diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:06:44 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:06:44 +0000 |
commit | ed5640d8b587fbcfed7dd7967f3de04b37a76f26 (patch) | |
tree | 7a5f7c6c9d02226d7471cb3cc8fbbf631b415303 /include/svl/sigstruct.hxx | |
parent | Initial commit. (diff) | |
download | libreoffice-upstream.tar.xz libreoffice-upstream.zip |
Adding upstream version 4:7.4.7.upstream/4%7.4.7upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | include/svl/sigstruct.hxx | 177 |
1 files changed, 177 insertions, 0 deletions
diff --git a/include/svl/sigstruct.hxx b/include/svl/sigstruct.hxx new file mode 100644 index 000000000..20cb0ebd2 --- /dev/null +++ b/include/svl/sigstruct.hxx @@ -0,0 +1,177 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#ifndef INCLUDED_XMLSECURITY_INC_SIGSTRUCT_HXX +#define INCLUDED_XMLSECURITY_INC_SIGSTRUCT_HXX + +#include <rtl/ustring.hxx> +#include <com/sun/star/util/DateTime.hpp> +#include <com/sun/star/xml/crypto/SecurityOperationStatus.hpp> +#include <com/sun/star/xml/crypto/DigestID.hpp> +#include <com/sun/star/uno/Sequence.hxx> + +#include <set> +#include <vector> + +namespace com::sun::star::graphic { class XGraphic; } + +/* + * type of reference + */ +enum class SignatureReferenceType +{ + SAMEDOCUMENT = 1, + BINARYSTREAM = 2, + XMLSTREAM = 3 +}; + +struct SignatureReferenceInformation +{ + SignatureReferenceType nType; + OUString ouURI; + // For ODF: XAdES digests (SHA256) or the old SHA1, from css::xml::crypto::DigestID + sal_Int32 nDigestID; + OUString ouDigestValue; + /// Type of the reference: a URI (newer idSignedProperties references) or empty. + OUString ouType; + + SignatureReferenceInformation() : + nType(SignatureReferenceType::SAMEDOCUMENT), + ouURI(""), + nDigestID(css::xml::crypto::DigestID::SHA1), + ouDigestValue("") + { + } + + SignatureReferenceInformation( SignatureReferenceType type, sal_Int32 digestID, const OUString& uri, const OUString& rType ) : + SignatureReferenceInformation() + { + nType = type; + nDigestID = digestID; + ouURI = uri; + ouType = rType; + } +}; + +typedef ::std::vector< SignatureReferenceInformation > SignatureReferenceInformations; + +namespace svl::crypto +{ +/// Specifies the algorithm used for signature generation and validation. +enum class SignatureMethodAlgorithm +{ + RSA, + ECDSA +}; +} + + +struct SignatureInformation +{ + sal_Int32 nSecurityId; + css::xml::crypto::SecurityOperationStatus nStatus; + SignatureReferenceInformations vSignatureReferenceInfors; + struct X509CertInfo + { + OUString X509IssuerName; + OUString X509SerialNumber; + OUString X509Certificate; + /// OOXML certificate SHA-256 digest, empty for ODF except when doing XAdES signature. + OUString CertDigest; + /// The certificate owner (aka subject). + OUString X509Subject; + }; + typedef std::vector<X509CertInfo> X509Data; + // note: at parse time, it's unknown which one is the signing certificate; + // ImplVerifySignatures() figures it out and puts it at the back + std::vector<X509Data> X509Datas; + + X509CertInfo const* GetSigningCertificate() const + { + if (X509Datas.empty()) + { + return nullptr; + } + assert(!X509Datas.back().empty()); + return & X509Datas.back().back(); + } + + OUString ouGpgKeyID; + OUString ouGpgCertificate; + OUString ouGpgOwner; + + OUString ouSignatureValue; + css::util::DateTime stDateTime; + + // XAdES EncapsulatedX509Certificate values + std::set<OUString> maEncapsulatedX509Certificates; + + OUString ouSignatureId; + // signature may contain multiple time stamps - check they're consistent + bool hasInconsistentSigningTime = false; + //We also keep the date and time as string. This is done when this + //structure is created as a result of a XML signature being read. + //When then a signature is added or another removed, then the original + //XML signatures are written again (unless they have been removed). + //If the date time string is converted into the DateTime structure + //then information can be lost because it only holds a fractional + //of a second with an accuracy of one hundredth of second. + //If the string contains + //milliseconds (because the document was created by an application other than OOo) + //and the converted time is written back, then the string looks different + //and the signature is broken. + OUString ouDateTime; + /// The Id attribute of the <SignatureProperty> element that contains the <dc:date>. + OUString ouDateTimePropertyId; + /// Characters of the <dc:description> element inside the signature. + OUString ouDescription; + /// The Id attribute of the <SignatureProperty> element that contains the <dc:description>. + OUString ouDescriptionPropertyId; + /// Valid and invalid signature line images + css::uno::Reference<css::graphic::XGraphic> aValidSignatureImage; + css::uno::Reference<css::graphic::XGraphic> aInvalidSignatureImage; + /// Signature Line Id, used to map signatures to their respective signature line images. + OUString ouSignatureLineId; + /// A full OOXML signature for unchanged roundtrip, empty for ODF. + css::uno::Sequence<sal_Int8> aSignatureBytes; + /// For PDF: digest format, from css::xml::crypto::DigestID + sal_Int32 nDigestID; + /// For PDF: has id-aa-signingCertificateV2 as a signed attribute. + bool bHasSigningCertificate; + /// For PDF: the byte range doesn't cover the whole document. + bool bPartialDocumentSignature; + + svl::crypto::SignatureMethodAlgorithm eAlgorithmID; + + SignatureInformation( sal_Int32 nId ) + { + nSecurityId = nId; + nStatus = css::xml::crypto::SecurityOperationStatus_UNKNOWN; + nDigestID = 0; + bHasSigningCertificate = false; + bPartialDocumentSignature = false; + eAlgorithmID = svl::crypto::SignatureMethodAlgorithm::RSA; + } +}; + +typedef ::std::vector< SignatureInformation > SignatureInformations; + +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ |