = 0; j < entry.getLength(); j++)
141 {
142 const beans::PropertyValue& prop = entry[j];
143
144 if (prop.Name.equals(sPropFullPath))
145 prop.Value >>= sPath;
146 else if (prop.Name.equals(sPropMediaType))
147 prop.Value >>= sMediaType;
148 else if (prop.Name.equals(sPropDigest))
149 bEncrypted = true;
150 }
151 if (DocumentSignatureHelper::equalsReferenceUriManifestPath(rURI, sPath))
152 {
153 bIsXML = sMediaType == "text/xml" && ! bEncrypted;
154 bPropsAvailable = true;
155 break;
156 }
157 }
158 if (!bPropsAvailable)
159 {
160 //This would be the case for at least mimetype, META-INF/manifest.xml
161 //META-INF/macrosignatures.xml.
162 //Files can only be encrypted if they are in the manifest.xml.
163 //That is, the current file cannot be encrypted, otherwise bPropsAvailable
164 //would be true.
165 OUString aXMLExt("XML");
166 sal_Int32 nSep = rURI.lastIndexOf('.');
167 if (nSep != (-1))
168 {
169 OUString aExt = rURI.copy(nSep+1);
170 if (aExt.equalsIgnoreAsciiCase(aXMLExt))
171 bIsXML = true;
172 }
173 }
174 return bIsXML;
175 }
176
177 //If bTempStream is true, then a temporary stream is return. If it is false then, the actual
178 //signature stream is used.
179 //Every time the user presses Add a new temporary stream is created.
180 //We keep the temporary stream as member because ImplGetSignatureInformations
181 //will later access the stream to create DocumentSignatureInformation objects
182 //which are stored in maCurrentSignatureInformations.
183 SignatureStreamHelper DocumentSignatureManager::ImplOpenSignatureStream(sal_Int32 nStreamOpenMode, bool bTempStream)
184 {
185 SignatureStreamHelper aHelper;
186 if (mxStore.is())
187 {
188 uno::Reference<container::XNameAccess> xNameAccess(mxStore, uno::UNO_QUERY);
189 if (xNameAccess.is() && xNameAccess->hasByName("[Content_Types].xml"))
190 aHelper.nStorageFormat = embed::StorageFormats::OFOPXML;
191 }
192
193 if (bTempStream)
194 {
195 if (nStreamOpenMode & embed::ElementModes::TRUNCATE)
196 {
197 //We write always into a new temporary stream.
198 mxTempSignatureStream.set(io::TempFile::create(mxContext), uno::UNO_QUERY_THROW);
199 if (aHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
200 aHelper.xSignatureStream = mxTempSignatureStream;
201 else
202 {
203 mxTempSignatureStorage = comphelper::OStorageHelper::GetStorageOfFormatFromStream(ZIP_STORAGE_FORMAT_STRING, mxTempSignatureStream);
204 aHelper.xSignatureStorage = mxTempSignatureStorage;
205 }
206 }
207 else
208 {
209 //When we read from the temp stream, then we must have previously
210 //created one.
211 SAL_WARN_IF(!mxTempSignatureStream.is(), "xmlsecurity.helper", "empty temp. signature stream reference");
212 }
213 aHelper.xSignatureStream = mxTempSignatureStream;
214 if (aHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
215 aHelper.xSignatureStorage = mxTempSignatureStorage;
216 }
217 else
218 {
219 //No temporary stream
220 if (!mxSignatureStream.is())
221 {
222 //We may not have a dedicated stream for writing the signature
223 //So we take one directly from the storage
224 //Or DocumentDigitalSignatures::showDocumentContentSignatures was called,
225 //in which case Add/Remove is not allowed. This is done, for example, if the
226 //document is readonly
227 aHelper = DocumentSignatureHelper::OpenSignatureStream(mxStore, nStreamOpenMode, meSignatureMode);
228 }
229 else
230 {
231 aHelper.xSignatureStream = mxSignatureStream;
232 }
233 }
234
235 if (nStreamOpenMode & embed::ElementModes::TRUNCATE)
236 {
237 if (aHelper.xSignatureStream.is() && aHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
238 {
239 uno::Reference<io::XTruncate> xTruncate(aHelper.xSignatureStream, uno::UNO_QUERY_THROW);
240 xTruncate->truncate();
241 }
242 }
243 else if (bTempStream || mxSignatureStream.is())
244 {
245 //In case we read the signature stream from the storage directly,
246 //which is the case when DocumentDigitalSignatures::showDocumentContentSignatures
247 //then XSeakable is not supported
248 uno::Reference<io::XSeekable> xSeek(aHelper.xSignatureStream, uno::UNO_QUERY_THROW);
249 xSeek->seek(0);
250 }
251
252 return aHelper;
253 }
254
255 bool DocumentSignatureManager::add(const uno::Reference<security::XCertificate>& xCert,
256 const uno::Reference<xml::crypto::XXMLSecurityContext>& xSecurityContext,
257 const OUString& rDescription,
258 sal_Int32& nSecurityId,
259 bool bAdESCompliant)
260 {
261 if (!xCert.is())
262 {
263 SAL_WARN("xmlsecurity.helper", "no certificate selected");
264 return false;
265 }
266
267 // GPG or X509 key?
268 uno::Reference< lang::XServiceInfo > xServiceInfo(xSecurityContext, uno::UNO_QUERY);
269 if (xServiceInfo->getImplementationName() == "com.sun.star.xml.security.gpg.XMLSecurityContext_GpgImpl")
270 {
271 // GPG keys only really have PGPKeyId and PGPKeyPacket
272 if (!mxStore.is())
273 {
274 SAL_WARN("xmlsecurity.helper", "cannot sign pdfs with GPG keys");
275 return false;
276 }
277
278 maSignatureHelper.StartMission(xSecurityContext);
279
280 nSecurityId = maSignatureHelper.GetNewSecurityId();
281
282 OUStringBuffer aStrBuffer;
283 sax::Converter::encodeBase64(aStrBuffer, xCert->getEncoded());
284
285 OUString aKeyId;
286 if (auto pCertificate = dynamic_cast<xmlsecurity::Certificate*>(xCert.get()))
287 {
288 OUStringBuffer aBuffer;
289 sax::Converter::encodeBase64(aBuffer, pCertificate->getSHA256Thumbprint());
290 aKeyId = aBuffer.makeStringAndClear();
291 }
292 else
293 SAL_WARN("xmlsecurity.helper", "XCertificate implementation without an xmlsecurity::Certificate one");
294
295 maSignatureHelper.SetGpgCertificate(nSecurityId, aKeyId, aStrBuffer.makeStringAndClear(), xCert->getIssuerName());
296 }
297 else
298 {
299 OUString aCertSerial = xmlsecurity::bigIntegerToNumericString(xCert->getSerialNumber());
300 if (aCertSerial.isEmpty())
301 {
302 SAL_WARN("xmlsecurity.helper", "Error in Certificate, problem with serial number!");
303 return false;
304 }
305
306 if (!mxStore.is())
307 {
308 // Something not ZIP based, try PDF.
309 nSecurityId = getPDFSignatureHelper().GetNewSecurityId();
310 getPDFSignatureHelper().SetX509Certificate(xCert);
311 getPDFSignatureHelper().SetDescription(rDescription);
312 uno::Reference<io::XInputStream> xInputStream(mxSignatureStream, uno::UNO_QUERY);
313 if (!getPDFSignatureHelper().Sign(xInputStream, bAdESCompliant))
314 {
315 SAL_WARN("xmlsecurity.helper", "PDFSignatureHelper::Sign() failed");
316 return false;
317 }
318 return true;
319 }
320
321 maSignatureHelper.StartMission(xSecurityContext);
322
323 nSecurityId = maSignatureHelper.GetNewSecurityId();
324
325 OUStringBuffer aStrBuffer;
326 sax::Converter::encodeBase64(aStrBuffer, xCert->getEncoded());
327
328 OUString aCertDigest;
329 if (auto pCertificate = dynamic_cast<xmlsecurity::Certificate*>(xCert.get()))
330 {
331 OUStringBuffer aBuffer;
332 sax::Converter::encodeBase64(aBuffer, pCertificate->getSHA256Thumbprint());
333 aCertDigest = aBuffer.makeStringAndClear();
334 }
335 else
336 SAL_WARN("xmlsecurity.helper", "XCertificate implementation without an xmlsecurity::Certificate one");
337
338 maSignatureHelper.SetX509Certificate(nSecurityId, xCert->getIssuerName(), aCertSerial, aStrBuffer.makeStringAndClear(), aCertDigest);
339
340 }
341
342 uno::Sequence< uno::Reference< security::XCertificate > > aCertPath = xSecurityContext->getSecurityEnvironment()->buildCertificatePath(xCert);
343 const uno::Reference< security::XCertificate >* pCertPath = aCertPath.getConstArray();
344 sal_Int32 nCnt = aCertPath.getLength();
345
346 OUStringBuffer aStrBuffer;
347 for (int i = 0; i < nCnt; i++)
348 {
349 sax::Converter::encodeBase64(aStrBuffer, pCertPath[i]->getEncoded());
350 maSignatureHelper.AddEncapsulatedX509Certificate(aStrBuffer.makeStringAndClear());
351 }
352
353
354 std::vector< OUString > aElements = DocumentSignatureHelper::CreateElementList(mxStore, meSignatureMode, DocumentSignatureAlgorithm::OOo3_2);
355 DocumentSignatureHelper::AppendContentTypes(mxStore, aElements);
356
357 sal_Int32 nElements = aElements.size();
358 for (sal_Int32 n = 0; n < nElements; n++)
359 {
360 bool bBinaryMode = !isXML(aElements[n]);
361 maSignatureHelper.AddForSigning(nSecurityId, aElements[n], bBinaryMode, bAdESCompliant);
362 }
363
364 maSignatureHelper.SetDateTime(nSecurityId, Date(Date::SYSTEM), tools::Time(tools::Time::SYSTEM));
365 maSignatureHelper.SetDescription(nSecurityId, rDescription);
366
367 // We open a signature stream in which the existing and the new
368 //signature is written. ImplGetSignatureInformation (later in this function) will
369 //then read the stream an will fill maCurrentSignatureInformations. The final signature
370 //is written when the user presses OK. Then only maCurrentSignatureInformation and
371 //a sax writer are used to write the information.
372 SignatureStreamHelper aStreamHelper = ImplOpenSignatureStream(embed::ElementModes::WRITE | embed::ElementModes::TRUNCATE, true);
373
374 if (aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
375 {
376 uno::Reference<io::XOutputStream> xOutputStream(aStreamHelper.xSignatureStream, uno::UNO_QUERY_THROW);
377 uno::Reference<xml::sax::XWriter> xSaxWriter = maSignatureHelper.CreateDocumentHandlerWithHeader(xOutputStream);
378
379 // Export old signatures...
380 uno::Reference<xml::sax::XDocumentHandler> xDocumentHandler(xSaxWriter, uno::UNO_QUERY_THROW);
381 std::size_t nInfos = maCurrentSignatureInformations.size();
382 for (std::size_t n = 0; n < nInfos; n++)
383 XMLSignatureHelper::ExportSignature(xDocumentHandler, maCurrentSignatureInformations[n], bAdESCompliant);
384
385 // Create a new one...
386 maSignatureHelper.CreateAndWriteSignature(xDocumentHandler, bAdESCompliant);
387
388 // That's it...
389 XMLSignatureHelper::CloseDocumentHandler(xDocumentHandler);
390 }
391 else
392 {
393 // OOXML
394
395 // Handle relations.
396 maSignatureHelper.EnsureSignaturesRelation(mxStore, /*bAdd=*/true);
397 // Old signatures + the new one.
398 int nSignatureCount = maCurrentSignatureInformations.size() + 1;
399 maSignatureHelper.ExportSignatureRelations(aStreamHelper.xSignatureStorage, nSignatureCount);
400
401 // Export old signatures.
402 for (std::size_t i = 0; i < maCurrentSignatureInformations.size(); ++i)
403 maSignatureHelper.ExportOOXMLSignature(mxStore, aStreamHelper.xSignatureStorage, maCurrentSignatureInformations[i], i + 1);
404
405 // Create a new signature.
406 maSignatureHelper.CreateAndWriteOOXMLSignature(mxStore, aStreamHelper.xSignatureStorage, nSignatureCount);
407
408 // Flush objects.
409 uno::Reference<embed::XTransactedObject> xTransact(aStreamHelper.xSignatureStorage, uno::UNO_QUERY);
410 xTransact->commit();
411 uno::Reference<io::XOutputStream> xOutputStream(aStreamHelper.xSignatureStream, uno::UNO_QUERY);
412 xOutputStream->closeOutput();
413
414 uno::Reference<io::XTempFile> xTempFile(aStreamHelper.xSignatureStream, uno::UNO_QUERY);
415 SAL_INFO("xmlsecurity.helper", "DocumentSignatureManager::add temporary storage at " << xTempFile->getUri());
416 }
417
418 maSignatureHelper.EndMission();
419 return true;
420 }
421
422 void DocumentSignatureManager::remove(sal_uInt16 nPosition)
423 {
424 if (!mxStore.is())
425 {
426 // Something not ZIP based, try PDF.
427 uno::Reference<io::XInputStream> xInputStream(mxSignatureStream, uno::UNO_QUERY);
428 if (!PDFSignatureHelper::RemoveSignature(xInputStream, nPosition))
429 {
430 SAL_WARN("xmlsecurity.helper", "PDFSignatureHelper::RemoveSignature() failed");
431 return;
432 }
433
434 // Only erase when the removal was successful, it may fail for PDF.
435 // Also, erase the requested and all following signatures, as PDF signatures are always chained.
436 maCurrentSignatureInformations.erase(maCurrentSignatureInformations.begin() + nPosition, maCurrentSignatureInformations.end());
437 return;
438 }
439
440 maCurrentSignatureInformations.erase(maCurrentSignatureInformations.begin() + nPosition);
441
442 // Export all other signatures...
443 SignatureStreamHelper aStreamHelper = ImplOpenSignatureStream(embed::ElementModes::WRITE | embed::ElementModes::TRUNCATE, /*bTempStream=*/true);
444
445 if (aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
446 {
447 uno::Reference<io::XOutputStream> xOutputStream(aStreamHelper.xSignatureStream, uno::UNO_QUERY_THROW);
448 uno::Reference<xml::sax::XWriter> xSaxWriter = maSignatureHelper.CreateDocumentHandlerWithHeader(xOutputStream);
449
450 uno::Reference< xml::sax::XDocumentHandler> xDocumentHandler(xSaxWriter, uno::UNO_QUERY_THROW);
451 std::size_t nInfos = maCurrentSignatureInformations.size();
452 for (std::size_t n = 0 ; n < nInfos ; ++n)
453 XMLSignatureHelper::ExportSignature(xDocumentHandler, maCurrentSignatureInformations[n], false /* ??? */);
454
455 XMLSignatureHelper::CloseDocumentHandler(xDocumentHandler);
456 }
457 else
458 {
459 // OOXML
460
461 // Handle relations.
462 int nSignatureCount = maCurrentSignatureInformations.size();
463 maSignatureHelper.ExportSignatureRelations(aStreamHelper.xSignatureStorage, nSignatureCount);
464
465 // Export old signatures.
466 for (std::size_t i = 0; i < maCurrentSignatureInformations.size(); ++i)
467 maSignatureHelper.ExportOOXMLSignature(mxStore, aStreamHelper.xSignatureStorage, maCurrentSignatureInformations[i], i + 1);
468
469 // Flush objects.
470 uno::Reference<embed::XTransactedObject> xTransact(aStreamHelper.xSignatureStorage, uno::UNO_QUERY);
471 xTransact->commit();
472 uno::Reference<io::XOutputStream> xOutputStream(aStreamHelper.xSignatureStream, uno::UNO_QUERY);
473 xOutputStream->closeOutput();
474
475 uno::Reference<io::XTempFile> xTempFile(aStreamHelper.xSignatureStream, uno::UNO_QUERY);
476 SAL_INFO("xmlsecurity.helper", "DocumentSignatureManager::remove: temporary storage is at " << xTempFile->getUri());
477 }
478 }
479
480 void DocumentSignatureManager::read(bool bUseTempStream, bool bCacheLastSignature)
481 {
482 maCurrentSignatureInformations.clear();
483
484 if (mxStore.is())
485 {
486 // ZIP-based: ODF or OOXML.
487 maSignatureHelper.StartMission(mxSecurityContext);
488
489 SignatureStreamHelper aStreamHelper = ImplOpenSignatureStream(embed::ElementModes::READ, bUseTempStream);
490 if (aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML && aStreamHelper.xSignatureStream.is())
491 {
492 uno::Reference< io::XInputStream > xInputStream(aStreamHelper.xSignatureStream, uno::UNO_QUERY);
493 maSignatureHelper.ReadAndVerifySignature(xInputStream);
494 }
495 else if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML && aStreamHelper.xSignatureStorage.is())
496 maSignatureHelper.ReadAndVerifySignatureStorage(aStreamHelper.xSignatureStorage, bCacheLastSignature);
497 maSignatureHelper.EndMission();
498
499 maCurrentSignatureInformations = maSignatureHelper.GetSignatureInformations();
500 }
501 else
502 {
503 // Something not ZIP based, try PDF.
504 uno::Reference<io::XInputStream> xInputStream(mxSignatureStream, uno::UNO_QUERY);
505 if (getPDFSignatureHelper().ReadAndVerifySignature(xInputStream))
506 maCurrentSignatureInformations = getPDFSignatureHelper().GetSignatureInformations();
507 }
508 }
509
510 void DocumentSignatureManager::write(bool bXAdESCompliantIfODF)
511 {
512 if (!mxStore.is())
513 {
514 // Something not ZIP based, assume PDF, which is written directly in add() already.
515 return;
516 }
517
518 // Export all other signatures...
519 SignatureStreamHelper aStreamHelper = ImplOpenSignatureStream(embed::ElementModes::WRITE|embed::ElementModes::TRUNCATE, false);
520
521 if (aStreamHelper.xSignatureStream.is() && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
522 {
523 // ODF
524 uno::Reference< io::XOutputStream > xOutputStream(aStreamHelper.xSignatureStream, uno::UNO_QUERY);
525 uno::Reference<xml::sax::XWriter> xSaxWriter = maSignatureHelper.CreateDocumentHandlerWithHeader(xOutputStream);
526
527 uno::Reference< xml::sax::XDocumentHandler> xDocumentHandler(xSaxWriter, uno::UNO_QUERY_THROW);
528 std::size_t nInfos = maCurrentSignatureInformations.size();
529 for (std::size_t n = 0 ; n < nInfos ; ++n)
530 XMLSignatureHelper::ExportSignature(xDocumentHandler, maCurrentSignatureInformations[n], bXAdESCompliantIfODF);
531
532 XMLSignatureHelper::CloseDocumentHandler(xDocumentHandler);
533
534 }
535 else if (aStreamHelper.xSignatureStorage.is() && aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
536 {
537 // OOXML
538 std::size_t nSignatureCount = maCurrentSignatureInformations.size();
539 maSignatureHelper.ExportSignatureContentTypes(mxStore, nSignatureCount);
540 if (nSignatureCount > 0)
541 maSignatureHelper.ExportSignatureRelations(aStreamHelper.xSignatureStorage, nSignatureCount);
542 else
543 {
544 // Removing all signatures: then need to remove the signature relation as well.
545 maSignatureHelper.EnsureSignaturesRelation(mxStore, /*bAdd=*/false);
546 // Also remove the whole signature sub-storage: release our read-write reference + remove the element.
547 aStreamHelper = SignatureStreamHelper();
548 mxStore->removeElement("_xmlsignatures");
549 }
550
551 for (std::size_t i = 0; i < nSignatureCount; ++i)
552 maSignatureHelper.ExportOOXMLSignature(mxStore, aStreamHelper.xSignatureStorage, maCurrentSignatureInformations[i], i + 1);
553 }
554
555 // If stream was not provided, we are responsible for committing it....
556 if (!mxSignatureStream.is() && aStreamHelper.xSignatureStorage.is())
557 {
558 uno::Reference<embed::XTransactedObject> xTrans(aStreamHelper.xSignatureStorage, uno::UNO_QUERY);
559 xTrans->commit();
560 }
561 }
562
563 uno::Reference<xml::crypto::XSecurityEnvironment> DocumentSignatureManager::getSecurityEnvironment()
564 {
565 return mxSecurityContext.is() ? mxSecurityContext->getSecurityEnvironment() : uno::Reference<xml::crypto::XSecurityEnvironment>();
566 }
567
568 uno::Reference<xml::crypto::XSecurityEnvironment> DocumentSignatureManager::getGpgSecurityEnvironment()
569 {
570 return mxGpgSecurityContext.is() ? mxGpgSecurityContext->getSecurityEnvironment() : uno::Reference<xml::crypto::XSecurityEnvironment>();
571 }
572
573 uno::Reference<xml::crypto::XXMLSecurityContext> DocumentSignatureManager::getSecurityContext()
574 {
575 return mxSecurityContext;
576 }
577
578 uno::Reference<xml::crypto::XXMLSecurityContext> DocumentSignatureManager::getGpgSecurityContext()
579 {
580 return mxGpgSecurityContext;
581 }
582
583
584 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
FREE OFFICE SUITE