Adding upstream version 4:7.4.7.upstream/4%7.4.7upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

6 files changed, 827 insertions, 0 deletions

diff --git a/xmlsecurity/inc/framework/saxeventkeeperimpl.hxx b/xmlsecurity/inc/framework/saxeventkeeperimpl.hxx
new file mode 100644
index 000000000..161b9a936
--- /dev/null
+++ b/xmlsecurity/inc/framework/saxeventkeeperimpl.hxx
@@ -0,0 +1,290 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ *   Licensed to the Apache Software Foundation (ASF) under one or more
+ *   contributor license agreements. See the NOTICE file distributed
+ *   with this work for additional information regarding copyright
+ *   ownership. The ASF licenses this file to you under the Apache
+ *   License, Version 2.0 (the "License"); you may not use this file
+ *   except in compliance with the License. You may obtain a copy of
+ *   the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <com/sun/star/xml/crypto/sax/XSecuritySAXEventKeeper.hpp>
+#include <com/sun/star/xml/crypto/sax/XReferenceResolvedBroadcaster.hpp>
+#include <com/sun/star/xml/crypto/sax/XSAXEventKeeperStatusChangeBroadcaster.hpp>
+#include <com/sun/star/xml/sax/XDocumentHandler.hpp>
+#include <com/sun/star/lang/XInitialization.hpp>
+#include <com/sun/star/lang/XServiceInfo.hpp>
+#include <xmlsecuritydllapi.h>
+#include <cppuhelper/implbase.hxx>
+#include <vector>
+#include <memory>
+
+class BufferNode;
+class ElementMark;
+class ElementCollector;
+namespace com::sun::star::xml::crypto::sax { class XSAXEventKeeperStatusChangeListener; }
+namespace com::sun::star::xml::csax { class XCompressedDocumentHandler; }
+namespace com::sun::star::xml::wrapper { class XXMLDocumentWrapper; }
+
+
+class SAXEventKeeperImpl final : public cppu::WeakImplHelper
+<
+    css::xml::crypto::sax::XSecuritySAXEventKeeper,
+    css::xml::crypto::sax::XReferenceResolvedBroadcaster,
+    css::xml::crypto::sax::XSAXEventKeeperStatusChangeBroadcaster,
+    css::xml::sax::XDocumentHandler,
+    css::lang::XInitialization,
+    css::lang::XServiceInfo
+>
+/****** SAXEventKeeperImpl.hxx/CLASS SAXEventKeeperImpl ***********************
+ *
+ *   NAME
+ *  SAXEventKeeperImpl -- SAX events buffer controller
+ *
+ *   FUNCTION
+ *  Controls SAX events to be buffered, and controls buffered SAX events
+ *  to be released.
+ ******************************************************************************/
+{
+private:
+    /*
+     * the XMLDocumentWrapper component which maintains all buffered SAX
+     * in DOM format.
+     */
+    css::uno::Reference< css::xml::wrapper::XXMLDocumentWrapper >
+        m_xXMLDocument;
+
+    /*
+     * the document handler provided by the XMLDocumentWrapper component.
+     */
+    css::uno::Reference< css::xml::sax::XDocumentHandler > m_xDocumentHandler;
+
+    /*
+     * the compressed document handler provided by the XMLDocumentWrapper
+     * component, the handler has more efficient method definition that the
+     * normal document handler.
+     */
+    css::uno::Reference< css::xml::csax::XCompressedDocumentHandler >
+        m_xCompressedDocumentHandler;
+
+    /*
+     * a listener which receives this SAXEventKeeper's status change
+     * notification.
+     * Based on the status changes, the listener can decide whether the
+     * SAXEventKeeper should chain on/chain off the SAX chain, or whether
+     * the SAXEventKeeper is useless any long.
+     */
+    css::uno::Reference< css::xml::crypto::sax::XSAXEventKeeperStatusChangeListener >
+        m_xSAXEventKeeperStatusChangeListener;
+
+    /*
+     * the root node of the BufferNode tree.
+     * the BufferNode tree is used to keep track of all buffered elements,
+     * it has the same structure with the document which maintains those
+     * elements physically.
+     */
+    std::unique_ptr<BufferNode>  m_pRootBufferNode;
+
+    /*
+     * the current active BufferNode.
+     * this is used to keep track the current location in the BufferNode tree,
+     * the next generated BufferNode will become a child BufferNode of it.
+     */
+    BufferNode*  m_pCurrentBufferNode;
+
+    /*
+     * the next Id for a coming ElementMark.
+     * the variable is increased by 1 when a new ElementMark is generated,
+     * in this way, we can promise the Id of any ElementMark is unique.
+     */
+    sal_Int32    m_nNextElementMarkId;
+
+    /*
+     * maintains a collection of all ElementMarks.
+     */
+    std::vector<std::unique_ptr<const ElementMark>> m_vElementMarkBuffers;
+
+    /*
+     * maintains a list of new ElementCollectors that will be created
+     * on the element represented by the next incoming startElement SAX
+     * event.
+     * The reason that such the m_vNewElementCollectors is necessary
+     * is: when an ElementCollector is asked to create, it can't be
+     * created completely at once, because the BufferNode it will be
+     * working on has not been created until the next startElement
+     * SAX event comes.
+     */
+    std::vector< const ElementCollector* > m_vNewElementCollectors;
+
+    /*
+     * maintains the new Blocker that will be created
+     * on the element represented by the next incoming startElement SAX
+     * event.
+     */
+    ElementMark* m_pNewBlocker;
+
+    /*
+     * the document handler to which all received SAX events will be
+     * forwarded.
+     */
+    css::uno::Reference< css::xml::sax::XDocumentHandler > m_xNextHandler;
+
+    /*
+     * the current BufferNode which prevents the SAX events to be
+     * forwarded to the m_xNextHandler.
+     */
+    BufferNode*  m_pCurrentBlockingBufferNode;
+
+    /*
+     * maintains a list of ElementMark that has been asked to release.
+     * Because during processing a request of releasing an ElementMark,
+     * another releasing ElementMark request can be invoked. To avoid
+     * reentering the same method, a such request only add that ElementMark
+     * into this ElementMark list, then all ElementMarks will be processed in
+     * order.
+     */
+    std::vector< sal_Int32 > m_vReleasedElementMarkBuffers;
+
+    /*
+     * a flag to indicate whether the ElementMark releasing process is running.
+     * When a releasing request comes, the assigned ElementMark is added to
+     * the m_vReleasedElementMarkBuffers first, then this flag is checked.
+     * If the ElementMark releasing process is not running, then call that
+     * method.
+     */
+    bool     m_bIsReleasing;
+
+    /*
+     * a flag to indicate whether it is the "Forwarding" mode now.
+     * A "Forwarding" mode means that all received SAX events are from the
+     * XMLDocumentWrapper component, instead of up-stream component in the
+     * SAX chain.
+     * The difference between "Forwarding" mode and normal mode is that:
+     * no SAX events need to be transferred to the XMLDocumentWrapper component
+     * again even if a buffer request happens.
+     */
+    bool     m_bIsForwarding;
+
+    void setCurrentBufferNode(BufferNode* pBufferNode);
+
+    BufferNode* addNewElementMarkBuffers();
+
+    ElementMark* findElementMarkBuffer(sal_Int32 nId) const;
+
+    void removeElementMarkBuffer(sal_Int32 nId);
+
+    OUString printBufferNode(
+        BufferNode const * pBufferNode, sal_Int32 nIndent) const;
+
+    static css::uno::Sequence< css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > >
+        collectChildWorkingElement(BufferNode const * pBufferNode);
+
+    void smashBufferNode(
+        BufferNode* pBufferNode, bool bClearRoot) const;
+
+    static BufferNode* findNextBlockingBufferNode(
+        BufferNode* pStartBufferNode);
+
+    static void diffuse(BufferNode* pBufferNode);
+
+    void releaseElementMarkBuffer();
+
+    void markElementMarkBuffer(sal_Int32 nId);
+
+    sal_Int32 createElementCollector(
+        css::xml::crypto::sax::ElementMarkPriority nPriority,
+        bool bModifyElement,
+        const css::uno::Reference< css::xml::crypto::sax::XReferenceResolvedListener>& xReferenceResolvedListener);
+
+    sal_Int32 createBlocker();
+
+public:
+    SAXEventKeeperImpl();
+    virtual ~SAXEventKeeperImpl() override;
+
+    SAXEventKeeperImpl(const SAXEventKeeperImpl&) = delete;
+    SAXEventKeeperImpl& operator=(const SAXEventKeeperImpl&) = delete;
+
+    /* XSAXEventKeeper */
+    virtual sal_Int32 SAL_CALL addElementCollector(  ) override;
+    virtual void SAL_CALL removeElementCollector( sal_Int32 id ) override;
+    virtual sal_Int32 SAL_CALL addBlocker(  ) override;
+    virtual void SAL_CALL removeBlocker( sal_Int32 id ) override;
+    virtual sal_Bool SAL_CALL isBlocking(  ) override;
+    virtual css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > SAL_CALL
+        getElement( sal_Int32 id ) override;
+    virtual void SAL_CALL setElement(
+        sal_Int32 id,
+        const css::uno::Reference< css::xml::wrapper::XXMLElementWrapper >& aElement ) override;
+    virtual css::uno::Reference<
+        css::xml::sax::XDocumentHandler > SAL_CALL
+        setNextHandler( const css::uno::Reference<
+            css::xml::sax::XDocumentHandler >& xNewHandler ) override;
+    virtual OUString SAL_CALL printBufferNodeTree() override;
+    virtual css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > SAL_CALL
+        getCurrentBlockingNode() override;
+
+    /* XSecuritySAXEventKeeper */
+    virtual sal_Int32 SAL_CALL addSecurityElementCollector(
+        css::xml::crypto::sax::ElementMarkPriority priority,
+        sal_Bool modifyElement ) override;
+    virtual void SAL_CALL setSecurityId( sal_Int32 id, sal_Int32 securityId ) override;
+
+    /* XReferenceResolvedBroadcaster */
+    virtual void SAL_CALL addReferenceResolvedListener(
+        sal_Int32 referenceId,
+        const css::uno::Reference< css::xml::crypto::sax::XReferenceResolvedListener >& listener ) override;
+    virtual void SAL_CALL removeReferenceResolvedListener(
+        sal_Int32 referenceId,
+        const css::uno::Reference< css::xml::crypto::sax::XReferenceResolvedListener >& listener ) override;
+
+    /* XSAXEventKeeperStatusChangeBroadcaster */
+    virtual void SAL_CALL addSAXEventKeeperStatusChangeListener(
+        const css::uno::Reference< css::xml::crypto::sax::XSAXEventKeeperStatusChangeListener >& listener ) override;
+    virtual void SAL_CALL removeSAXEventKeeperStatusChangeListener(
+        const css::uno::Reference< css::xml::crypto::sax::XSAXEventKeeperStatusChangeListener >& listener ) override;
+
+    /* XDocumentHandler */
+    virtual void SAL_CALL startDocument(  ) override;
+    virtual void SAL_CALL endDocument(  ) override;
+    virtual void SAL_CALL startElement(
+        const OUString& aName,
+        const css::uno::Reference< css::xml::sax::XAttributeList >&
+        xAttribs ) override;
+    virtual void SAL_CALL endElement( const OUString& aName ) override;
+    virtual void SAL_CALL characters( const OUString& aChars ) override;
+    virtual void SAL_CALL ignorableWhitespace( const OUString& aWhitespaces ) override;
+    virtual void SAL_CALL processingInstruction(
+        const OUString& aTarget, const OUString& aData ) override;
+    virtual void SAL_CALL setDocumentLocator(
+        const css::uno::Reference< css::xml::sax::XLocator >& xLocator ) override;
+
+    /* XInitialization */
+    virtual void SAL_CALL initialize(
+        const css::uno::Sequence< css::uno::Any >& aArguments ) override;
+
+    /* XServiceInfo */
+    virtual OUString SAL_CALL getImplementationName(  ) override;
+    virtual sal_Bool SAL_CALL supportsService( const OUString& ServiceName ) override;
+    virtual css::uno::Sequence< OUString > SAL_CALL getSupportedServiceNames(  ) override;
+};
+
+/// @throws css::uno::RuntimeException
+OUString SAXEventKeeperImpl_getImplementationName();
+
+/// @throws css::uno::RuntimeException
+css::uno::Sequence< OUString > SAXEventKeeperImpl_getSupportedServiceNames(  );
+
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/framework/securityengine.hxx b/xmlsecurity/inc/framework/securityengine.hxx
new file mode 100644
index 000000000..bebf07306
--- /dev/null
+++ b/xmlsecurity/inc/framework/securityengine.hxx
@@ -0,0 +1,142 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ *   Licensed to the Apache Software Foundation (ASF) under one or more
+ *   contributor license agreements. See the NOTICE file distributed
+ *   with this work for additional information regarding copyright
+ *   ownership. The ASF licenses this file to you under the Apache
+ *   License, Version 2.0 (the "License"); you may not use this file
+ *   except in compliance with the License. You may obtain a copy of
+ *   the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <com/sun/star/xml/crypto/sax/XReferenceResolvedListener.hpp>
+#include <com/sun/star/xml/crypto/sax/XReferenceResolvedBroadcaster.hpp>
+#include <com/sun/star/xml/crypto/sax/XKeyCollector.hpp>
+#include <com/sun/star/xml/crypto/sax/XMissionTaker.hpp>
+#include <com/sun/star/xml/crypto/sax/XSAXEventKeeper.hpp>
+#include <com/sun/star/xml/crypto/XXMLSignature.hpp>
+
+#include <cppuhelper/implbase.hxx>
+
+#include <xmlsecuritydllapi.h>
+
+class SAL_DLLPUBLIC_RTTI SecurityEngine : public cppu::WeakImplHelper
+<
+    css::xml::crypto::sax::XReferenceResolvedListener,
+    css::xml::crypto::sax::XKeyCollector,
+    css::xml::crypto::sax::XMissionTaker
+>
+/****** securityengine.hxx/CLASS SecurityEngine *******************************
+ *
+ *   NAME
+ *  SecurityEngine -- Base class of SignatureEngine and EncryptionEngine
+ *
+ *   FUNCTION
+ *  Maintains common members and methods related with security engine
+ *  operation.
+ ******************************************************************************/
+{
+protected:
+
+    /*
+     * A SAXEventKeeper internally maintains all resources that a security
+     * operation needs. The m_xSAXEventKeeper member is used to release
+     * those resources when the security operation finishes.
+     */
+    css::uno::Reference< css::xml::crypto::sax::XSAXEventKeeper > m_xSAXEventKeeper;
+
+    /*
+     * the id of ElementCollector of the template element.
+     * For a signature, the template element is the Signature element,
+     * for an encryption, the EncryptedData/EncryptedKey element is.
+     */
+    sal_Int32 m_nIdOfTemplateEC;
+
+    /*
+     * remembers how many referenced elements have been buffered completely,
+     * including the key element, template element, and referenced element of
+     * signature.
+     */
+    sal_Int32 m_nNumOfResolvedReferences;
+
+    /*
+     * the id of ElementCollector of the key element.
+     * If a Signature element or EncryptedData/EncryptedKey element has
+     * an internal key sub-element, then this member should be -1
+     */
+    sal_Int32 m_nIdOfKeyEC;
+
+    /*
+     * remembers whether the current operation has finished.
+     */
+    bool      m_bMissionDone;
+
+    /*
+     * the Id of the security entity, a signature or encryption, which is used for
+     * the result listener to identify the entity.
+     */
+    sal_Int32 m_nSecurityId;
+
+    /*
+     * the status of the operation
+     */
+    css::xml::crypto::SecurityOperationStatus m_nStatus;
+
+    /*
+     * the result listener, which will receives the security operation result.
+     */
+    css::uno::Reference< css::uno::XInterface > m_xResultListener;
+
+protected:
+    explicit SecurityEngine();
+    virtual ~SecurityEngine() override {};
+
+    /*
+     * perform the security operation.
+     * Any derived class will implement this method respectively.
+     */
+    /// @throws css::uno::Exception
+    /// @throws css::uno::RuntimeException
+    virtual void tryToPerform( ){};
+
+    /*
+     * clear up all resources used by this operation.
+     * This method is called after the operation finishes, or a End-Your-Mission
+     * message is received.
+     * Any derived class will implement this method respectively.
+     */
+    virtual void clearUp( ) const {};
+
+        /*
+         * notifies any possible result listener.
+         * When verify a signature or conduct a decryption, the operation result will
+         * be transferred to a listener by this method.
+     * Any derived class will implement this method respectively.
+         */
+    /// @throws css::uno::Exception
+    /// @throws css::uno::RuntimeException
+    virtual void notifyResultListener() const
+        {};
+
+public:
+    /* XReferenceResolvedListener */
+    virtual void SAL_CALL referenceResolved( sal_Int32 referenceId ) override;
+
+    /* XKeyCollector */
+    virtual void SAL_CALL setKeyId( sal_Int32 id ) override;
+
+        /* XMissionTaker */
+        virtual sal_Bool SAL_CALL endMission(  ) override;
+};
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/framework/signaturecreatorimpl.hxx b/xmlsecurity/inc/framework/signaturecreatorimpl.hxx
new file mode 100644
index 000000000..d0fc1dc33
--- /dev/null
+++ b/xmlsecurity/inc/framework/signaturecreatorimpl.hxx
@@ -0,0 +1,96 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ *   Licensed to the Apache Software Foundation (ASF) under one or more
+ *   contributor license agreements. See the NOTICE file distributed
+ *   with this work for additional information regarding copyright
+ *   ownership. The ASF licenses this file to you under the Apache
+ *   License, Version 2.0 (the "License"); you may not use this file
+ *   except in compliance with the License. You may obtain a copy of
+ *   the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <com/sun/star/xml/crypto/sax/XBlockerMonitor.hpp>
+#include <com/sun/star/xml/crypto/sax/XSignatureCreationResultBroadcaster.hpp>
+#include <com/sun/star/lang/XInitialization.hpp>
+#include <com/sun/star/lang/XServiceInfo.hpp>
+#include <cppuhelper/implbase.hxx>
+
+#include <framework/signatureengine.hxx>
+
+namespace com::sun::star::xml::crypto { class XSecurityEnvironment; }
+namespace com::sun::star::xml::crypto::sax { class XSignatureCreationResultListener;}
+
+typedef cppu::ImplInheritanceHelper
+<
+    SignatureEngine,
+    css::xml::crypto::sax::XBlockerMonitor,
+    css::xml::crypto::sax::XSignatureCreationResultBroadcaster,
+    css::lang::XInitialization,
+    css::lang::XServiceInfo
+> SignatureCreatorImpl_Base;
+
+class SignatureCreatorImpl final : public SignatureCreatorImpl_Base
+/****** SignatureCreatorImpl.hxx/CLASS SignatureCreatorImpl *******************
+ *
+ *   NAME
+ *  SignatureCreatorImpl -- generates a signature
+ *
+ *   FUNCTION
+ *  Collects all resources for a signature generation, then generates the
+ *  signature by invoking a xmlsec-based signature bridge component.
+ ******************************************************************************/
+{
+private:
+    /*
+     * the Id of template blocker.
+     */
+    sal_Int32 m_nIdOfBlocker;
+
+    css::uno::Reference< css::xml::crypto::XSecurityEnvironment > m_xSecurityEnvironment;
+
+    virtual void notifyResultListener() const override;
+    virtual void clearUp( ) const override;
+    virtual void startEngine( const rtl::Reference<XMLSignatureTemplateImpl>& xSignatureTemplate) override;
+
+public:
+    explicit SignatureCreatorImpl();
+    virtual ~SignatureCreatorImpl() override;
+
+    /* XBlockerMonitor */
+    virtual void SAL_CALL setBlockerId( sal_Int32 id ) override;
+
+    /* XSignatureCreationResultBroadcaster */
+    void SAL_CALL addSignatureCreationResultListener(
+        const css::uno::Reference< css::xml::crypto::sax::XSignatureCreationResultListener >& listener ) override;
+
+    void SAL_CALL removeSignatureCreationResultListener(
+        const css::uno::Reference< css::xml::crypto::sax::XSignatureCreationResultListener >& listener ) override;
+
+    /* XInitialization */
+    virtual void SAL_CALL initialize(
+        const css::uno::Sequence< css::uno::Any >& aArguments ) override;
+
+    /* XServiceInfo */
+    virtual OUString SAL_CALL getImplementationName(  ) override;
+    virtual sal_Bool SAL_CALL supportsService( const OUString& ServiceName ) override;
+    virtual css::uno::Sequence< OUString > SAL_CALL getSupportedServiceNames(  ) override;
+};
+
+/// @throws css::uno::RuntimeException
+OUString SignatureCreatorImpl_getImplementationName();
+
+/// @throws css::uno::RuntimeException
+css::uno::Sequence< OUString > SignatureCreatorImpl_getSupportedServiceNames(  );
+
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/framework/signatureengine.hxx b/xmlsecurity/inc/framework/signatureengine.hxx
new file mode 100644
index 000000000..6446c2f36
--- /dev/null
+++ b/xmlsecurity/inc/framework/signatureengine.hxx
@@ -0,0 +1,116 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ *   Licensed to the Apache Software Foundation (ASF) under one or more
+ *   contributor license agreements. See the NOTICE file distributed
+ *   with this work for additional information regarding copyright
+ *   ownership. The ASF licenses this file to you under the Apache
+ *   License, Version 2.0 (the "License"); you may not use this file
+ *   except in compliance with the License. You may obtain a copy of
+ *   the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <com/sun/star/xml/crypto/sax/XReferenceResolvedListener.hpp>
+#include <com/sun/star/xml/crypto/sax/XReferenceCollector.hpp>
+#include <com/sun/star/xml/crypto/sax/XKeyCollector.hpp>
+#include <com/sun/star/xml/crypto/sax/XMissionTaker.hpp>
+#include <com/sun/star/xml/crypto/XUriBinding.hpp>
+
+#include <cppuhelper/implbase.hxx>
+
+#include <xmlsecuritydllapi.h>
+#include <framework/securityengine.hxx>
+
+#include <vector>
+
+namespace com::sun::star::io { class XInputStream; }
+namespace com::sun::star::xml::crypto { class XXMLSignature; }
+namespace rtl { template <class reference_type> class Reference; }
+
+class XMLSignatureTemplateImpl;
+
+class SignatureEngine : public cppu::ImplInheritanceHelper
+<
+    SecurityEngine,
+    css::xml::crypto::sax::XReferenceCollector,
+    css::xml::crypto::XUriBinding
+>
+/****** signatureengine.hxx/CLASS SignatureEngine *****************************
+ *
+ *   NAME
+ *  SignatureEngine -- Base class of SignatureCreator and SignatureVerifier
+ *
+ *   FUNCTION
+ *  Maintains common members and methods related with signature operation.
+ ******************************************************************************/
+{
+protected:
+
+    /*
+     * the Signature bridge component, which performs signature generation
+     * and verification based on xmlsec library.
+     */
+    css::uno::Reference< css::xml::crypto::XXMLSignature > m_xXMLSignature;
+
+    /*
+     * a collection of ElementCollector's ids. Each ElementCollector
+     * represents one element signed by this signature.
+     */
+    std::vector< sal_Int32 > m_vReferenceIds;
+
+    /*
+     * remembers how many references this signature has.
+     */
+    sal_Int32 m_nTotalReferenceNumber;
+
+    /*
+     * a collection of Uri binding.
+     *
+     * the m_vUris is used to hold the Uri strings, and the m_vXInputStreams is used
+     * to hold corresponding bound XInputStream interface.
+     */
+    std::vector< OUString > m_vUris;
+    std::vector< css::uno::Reference< css::io::XInputStream > > m_vXInputStreams;
+
+protected:
+    explicit SignatureEngine();
+    virtual ~SignatureEngine() override {};
+
+    virtual void tryToPerform( ) override;
+    virtual void clearUp( ) const override;
+    bool checkReady() const;
+
+    /*
+     * starts the main function. This method will be implemented by any sub-class.
+     * For a SignatureCreator, it performs signing operation;
+     * for a SignatureVerifier, verification operation is performed.
+     */
+    /// @throws css::uno::Exception
+    /// @throws css::uno::RuntimeException
+    virtual void startEngine( const rtl::Reference<XMLSignatureTemplateImpl>&)
+        {};
+
+public:
+    /* XReferenceCollector */
+    virtual void SAL_CALL setReferenceCount( sal_Int32 count ) override;
+
+    virtual void SAL_CALL setReferenceId( sal_Int32 id ) override;
+
+    /* XUriBinding */
+    virtual void SAL_CALL setUriBinding(
+        const OUString& uri,
+        const css::uno::Reference< css::io::XInputStream >& aInputStream ) override;
+    virtual css::uno::Reference< css::io::XInputStream >
+        SAL_CALL getUriBinding( const OUString& uri ) override;
+};
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/framework/signatureverifierimpl.hxx b/xmlsecurity/inc/framework/signatureverifierimpl.hxx
new file mode 100644
index 000000000..15c79643e
--- /dev/null
+++ b/xmlsecurity/inc/framework/signatureverifierimpl.hxx
@@ -0,0 +1,88 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ *   Licensed to the Apache Software Foundation (ASF) under one or more
+ *   contributor license agreements. See the NOTICE file distributed
+ *   with this work for additional information regarding copyright
+ *   ownership. The ASF licenses this file to you under the Apache
+ *   License, Version 2.0 (the "License"); you may not use this file
+ *   except in compliance with the License. You may obtain a copy of
+ *   the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <com/sun/star/xml/crypto/sax/XSignatureVerifyResultBroadcaster.hpp>
+#include <com/sun/star/lang/XInitialization.hpp>
+#include <com/sun/star/lang/XServiceInfo.hpp>
+#include <cppuhelper/implbase.hxx>
+
+#include <xmlsecuritydllapi.h>
+#include <framework/signatureengine.hxx>
+
+namespace com::sun::star::xml::crypto::sax { class XSignatureVerifyResultListener; }
+namespace com::sun::star::xml::crypto { class XXMLSecurityContext; }
+
+typedef cppu::ImplInheritanceHelper
+<
+    SignatureEngine,
+    css::xml::crypto::sax::XSignatureVerifyResultBroadcaster,
+    css::lang::XInitialization,
+    css::lang::XServiceInfo
+> SignatureVerifierImpl_Base;
+
+class SignatureVerifierImpl final : public SignatureVerifierImpl_Base
+/****** SignatureVerifier.hxx/CLASS SignatureVerifierImpl *********************
+ *
+ *   NAME
+ *  SignatureVerifierImpl -- verifies a signature
+ *
+ *   FUNCTION
+ *  Collects all resources for a signature verification, then verifies the
+ *  signature by invoking a xmlsec-based signature bridge component.
+ ******************************************************************************/
+{
+private:
+    css::uno::Reference< css::xml::crypto::XXMLSecurityContext > m_xXMLSecurityContext;
+
+    virtual void notifyResultListener() const override;
+    virtual void startEngine( const rtl::Reference<XMLSignatureTemplateImpl>& xSignatureTemplate) override;
+
+public:
+    explicit SignatureVerifierImpl();
+    virtual ~SignatureVerifierImpl() override;
+
+    /* XSignatureVerifyResultBroadcaster */
+    virtual void SAL_CALL addSignatureVerifyResultListener(
+        const css::uno::Reference< css::xml::crypto::sax::XSignatureVerifyResultListener >& listener ) override;
+    virtual void SAL_CALL removeSignatureVerifyResultListener(
+        const css::uno::Reference< css::xml::crypto::sax::XSignatureVerifyResultListener >& listener ) override;
+
+    /* XInitialization */
+    virtual void SAL_CALL initialize(
+        const css::uno::Sequence< css::uno::Any >& aArguments ) override;
+
+    /* XServiceInfo */
+    virtual OUString SAL_CALL getImplementationName(  ) override;
+    virtual sal_Bool SAL_CALL supportsService( const OUString& ServiceName ) override;
+    virtual css::uno::Sequence< OUString > SAL_CALL getSupportedServiceNames(  ) override;
+
+    void updateSignature( const css::uno::Reference< css::xml::crypto::XXMLSignature >& xSignature,
+                          const css::uno::Reference< css::xml::crypto::XXMLSecurityContext >& xContext ) { m_xXMLSignature = xSignature; m_xXMLSecurityContext = xContext; }
+};
+
+/// @throws css::uno::RuntimeException
+OUString SignatureVerifierImpl_getImplementationName();
+
+/// @throws css::uno::RuntimeException
+css::uno::Sequence< OUString > SignatureVerifierImpl_getSupportedServiceNames(  );
+
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/framework/xmlsignaturetemplateimpl.hxx b/xmlsecurity/inc/framework/xmlsignaturetemplateimpl.hxx
new file mode 100644
index 000000000..c0dee1173
--- /dev/null
+++ b/xmlsecurity/inc/framework/xmlsignaturetemplateimpl.hxx
@@ -0,0 +1,95 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ *   Licensed to the Apache Software Foundation (ASF) under one or more
+ *   contributor license agreements. See the NOTICE file distributed
+ *   with this work for additional information regarding copyright
+ *   ownership. The ASF licenses this file to you under the Apache
+ *   License, Version 2.0 (the "License"); you may not use this file
+ *   except in compliance with the License. You may obtain a copy of
+ *   the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <sal/config.h>
+#include <rtl/ustring.hxx>
+#include <cppuhelper/implbase.hxx>
+
+#include <com/sun/star/uno/Reference.hxx>
+
+#include <com/sun/star/lang/XServiceInfo.hpp>
+#include <com/sun/star/xml/crypto/XXMLSignatureTemplate.hpp>
+
+#include <vector>
+
+namespace com::sun::star::lang { class XMultiServiceFactory; }
+namespace com::sun::star::xml::wrapper { class XXMLElementWrapper; }
+
+class XMLSignatureTemplateImpl final : public ::cppu::WeakImplHelper<
+    css::xml::crypto::XXMLSignatureTemplate ,
+    css::lang::XServiceInfo >
+{
+    private:
+        css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > m_xTemplate ;
+        std::vector< css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > > targets;
+        css::uno::Reference< css::xml::crypto::XUriBinding > m_xUriBinding;
+        css::xml::crypto::SecurityOperationStatus m_nStatus;
+
+    public:
+        explicit XMLSignatureTemplateImpl();
+        virtual ~XMLSignatureTemplateImpl() override;
+
+        //Methods from XXMLSignatureTemplate
+        virtual void SAL_CALL setTemplate(
+            const css::uno::Reference< css::xml::wrapper::XXMLElementWrapper >& aXmlElement
+            ) override;
+
+        virtual css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > SAL_CALL getTemplate(
+        ) override;
+
+        virtual void SAL_CALL setTarget(
+            const css::uno::Reference< css::xml::wrapper::XXMLElementWrapper >& aXmlElement
+        ) override;
+
+        virtual css::uno::Sequence< css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > > SAL_CALL getTargets(
+        ) override;
+
+        virtual void SAL_CALL setBinding(
+            const css::uno::Reference< css::xml::crypto::XUriBinding >& aUriBinding ) override;
+        virtual css::uno::Reference< css::xml::crypto::XUriBinding >
+            SAL_CALL getBinding(  ) override;
+
+        virtual void SAL_CALL setStatus(
+            css::xml::crypto::SecurityOperationStatus status ) override;
+        virtual css::xml::crypto::SecurityOperationStatus
+            SAL_CALL getStatus(  ) override;
+
+        //Methods from XServiceInfo
+        virtual OUString SAL_CALL getImplementationName() override ;
+
+        virtual sal_Bool SAL_CALL supportsService(
+            const OUString& ServiceName
+        ) override ;
+
+        virtual css::uno::Sequence< OUString > SAL_CALL getSupportedServiceNames() override ;
+
+        //Helper for XServiceInfo
+        static css::uno::Sequence< OUString > impl_getSupportedServiceNames() ;
+
+        /// @throws css::uno::RuntimeException
+        static OUString impl_getImplementationName() ;
+
+        //Helper for registry
+        /// @throws css::uno::RuntimeException
+        static css::uno::Reference< css::uno::XInterface > impl_createInstance( const css::uno::Reference< css::lang::XMultiServiceFactory >& aServiceManager ) ;
+};
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */