summaryrefslogtreecommitdiffstats
path: root/xmlsecurity/inc
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:06:44 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:06:44 +0000
commited5640d8b587fbcfed7dd7967f3de04b37a76f26 (patch)
tree7a5f7c6c9d02226d7471cb3cc8fbbf631b415303 /xmlsecurity/inc
parentInitial commit. (diff)
downloadlibreoffice-cb75148ebd0135178ff46f89a30139c44f8d2040.tar.xz
libreoffice-cb75148ebd0135178ff46f89a30139c44f8d2040.zip
Adding upstream version 4:7.4.7.upstream/4%7.4.7upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'xmlsecurity/inc')
-rw-r--r--xmlsecurity/inc/UriBindingHelper.hxx51
-rw-r--r--xmlsecurity/inc/biginteger.hxx51
-rw-r--r--xmlsecurity/inc/bitmaps.hlst21
-rw-r--r--xmlsecurity/inc/certificate.hxx43
-rw-r--r--xmlsecurity/inc/certificatechooser.hxx96
-rw-r--r--xmlsecurity/inc/certificateviewer.hxx158
-rw-r--r--xmlsecurity/inc/digitalsignaturesdialog.hxx126
-rw-r--r--xmlsecurity/inc/documentsignaturehelper.hxx104
-rw-r--r--xmlsecurity/inc/documentsignaturemanager.hxx135
-rw-r--r--xmlsecurity/inc/framework/saxeventkeeperimpl.hxx290
-rw-r--r--xmlsecurity/inc/framework/securityengine.hxx142
-rw-r--r--xmlsecurity/inc/framework/signaturecreatorimpl.hxx96
-rw-r--r--xmlsecurity/inc/framework/signatureengine.hxx116
-rw-r--r--xmlsecurity/inc/framework/signatureverifierimpl.hxx88
-rw-r--r--xmlsecurity/inc/framework/xmlsignaturetemplateimpl.hxx95
-rw-r--r--xmlsecurity/inc/gpg/SEInitializer.hxx47
-rw-r--r--xmlsecurity/inc/gpg/xmlsignature_gpgimpl.hxx77
-rw-r--r--xmlsecurity/inc/macrosecurity.hxx126
-rw-r--r--xmlsecurity/inc/pch/precompiled_xmlsecurity.cxx12
-rw-r--r--xmlsecurity/inc/pch/precompiled_xmlsecurity.hxx201
-rw-r--r--xmlsecurity/inc/pch/precompiled_xsec_xmlsec.cxx12
-rw-r--r--xmlsecurity/inc/pch/precompiled_xsec_xmlsec.hxx149
-rw-r--r--xmlsecurity/inc/pdfsignaturehelper.hxx73
-rw-r--r--xmlsecurity/inc/resourcemanager.hxx26
-rw-r--r--xmlsecurity/inc/strings.hrc67
-rw-r--r--xmlsecurity/inc/xmlsec-wrapper.h47
-rw-r--r--xmlsecurity/inc/xmlsec/errorcallback.hxx30
-rw-r--r--xmlsecurity/inc/xmlsec/saxhelper.hxx85
-rw-r--r--xmlsecurity/inc/xmlsec/xmldocumentwrapper_xmlsecimpl.hxx208
-rw-r--r--xmlsecurity/inc/xmlsec/xmlsec_init.hxx17
-rw-r--r--xmlsecurity/inc/xmlsec/xmlstreamio.hxx39
-rw-r--r--xmlsecurity/inc/xmlsecuritydllapi.h20
-rw-r--r--xmlsecurity/inc/xmlsignaturehelper.hxx176
-rw-r--r--xmlsecurity/inc/xsecctl.hxx408
-rw-r--r--xmlsecurity/inc/xsecxmlsecdllapi.h20
35 files changed, 3452 insertions, 0 deletions
diff --git a/xmlsecurity/inc/UriBindingHelper.hxx b/xmlsecurity/inc/UriBindingHelper.hxx
new file mode 100644
index 000000000..67c9ae69f
--- /dev/null
+++ b/xmlsecurity/inc/UriBindingHelper.hxx
@@ -0,0 +1,51 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed
+ * with this work for additional information regarding copyright
+ * ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <rtl/ustring.hxx>
+
+#include <cppuhelper/implbase.hxx>
+
+#include <com/sun/star/xml/crypto/XUriBinding.hpp>
+
+namespace com::sun::star {
+ namespace io { class XInputStream; }
+ namespace embed { class XStorage; }
+}
+
+// XUriBinding
+
+class UriBindingHelper final : public cppu::WeakImplHelper< css::xml::crypto::XUriBinding >
+{
+private:
+ css::uno::Reference < css::embed::XStorage > mxStorage;
+
+public:
+ UriBindingHelper();
+ explicit UriBindingHelper( const css::uno::Reference < css::embed::XStorage >& rxStorage );
+
+ void SAL_CALL setUriBinding( const OUString& uri, const css::uno::Reference< css::io::XInputStream >& aInputStream ) override;
+
+ css::uno::Reference< css::io::XInputStream > SAL_CALL getUriBinding( const OUString& uri ) override;
+
+ static css::uno::Reference < css::io::XInputStream > OpenInputStream( const css::uno::Reference < css::embed::XStorage >& rxStore, const OUString& rURI );
+};
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/biginteger.hxx b/xmlsecurity/inc/biginteger.hxx
new file mode 100644
index 000000000..fc99320c7
--- /dev/null
+++ b/xmlsecurity/inc/biginteger.hxx
@@ -0,0 +1,51 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed
+ * with this work for additional information regarding copyright
+ * ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <sal/config.h>
+
+#include <string_view>
+
+#include <rtl/ustring.hxx>
+
+#include <com/sun/star/uno/Sequence.h>
+
+#include "xsecxmlsecdllapi.h"
+
+namespace xmlsecurity
+{
+XSECXMLSEC_DLLPUBLIC OUString bigIntegerToNumericString(const css::uno::Sequence<sal_Int8>& serial);
+XSECXMLSEC_DLLPUBLIC css::uno::Sequence<sal_Int8>
+numericStringToBigInteger(std::u16string_view serialNumber);
+
+// DNs read as strings from XML files may need to be mangled for compatibility
+// as NSS and MS CryptoAPI have different string serialisations; if the DN is
+// from an XCertificate it's "native" already and doesn't need to be mangled.
+enum EqualMode
+{
+ NOCOMPAT,
+ COMPAT_2ND,
+ COMPAT_BOTH
+};
+XSECXMLSEC_DLLPUBLIC bool EqualDistinguishedNames(std::u16string_view rName1,
+ std::u16string_view rName2, EqualMode eMode);
+}
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/bitmaps.hlst b/xmlsecurity/inc/bitmaps.hlst
new file mode 100644
index 000000000..2d4ccd0c4
--- /dev/null
+++ b/xmlsecurity/inc/bitmaps.hlst
@@ -0,0 +1,21 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#pragma once
+
+inline constexpr OUStringLiteral BMP_STATE_NOT_VALIDATED = u"xmlecurity/res/notcertificate_40x56.png";
+
+#define BMP_CERT_OK "xmlsecurity/res/certificate_16.png"
+#define BMP_CERT_NOT_OK "xmlsecurity/res/notcertificate_16.png"
+
+inline constexpr OUStringLiteral BMP_SIG_VALID = u"xmlsecurity/res/signet_11x16.png";
+inline constexpr OUStringLiteral BMP_SIG_INVALID = u"svx/res/caution_11x16.png";
+inline constexpr OUStringLiteral BMP_SIG_NOT_VALIDATED = u"xmlsecurity/res/notcertificate_16.png";
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s cinkeys+=0=break: */
diff --git a/xmlsecurity/inc/certificate.hxx b/xmlsecurity/inc/certificate.hxx
new file mode 100644
index 000000000..bd24bcd72
--- /dev/null
+++ b/xmlsecurity/inc/certificate.hxx
@@ -0,0 +1,43 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#pragma once
+
+#include <sal/types.h>
+
+#include <com/sun/star/uno/Sequence.hxx>
+
+namespace svl
+{
+namespace crypto
+{
+enum class SignatureMethodAlgorithm;
+}
+}
+
+namespace xmlsecurity
+{
+/// Extension of css::security::XCertificate for module-internal purposes.
+class SAL_NO_VTABLE SAL_DLLPUBLIC_RTTI Certificate
+{
+public:
+ /// Returns the SHA-256 thumbprint.
+ ///
+ /// @throws css::uno::RuntimeException
+ virtual css::uno::Sequence<sal_Int8> getSHA256Thumbprint() = 0;
+
+ /// Same as getSubjectPublicKeyAlgorithm(), but returns an ID, not a string.
+ virtual svl::crypto::SignatureMethodAlgorithm getSignatureMethodAlgorithm() = 0;
+
+protected:
+ ~Certificate() noexcept = default;
+};
+}
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/certificatechooser.hxx b/xmlsecurity/inc/certificatechooser.hxx
new file mode 100644
index 000000000..8ad4c3190
--- /dev/null
+++ b/xmlsecurity/inc/certificatechooser.hxx
@@ -0,0 +1,96 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed
+ * with this work for additional information regarding copyright
+ * ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <com/sun/star/uno/Sequence.hxx>
+#include <vcl/weld.hxx>
+#include <unotools/resmgr.hxx>
+
+namespace com::sun::star {
+ namespace security { class XCertificate; }
+ namespace xml::crypto {
+ class XSecurityEnvironment;
+ }
+}
+
+namespace com::sun::star::xml::crypto { class XXMLSecurityContext; }
+
+struct UserData
+{
+ css::uno::Reference<css::security::XCertificate> xCertificate;
+ css::uno::Reference<css::xml::crypto::XXMLSecurityContext> xSecurityContext;
+ css::uno::Reference<css::xml::crypto::XSecurityEnvironment> xSecurityEnvironment;
+};
+
+enum class UserAction
+{
+ Sign,
+ SelectSign, // Select signing certificate
+ Encrypt
+};
+
+class CertificateChooser final : public weld::GenericDialogController
+{
+private:
+ std::vector< css::uno::Reference< css::xml::crypto::XXMLSecurityContext > > mxSecurityContexts;
+ std::vector<std::shared_ptr<UserData>> mvUserData;
+
+ bool mbInitialized;
+ UserAction const meAction;
+ OUString msPreferredKey;
+ css::uno::Reference<css::security::XCertificate> mxEncryptToSelf;
+
+ std::unique_ptr<weld::Label> m_xFTSign;
+ std::unique_ptr<weld::Label> m_xFTEncrypt;
+ std::unique_ptr<weld::TreeView> m_xCertLB;
+ std::unique_ptr<weld::Button> m_xViewBtn;
+ std::unique_ptr<weld::Button> m_xOKBtn;
+ std::unique_ptr<weld::Label> m_xFTDescription;
+ std::unique_ptr<weld::Entry> m_xDescriptionED;
+
+ DECL_LINK(ViewButtonHdl, weld::Button&, void);
+ DECL_LINK(CertificateHighlightHdl, weld::TreeView&, void);
+ DECL_LINK(CertificateSelectHdl, weld::TreeView&, bool);
+
+ void ImplShowCertificateDetails();
+ void ImplInitialize();
+
+ static void HandleOneUsageBit(OUString& string, int& bits, int bit, TranslateId name);
+
+public:
+ CertificateChooser(weld::Window* pParent,
+ std::vector< css::uno::Reference< css::xml::crypto::XXMLSecurityContext > > && rxSecurityContexts,
+ UserAction eAction);
+ virtual ~CertificateChooser() override;
+
+ short run() override;
+
+ css::uno::Sequence<css::uno::Reference< css::security::XCertificate > > GetSelectedCertificates();
+ css::uno::Reference< css::xml::crypto::XXMLSecurityContext > GetSelectedSecurityContext() const;
+ /// Gets the description string provided when selecting the certificate.
+ OUString GetDescription() const;
+
+ /// Returns the usage string of the selected certificate, if any.
+ OUString GetUsageText();
+
+ static OUString UsageInClearText(int bits);
+};
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/certificateviewer.hxx b/xmlsecurity/inc/certificateviewer.hxx
new file mode 100644
index 000000000..ea47c4102
--- /dev/null
+++ b/xmlsecurity/inc/certificateviewer.hxx
@@ -0,0 +1,158 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed
+ * with this work for additional information regarding copyright
+ * ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <vcl/weld.hxx>
+
+namespace com::sun::star {
+ namespace security { class XCertificate; }
+ namespace xml::crypto { class XSecurityEnvironment; }
+}
+
+class CertificateViewerGeneralTP;
+class CertificateViewerDetailsTP;
+class CertificateViewerCertPathTP;
+class CertificateChooser;
+
+class CertificateViewer final : public weld::GenericDialogController
+{
+private:
+ friend class CertificateViewerGeneralTP;
+ friend class CertificateViewerDetailsTP;
+ friend class CertificateViewerCertPathTP;
+
+ bool const mbCheckForPrivateKey;
+
+ css::uno::Reference< css::xml::crypto::XSecurityEnvironment > mxSecurityEnvironment;
+ css::uno::Reference< css::security::XCertificate > mxCert;
+
+ CertificateChooser* mpParentChooser;
+
+ std::unique_ptr<weld::Notebook> mxTabCtrl;
+
+ std::unique_ptr<CertificateViewerGeneralTP> mxGeneralPage;
+ std::unique_ptr<CertificateViewerDetailsTP> mxDetailsPage;
+ std::unique_ptr<CertificateViewerCertPathTP> mxPathId;
+
+ DECL_LINK(ActivatePageHdl, const OString&, void);
+
+public:
+ CertificateViewer(weld::Window* pParent, const css::uno::Reference< css::xml::crypto::XSecurityEnvironment >& rxSecurityEnvironment, const css::uno::Reference< css::security::XCertificate >& rXCert, bool bCheckForPrivateKey, CertificateChooser* pParentChooser);
+ CertificateChooser* GetParentChooser() { return mpParentChooser; }
+};
+
+class CertificateViewerTP
+{
+protected:
+ std::unique_ptr<weld::Builder> mxBuilder;
+ std::unique_ptr<weld::Container> mxContainer;
+ CertificateViewer* mpDlg;
+
+public:
+ CertificateViewerTP(weld::Container* pParent, const OUString& rUIXMLDescription,
+ const OString& rID, CertificateViewer* pDlg);
+};
+
+class CertificateViewerGeneralTP : public CertificateViewerTP
+{
+private:
+ std::unique_ptr<weld::Image> m_xCertImg;
+ std::unique_ptr<weld::Label> m_xHintNotTrustedFT;
+ std::unique_ptr<weld::Label> m_xIssuedToLabelFT;
+ std::unique_ptr<weld::Label> m_xIssuedToFT;
+ std::unique_ptr<weld::Label> m_xIssuedByLabelFT;
+ std::unique_ptr<weld::Label> m_xIssuedByFT;
+ std::unique_ptr<weld::Label> m_xValidFromDateFT;
+ std::unique_ptr<weld::Label> m_xValidToDateFT;
+ std::unique_ptr<weld::Image> m_xKeyImg;
+ std::unique_ptr<weld::Label> m_xHintCorrespPrivKeyFT;
+
+public:
+ CertificateViewerGeneralTP(weld::Container* pParent, CertificateViewer* pDlg);
+};
+
+struct Details_UserDatat
+{
+ OUString const maTxt;
+ bool const mbFixedWidthFont;
+
+ Details_UserDatat(const OUString& rTxt, bool bFixedWidthFont)
+ : maTxt(rTxt)
+ , mbFixedWidthFont(bFixedWidthFont)
+ {
+ }
+};
+
+class CertificateViewerDetailsTP : public CertificateViewerTP
+{
+private:
+ std::vector<std::unique_ptr<Details_UserDatat>> m_aUserData;
+
+ std::unique_ptr<weld::TreeView> m_xElementsLB;
+ std::unique_ptr<weld::TextView> m_xValueDetails;
+
+ DECL_LINK(ElementSelectHdl, weld::TreeView&, void);
+ void InsertElement(const OUString& rField, const OUString& rValue,
+ const OUString& rDetails, bool bFixedWidthFont = false);
+public:
+ CertificateViewerDetailsTP(weld::Container* pParent, CertificateViewer* pDlg);
+};
+
+struct CertPath_UserData
+{
+ css::uno::Reference< css::security::XCertificate > mxCert;
+ bool const mbValid;
+
+ CertPath_UserData(css::uno::Reference<css::security::XCertificate> const & xCert, bool bValid)
+ : mxCert(xCert)
+ , mbValid(bValid)
+ {
+ }
+};
+
+class CertificateViewerCertPathTP : public CertificateViewerTP
+{
+private:
+ CertificateViewer* mpParent;
+ bool mbFirstActivateDone;
+
+ std::vector<std::unique_ptr<CertPath_UserData>> maUserData;
+ std::shared_ptr<CertificateViewer> mxCertificateViewer;
+
+ std::unique_ptr<weld::TreeView> mxCertPathLB;
+ std::unique_ptr<weld::TreeIter> mxScratchIter;
+ std::unique_ptr<weld::Button> mxViewCertPB;
+ std::unique_ptr<weld::TextView> mxCertStatusML;
+ std::unique_ptr<weld::Label> mxCertOK;
+ std::unique_ptr<weld::Label> mxCertNotValidated;
+
+ DECL_LINK(ViewCertHdl, weld::Button&, void);
+ DECL_LINK(CertSelectHdl, weld::TreeView&, void);
+ void InsertCert(const weld::TreeIter* pParent, const OUString& _rName,
+ const css::uno::Reference< css::security::XCertificate >& rxCert,
+ bool bValid);
+
+public:
+ CertificateViewerCertPathTP(weld::Container* pParent, CertificateViewer* pDlg);
+ ~CertificateViewerCertPathTP();
+ void ActivatePage();
+};
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/digitalsignaturesdialog.hxx b/xmlsecurity/inc/digitalsignaturesdialog.hxx
new file mode 100644
index 000000000..28ed32ccb
--- /dev/null
+++ b/xmlsecurity/inc/digitalsignaturesdialog.hxx
@@ -0,0 +1,126 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed
+ * with this work for additional information regarding copyright
+ * ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <vcl/weld.hxx>
+#include <com/sun/star/beans/PropertyValue.hpp>
+
+#include "documentsignaturehelper.hxx"
+#include "xmlsignaturehelper.hxx"
+#include "documentsignaturemanager.hxx"
+
+#include <vector>
+
+namespace com::sun::star {
+ namespace lang { class XMultiServiceFactory; }
+ namespace io { class XStream; }
+ namespace embed { class XStorage; }
+ namespace xml::dom { class XDocumentBuilder; }
+}
+
+
+class HeaderBar;
+class CertificateViewer;
+
+class DigitalSignaturesDialog final : public weld::GenericDialogController
+{
+private:
+ DocumentSignatureManager maSignatureManager;
+ bool mbVerifySignatures;
+ bool mbSignaturesChanged;
+
+ OUString const m_sODFVersion;
+ //Signals if the document contains already a document signature. This is only
+ //important when we are signing macros and if the value is true.
+ bool const m_bHasDocumentSignature;
+ bool m_bWarningShowSignMacro;
+
+ bool m_bAdESCompliant;
+
+ std::unique_ptr<weld::Label> m_xHintDocFT;
+ std::unique_ptr<weld::Label> m_xHintBasicFT;
+ std::unique_ptr<weld::Label> m_xHintPackageFT;
+ std::unique_ptr<weld::TreeView> m_xSignaturesLB;
+ std::unique_ptr<weld::Image> m_xSigsValidImg;
+ std::unique_ptr<weld::Label> m_xSigsValidFI;
+ std::unique_ptr<weld::Image> m_xSigsInvalidImg;
+ std::unique_ptr<weld::Label> m_xSigsInvalidFI;
+ std::unique_ptr<weld::Image> m_xSigsNotvalidatedImg;
+ std::unique_ptr<weld::Label> m_xSigsNotvalidatedFI;
+ std::unique_ptr<weld::Image> m_xSigsOldSignatureImg;
+ std::unique_ptr<weld::Label> m_xSigsOldSignatureFI;
+ std::unique_ptr<weld::CheckButton> m_xAdESCompliantCB;
+ std::unique_ptr<weld::Button> m_xViewBtn;
+ std::unique_ptr<weld::Button> m_xAddBtn;
+ std::unique_ptr<weld::Button> m_xRemoveBtn;
+ std::unique_ptr<weld::Button> m_xStartCertMgrBtn;
+ std::unique_ptr<weld::Button> m_xCloseBtn;
+
+ std::shared_ptr<CertificateViewer> m_xViewer;
+ std::shared_ptr<weld::MessageDialog> m_xInfoBox;
+
+ DECL_LINK(AdESCompliantCheckBoxHdl, weld::Toggleable&, void);
+ DECL_LINK(ViewButtonHdl, weld::Button&, void);
+ DECL_LINK(AddButtonHdl, weld::Button&, void);
+ DECL_LINK(RemoveButtonHdl, weld::Button&, void);
+ DECL_LINK(SignatureHighlightHdl, weld::TreeView&, void);
+ DECL_LINK(SignatureSelectHdl, weld::TreeView&, bool);
+ DECL_LINK(StartVerifySignatureHdl, LinkParamNone*, bool);
+ DECL_LINK(OKButtonHdl, weld::Button&, void);
+ DECL_LINK(CertMgrButtonHdl, weld::Button&, void);
+
+ void ImplGetSignatureInformations(bool bUseTempStream, bool bCacheLastSignature);
+ void ImplFillSignaturesBox();
+ void ImplShowSignaturesDetails();
+
+ css::uno::Reference<css::security::XCertificate> getCertificate(const SignatureInformation& rInfo);
+ css::uno::Reference<css::xml::crypto::XSecurityEnvironment> getSecurityEnvironmentForCertificate(
+ const css::uno::Reference<css::security::XCertificate>& xCert);
+
+ //Checks if adding is allowed.
+ //See the spec at specs/www/appwide/security/Electronic_Signatures_and_Security.sxw
+ //(6.6.2)Behaviour with regard to ODF 1.2
+ bool canAdd();
+ bool canRemove();
+
+ bool canAddRemove();
+
+public:
+ DigitalSignaturesDialog(weld::Window* pParent, const css::uno::Reference<
+ css::uno::XComponentContext >& rxCtx, DocumentSignatureMode eMode,
+ bool bReadOnly, const OUString& sODFVersion, bool bHasDocumentSignature);
+ virtual ~DigitalSignaturesDialog() override;
+
+ // Initialize the dialog and the security environment, returns TRUE on success
+ bool Init();
+
+ // Set the storage which should be signed or verified
+ void SetStorage( const css::uno::Reference < css::embed::XStorage >& rxStore );
+ void SetSignatureStream( const css::uno::Reference < css::io::XStream >& rxStream );
+
+ // Execute the dialog...
+ void beforeRun();
+ short run() override;
+
+ // Did signatures change?
+ bool SignaturesChanged() const { return mbSignaturesChanged; }
+};
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/documentsignaturehelper.hxx b/xmlsecurity/inc/documentsignaturehelper.hxx
new file mode 100644
index 000000000..b18ccf103
--- /dev/null
+++ b/xmlsecurity/inc/documentsignaturehelper.hxx
@@ -0,0 +1,104 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed
+ * with this work for additional information regarding copyright
+ * ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <com/sun/star/uno/Reference.h>
+#include <rtl/ustring.hxx>
+#include <svl/sigstruct.hxx>
+
+#include <vector>
+
+namespace com::sun::star {
+ namespace io { class XStream; }
+ namespace embed { class XStorage; }
+}
+
+namespace com::sun::star::xml::sax { class XDocumentHandler; }
+
+enum class DocumentSignatureMode
+{
+ Content,
+ Macros,
+ Package
+};
+
+enum class DocumentSignatureAlgorithm
+{
+ OOo2,
+ OOo3_0,
+ OOo3_2
+};
+
+struct SignatureStreamHelper
+{
+ css::uno::Reference < css::embed::XStorage > xSignatureStorage;
+ css::uno::Reference < css::io::XStream > xSignatureStream;
+ /// If this is embed::StorageFormats::OFOPXML, then it's expected that xSignatureStream is an empty reference.
+ sal_Int32 nStorageFormat;
+
+ SignatureStreamHelper()
+ : nStorageFormat(0)
+ {
+ }
+};
+
+namespace DocumentSignatureHelper
+{
+ SignatureStreamHelper OpenSignatureStream(
+ const css::uno::Reference < css::embed::XStorage >& rxStore, sal_Int32 nOpenMode,
+ DocumentSignatureMode eDocSigMode );
+
+ std::vector< OUString > CreateElementList(
+ const css::uno::Reference < css::embed::XStorage >& rxStore,
+ DocumentSignatureMode eMode,
+ const DocumentSignatureAlgorithm mode);
+
+ bool isODFPre_1_2(const OUString & sODFVersion);
+ bool isOOo3_2_Signature(const SignatureInformation & sigInfo);
+
+ DocumentSignatureAlgorithm getDocumentAlgorithm(
+ const OUString & sODFVersion, const SignatureInformation & sigInfo);
+
+ bool CanSignWithGPG(const css::uno::Reference < css::embed::XStorage >& rxStore,
+ const OUString& sOdfVersion);
+
+ bool checkIfAllFilesAreSigned( const ::std::vector< OUString > & sElementList,
+ const SignatureInformation & sigInfo, const DocumentSignatureAlgorithm alg);
+
+ bool equalsReferenceUriManifestPath(
+ std::u16string_view rUri, std::u16string_view rPath);
+
+ OUString GetDocumentContentSignatureDefaultStreamName();
+ OUString GetScriptingContentSignatureDefaultStreamName();
+ OUString GetPackageSignatureDefaultStreamName();
+
+ /// In case the storage is OOXML, prepend a leading '/' and append content type to the element URIs.
+ void AppendContentTypes(const css::uno::Reference<css::embed::XStorage>& xStorage, std::vector<OUString>& rElements);
+
+ void writeDigestMethod(
+ const css::uno::Reference<css::xml::sax::XDocumentHandler>& xDocumentHandler);
+ void writeSignedProperties(
+ const css::uno::Reference<css::xml::sax::XDocumentHandler>& xDocumentHandler,
+ const SignatureInformation& signatureInfo,
+ const OUString& sDate,
+ const bool bWriteSignatureLineData);
+};
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/documentsignaturemanager.hxx b/xmlsecurity/inc/documentsignaturemanager.hxx
new file mode 100644
index 000000000..06dd200de
--- /dev/null
+++ b/xmlsecurity/inc/documentsignaturemanager.hxx
@@ -0,0 +1,135 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed
+ * with this work for additional information regarding copyright
+ * ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include "xmlsecuritydllapi.h"
+
+#include <memory>
+
+#include <svl/sigstruct.hxx>
+#include "xmlsignaturehelper.hxx"
+#include "documentsignaturehelper.hxx"
+
+#include <com/sun/star/xml/crypto/XSEInitializer.hpp>
+
+namespace com::sun::star
+{
+namespace beans
+{
+struct PropertyValue;
+}
+namespace embed
+{
+class XStorage;
+}
+namespace frame
+{
+class XModel;
+}
+namespace graphic
+{
+class XGraphic;
+}
+namespace uno
+{
+class XComponentContext;
+}
+}
+class PDFSignatureHelper;
+
+/// Manages signatures (addition, removal), used by DigitalSignaturesDialog.
+class XMLSECURITY_DLLPUBLIC DocumentSignatureManager
+{
+private:
+ css::uno::Reference<css::uno::XComponentContext> mxContext;
+ css::uno::Reference<css::embed::XStorage> mxStore;
+ XMLSignatureHelper maSignatureHelper;
+ std::unique_ptr<PDFSignatureHelper> mpPDFSignatureHelper;
+ SignatureInformations maCurrentSignatureInformations;
+ DocumentSignatureMode const meSignatureMode;
+ css::uno::Sequence<css::uno::Sequence<css::beans::PropertyValue>> m_manifest;
+ css::uno::Reference<css::io::XStream> mxSignatureStream;
+ css::uno::Reference<css::frame::XModel> mxModel;
+ css::uno::Reference<css::io::XStream> mxTempSignatureStream;
+ /// Storage containing all OOXML signatures, unused for ODF.
+ css::uno::Reference<css::embed::XStorage> mxTempSignatureStorage;
+ css::uno::Reference<css::xml::crypto::XSEInitializer> mxSEInitializer;
+ css::uno::Reference<css::xml::crypto::XXMLSecurityContext> mxSecurityContext;
+ css::uno::Reference<css::xml::crypto::XSEInitializer> mxGpgSEInitializer;
+ css::uno::Reference<css::xml::crypto::XXMLSecurityContext> mxGpgSecurityContext;
+
+public:
+ DocumentSignatureManager(const css::uno::Reference<css::uno::XComponentContext>& xContext,
+ DocumentSignatureMode eMode);
+ ~DocumentSignatureManager();
+
+ /**
+ * Checks if a particular stream is a valid xml stream. Those are treated
+ * differently when they are signed (c14n transformation)
+ */
+ bool isXML(std::u16string_view rURI);
+ bool readManifest();
+
+ SignatureStreamHelper ImplOpenSignatureStream(sal_Int32 nStreamOpenMode, bool bTempStream);
+ /// Add a new signature, using xCert as a signing certificate, and rDescription as description.
+ bool add(const css::uno::Reference<css::security::XCertificate>& xCert,
+ const css::uno::Reference<css::xml::crypto::XXMLSecurityContext>& xSecurityContext,
+ const OUString& rDescription, sal_Int32& nSecurityId, bool bAdESCompliant,
+ const OUString& rSignatureLineId = OUString(),
+ const css::uno::Reference<css::graphic::XGraphic>& xValidGraphic
+ = css::uno::Reference<css::graphic::XGraphic>(),
+ const css::uno::Reference<css::graphic::XGraphic>& xInvalidGraphic
+ = css::uno::Reference<css::graphic::XGraphic>());
+ /// Remove signature at nPosition.
+ void remove(sal_uInt16 nPosition);
+ /// Read signatures from either a temp stream or the real storage.
+ void read(bool bUseTempStream, bool bCacheLastSignature = true);
+ /// Write signatures back to the persistent storage.
+ void write(bool bXAdESCompliantIfODF);
+ /// Lazy creation of PDF helper.
+ PDFSignatureHelper& getPDFSignatureHelper();
+#if 0
+ // Checks if the document is a kind where it is relevant to distinguish between using XAdES or not
+ bool IsXAdESRelevant();
+#endif
+ /// Attempts to initialize the platform-specific crypto.
+ bool init();
+ /// Get the security environment.
+ css::uno::Reference<css::xml::crypto::XSecurityEnvironment> getSecurityEnvironment();
+ css::uno::Reference<css::xml::crypto::XSecurityEnvironment> getGpgSecurityEnvironment();
+ css::uno::Reference<css::xml::crypto::XXMLSecurityContext> const& getSecurityContext() const;
+ css::uno::Reference<css::xml::crypto::XXMLSecurityContext> const& getGpgSecurityContext() const;
+ void setStore(const css::uno::Reference<css::embed::XStorage>& xStore) { mxStore = xStore; }
+ XMLSignatureHelper& getSignatureHelper() { return maSignatureHelper; }
+ bool hasPDFSignatureHelper() const { return bool(mpPDFSignatureHelper); }
+ void setSignatureStream(const css::uno::Reference<css::io::XStream>& xSignatureStream)
+ {
+ mxSignatureStream = xSignatureStream;
+ }
+ void setModel(const css::uno::Reference<css::frame::XModel>& xModel);
+ const css::uno::Reference<css::embed::XStorage>& getStore() const { return mxStore; }
+ DocumentSignatureMode getSignatureMode() const { return meSignatureMode; }
+ SignatureInformations& getCurrentSignatureInformations()
+ {
+ return maCurrentSignatureInformations;
+ }
+};
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/framework/saxeventkeeperimpl.hxx b/xmlsecurity/inc/framework/saxeventkeeperimpl.hxx
new file mode 100644
index 000000000..161b9a936
--- /dev/null
+++ b/xmlsecurity/inc/framework/saxeventkeeperimpl.hxx
@@ -0,0 +1,290 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed
+ * with this work for additional information regarding copyright
+ * ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <com/sun/star/xml/crypto/sax/XSecuritySAXEventKeeper.hpp>
+#include <com/sun/star/xml/crypto/sax/XReferenceResolvedBroadcaster.hpp>
+#include <com/sun/star/xml/crypto/sax/XSAXEventKeeperStatusChangeBroadcaster.hpp>
+#include <com/sun/star/xml/sax/XDocumentHandler.hpp>
+#include <com/sun/star/lang/XInitialization.hpp>
+#include <com/sun/star/lang/XServiceInfo.hpp>
+#include <xmlsecuritydllapi.h>
+#include <cppuhelper/implbase.hxx>
+#include <vector>
+#include <memory>
+
+class BufferNode;
+class ElementMark;
+class ElementCollector;
+namespace com::sun::star::xml::crypto::sax { class XSAXEventKeeperStatusChangeListener; }
+namespace com::sun::star::xml::csax { class XCompressedDocumentHandler; }
+namespace com::sun::star::xml::wrapper { class XXMLDocumentWrapper; }
+
+
+class SAXEventKeeperImpl final : public cppu::WeakImplHelper
+<
+ css::xml::crypto::sax::XSecuritySAXEventKeeper,
+ css::xml::crypto::sax::XReferenceResolvedBroadcaster,
+ css::xml::crypto::sax::XSAXEventKeeperStatusChangeBroadcaster,
+ css::xml::sax::XDocumentHandler,
+ css::lang::XInitialization,
+ css::lang::XServiceInfo
+>
+/****** SAXEventKeeperImpl.hxx/CLASS SAXEventKeeperImpl ***********************
+ *
+ * NAME
+ * SAXEventKeeperImpl -- SAX events buffer controller
+ *
+ * FUNCTION
+ * Controls SAX events to be buffered, and controls buffered SAX events
+ * to be released.
+ ******************************************************************************/
+{
+private:
+ /*
+ * the XMLDocumentWrapper component which maintains all buffered SAX
+ * in DOM format.
+ */
+ css::uno::Reference< css::xml::wrapper::XXMLDocumentWrapper >
+ m_xXMLDocument;
+
+ /*
+ * the document handler provided by the XMLDocumentWrapper component.
+ */
+ css::uno::Reference< css::xml::sax::XDocumentHandler > m_xDocumentHandler;
+
+ /*
+ * the compressed document handler provided by the XMLDocumentWrapper
+ * component, the handler has more efficient method definition that the
+ * normal document handler.
+ */
+ css::uno::Reference< css::xml::csax::XCompressedDocumentHandler >
+ m_xCompressedDocumentHandler;
+
+ /*
+ * a listener which receives this SAXEventKeeper's status change
+ * notification.
+ * Based on the status changes, the listener can decide whether the
+ * SAXEventKeeper should chain on/chain off the SAX chain, or whether
+ * the SAXEventKeeper is useless any long.
+ */
+ css::uno::Reference< css::xml::crypto::sax::XSAXEventKeeperStatusChangeListener >
+ m_xSAXEventKeeperStatusChangeListener;
+
+ /*
+ * the root node of the BufferNode tree.
+ * the BufferNode tree is used to keep track of all buffered elements,
+ * it has the same structure with the document which maintains those
+ * elements physically.
+ */
+ std::unique_ptr<BufferNode> m_pRootBufferNode;
+
+ /*
+ * the current active BufferNode.
+ * this is used to keep track the current location in the BufferNode tree,
+ * the next generated BufferNode will become a child BufferNode of it.
+ */
+ BufferNode* m_pCurrentBufferNode;
+
+ /*
+ * the next Id for a coming ElementMark.
+ * the variable is increased by 1 when a new ElementMark is generated,
+ * in this way, we can promise the Id of any ElementMark is unique.
+ */
+ sal_Int32 m_nNextElementMarkId;
+
+ /*
+ * maintains a collection of all ElementMarks.
+ */
+ std::vector<std::unique_ptr<const ElementMark>> m_vElementMarkBuffers;
+
+ /*
+ * maintains a list of new ElementCollectors that will be created
+ * on the element represented by the next incoming startElement SAX
+ * event.
+ * The reason that such the m_vNewElementCollectors is necessary
+ * is: when an ElementCollector is asked to create, it can't be
+ * created completely at once, because the BufferNode it will be
+ * working on has not been created until the next startElement
+ * SAX event comes.
+ */
+ std::vector< const ElementCollector* > m_vNewElementCollectors;
+
+ /*
+ * maintains the new Blocker that will be created
+ * on the element represented by the next incoming startElement SAX
+ * event.
+ */
+ ElementMark* m_pNewBlocker;
+
+ /*
+ * the document handler to which all received SAX events will be
+ * forwarded.
+ */
+ css::uno::Reference< css::xml::sax::XDocumentHandler > m_xNextHandler;
+
+ /*
+ * the current BufferNode which prevents the SAX events to be
+ * forwarded to the m_xNextHandler.
+ */
+ BufferNode* m_pCurrentBlockingBufferNode;
+
+ /*
+ * maintains a list of ElementMark that has been asked to release.
+ * Because during processing a request of releasing an ElementMark,
+ * another releasing ElementMark request can be invoked. To avoid
+ * reentering the same method, a such request only add that ElementMark
+ * into this ElementMark list, then all ElementMarks will be processed in
+ * order.
+ */
+ std::vector< sal_Int32 > m_vReleasedElementMarkBuffers;
+
+ /*
+ * a flag to indicate whether the ElementMark releasing process is running.
+ * When a releasing request comes, the assigned ElementMark is added to
+ * the m_vReleasedElementMarkBuffers first, then this flag is checked.
+ * If the ElementMark releasing process is not running, then call that
+ * method.
+ */
+ bool m_bIsReleasing;
+
+ /*
+ * a flag to indicate whether it is the "Forwarding" mode now.
+ * A "Forwarding" mode means that all received SAX events are from the
+ * XMLDocumentWrapper component, instead of up-stream component in the
+ * SAX chain.
+ * The difference between "Forwarding" mode and normal mode is that:
+ * no SAX events need to be transferred to the XMLDocumentWrapper component
+ * again even if a buffer request happens.
+ */
+ bool m_bIsForwarding;
+
+ void setCurrentBufferNode(BufferNode* pBufferNode);
+
+ BufferNode* addNewElementMarkBuffers();
+
+ ElementMark* findElementMarkBuffer(sal_Int32 nId) const;
+
+ void removeElementMarkBuffer(sal_Int32 nId);
+
+ OUString printBufferNode(
+ BufferNode const * pBufferNode, sal_Int32 nIndent) const;
+
+ static css::uno::Sequence< css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > >
+ collectChildWorkingElement(BufferNode const * pBufferNode);
+
+ void smashBufferNode(
+ BufferNode* pBufferNode, bool bClearRoot) const;
+
+ static BufferNode* findNextBlockingBufferNode(
+ BufferNode* pStartBufferNode);
+
+ static void diffuse(BufferNode* pBufferNode);
+
+ void releaseElementMarkBuffer();
+
+ void markElementMarkBuffer(sal_Int32 nId);
+
+ sal_Int32 createElementCollector(
+ css::xml::crypto::sax::ElementMarkPriority nPriority,
+ bool bModifyElement,
+ const css::uno::Reference< css::xml::crypto::sax::XReferenceResolvedListener>& xReferenceResolvedListener);
+
+ sal_Int32 createBlocker();
+
+public:
+ SAXEventKeeperImpl();
+ virtual ~SAXEventKeeperImpl() override;
+
+ SAXEventKeeperImpl(const SAXEventKeeperImpl&) = delete;
+ SAXEventKeeperImpl& operator=(const SAXEventKeeperImpl&) = delete;
+
+ /* XSAXEventKeeper */
+ virtual sal_Int32 SAL_CALL addElementCollector( ) override;
+ virtual void SAL_CALL removeElementCollector( sal_Int32 id ) override;
+ virtual sal_Int32 SAL_CALL addBlocker( ) override;
+ virtual void SAL_CALL removeBlocker( sal_Int32 id ) override;
+ virtual sal_Bool SAL_CALL isBlocking( ) override;
+ virtual css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > SAL_CALL
+ getElement( sal_Int32 id ) override;
+ virtual void SAL_CALL setElement(
+ sal_Int32 id,
+ const css::uno::Reference< css::xml::wrapper::XXMLElementWrapper >& aElement ) override;
+ virtual css::uno::Reference<
+ css::xml::sax::XDocumentHandler > SAL_CALL
+ setNextHandler( const css::uno::Reference<
+ css::xml::sax::XDocumentHandler >& xNewHandler ) override;
+ virtual OUString SAL_CALL printBufferNodeTree() override;
+ virtual css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > SAL_CALL
+ getCurrentBlockingNode() override;
+
+ /* XSecuritySAXEventKeeper */
+ virtual sal_Int32 SAL_CALL addSecurityElementCollector(
+ css::xml::crypto::sax::ElementMarkPriority priority,
+ sal_Bool modifyElement ) override;
+ virtual void SAL_CALL setSecurityId( sal_Int32 id, sal_Int32 securityId ) override;
+
+ /* XReferenceResolvedBroadcaster */
+ virtual void SAL_CALL addReferenceResolvedListener(
+ sal_Int32 referenceId,
+ const css::uno::Reference< css::xml::crypto::sax::XReferenceResolvedListener >& listener ) override;
+ virtual void SAL_CALL removeReferenceResolvedListener(
+ sal_Int32 referenceId,
+ const css::uno::Reference< css::xml::crypto::sax::XReferenceResolvedListener >& listener ) override;
+
+ /* XSAXEventKeeperStatusChangeBroadcaster */
+ virtual void SAL_CALL addSAXEventKeeperStatusChangeListener(
+ const css::uno::Reference< css::xml::crypto::sax::XSAXEventKeeperStatusChangeListener >& listener ) override;
+ virtual void SAL_CALL removeSAXEventKeeperStatusChangeListener(
+ const css::uno::Reference< css::xml::crypto::sax::XSAXEventKeeperStatusChangeListener >& listener ) override;
+
+ /* XDocumentHandler */
+ virtual void SAL_CALL startDocument( ) override;
+ virtual void SAL_CALL endDocument( ) override;
+ virtual void SAL_CALL startElement(
+ const OUString& aName,
+ const css::uno::Reference< css::xml::sax::XAttributeList >&
+ xAttribs ) override;
+ virtual void SAL_CALL endElement( const OUString& aName ) override;
+ virtual void SAL_CALL characters( const OUString& aChars ) override;
+ virtual void SAL_CALL ignorableWhitespace( const OUString& aWhitespaces ) override;
+ virtual void SAL_CALL processingInstruction(
+ const OUString& aTarget, const OUString& aData ) override;
+ virtual void SAL_CALL setDocumentLocator(
+ const css::uno::Reference< css::xml::sax::XLocator >& xLocator ) override;
+
+ /* XInitialization */
+ virtual void SAL_CALL initialize(
+ const css::uno::Sequence< css::uno::Any >& aArguments ) override;
+
+ /* XServiceInfo */
+ virtual OUString SAL_CALL getImplementationName( ) override;
+ virtual sal_Bool SAL_CALL supportsService( const OUString& ServiceName ) override;
+ virtual css::uno::Sequence< OUString > SAL_CALL getSupportedServiceNames( ) override;
+};
+
+/// @throws css::uno::RuntimeException
+OUString SAXEventKeeperImpl_getImplementationName();
+
+/// @throws css::uno::RuntimeException
+css::uno::Sequence< OUString > SAXEventKeeperImpl_getSupportedServiceNames( );
+
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/framework/securityengine.hxx b/xmlsecurity/inc/framework/securityengine.hxx
new file mode 100644
index 000000000..bebf07306
--- /dev/null
+++ b/xmlsecurity/inc/framework/securityengine.hxx
@@ -0,0 +1,142 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed
+ * with this work for additional information regarding copyright
+ * ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <com/sun/star/xml/crypto/sax/XReferenceResolvedListener.hpp>
+#include <com/sun/star/xml/crypto/sax/XReferenceResolvedBroadcaster.hpp>
+#include <com/sun/star/xml/crypto/sax/XKeyCollector.hpp>
+#include <com/sun/star/xml/crypto/sax/XMissionTaker.hpp>
+#include <com/sun/star/xml/crypto/sax/XSAXEventKeeper.hpp>
+#include <com/sun/star/xml/crypto/XXMLSignature.hpp>
+
+#include <cppuhelper/implbase.hxx>
+
+#include <xmlsecuritydllapi.h>
+
+class SAL_DLLPUBLIC_RTTI SecurityEngine : public cppu::WeakImplHelper
+<
+ css::xml::crypto::sax::XReferenceResolvedListener,
+ css::xml::crypto::sax::XKeyCollector,
+ css::xml::crypto::sax::XMissionTaker
+>
+/****** securityengine.hxx/CLASS SecurityEngine *******************************
+ *
+ * NAME
+ * SecurityEngine -- Base class of SignatureEngine and EncryptionEngine
+ *
+ * FUNCTION
+ * Maintains common members and methods related with security engine
+ * operation.
+ ******************************************************************************/
+{
+protected:
+
+ /*
+ * A SAXEventKeeper internally maintains all resources that a security
+ * operation needs. The m_xSAXEventKeeper member is used to release
+ * those resources when the security operation finishes.
+ */
+ css::uno::Reference< css::xml::crypto::sax::XSAXEventKeeper > m_xSAXEventKeeper;
+
+ /*
+ * the id of ElementCollector of the template element.
+ * For a signature, the template element is the Signature element,
+ * for an encryption, the EncryptedData/EncryptedKey element is.
+ */
+ sal_Int32 m_nIdOfTemplateEC;
+
+ /*
+ * remembers how many referenced elements have been buffered completely,
+ * including the key element, template element, and referenced element of
+ * signature.
+ */
+ sal_Int32 m_nNumOfResolvedReferences;
+
+ /*
+ * the id of ElementCollector of the key element.
+ * If a Signature element or EncryptedData/EncryptedKey element has
+ * an internal key sub-element, then this member should be -1
+ */
+ sal_Int32 m_nIdOfKeyEC;
+
+ /*
+ * remembers whether the current operation has finished.
+ */
+ bool m_bMissionDone;
+
+ /*
+ * the Id of the security entity, a signature or encryption, which is used for
+ * the result listener to identify the entity.
+ */
+ sal_Int32 m_nSecurityId;
+
+ /*
+ * the status of the operation
+ */
+ css::xml::crypto::SecurityOperationStatus m_nStatus;
+
+ /*
+ * the result listener, which will receives the security operation result.
+ */
+ css::uno::Reference< css::uno::XInterface > m_xResultListener;
+
+protected:
+ explicit SecurityEngine();
+ virtual ~SecurityEngine() override {};
+
+ /*
+ * perform the security operation.
+ * Any derived class will implement this method respectively.
+ */
+ /// @throws css::uno::Exception
+ /// @throws css::uno::RuntimeException
+ virtual void tryToPerform( ){};
+
+ /*
+ * clear up all resources used by this operation.
+ * This method is called after the operation finishes, or a End-Your-Mission
+ * message is received.
+ * Any derived class will implement this method respectively.
+ */
+ virtual void clearUp( ) const {};
+
+ /*
+ * notifies any possible result listener.
+ * When verify a signature or conduct a decryption, the operation result will
+ * be transferred to a listener by this method.
+ * Any derived class will implement this method respectively.
+ */
+ /// @throws css::uno::Exception
+ /// @throws css::uno::RuntimeException
+ virtual void notifyResultListener() const
+ {};
+
+public:
+ /* XReferenceResolvedListener */
+ virtual void SAL_CALL referenceResolved( sal_Int32 referenceId ) override;
+
+ /* XKeyCollector */
+ virtual void SAL_CALL setKeyId( sal_Int32 id ) override;
+
+ /* XMissionTaker */
+ virtual sal_Bool SAL_CALL endMission( ) override;
+};
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/framework/signaturecreatorimpl.hxx b/xmlsecurity/inc/framework/signaturecreatorimpl.hxx
new file mode 100644
index 000000000..d0fc1dc33
--- /dev/null
+++ b/xmlsecurity/inc/framework/signaturecreatorimpl.hxx
@@ -0,0 +1,96 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed
+ * with this work for additional information regarding copyright
+ * ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <com/sun/star/xml/crypto/sax/XBlockerMonitor.hpp>
+#include <com/sun/star/xml/crypto/sax/XSignatureCreationResultBroadcaster.hpp>
+#include <com/sun/star/lang/XInitialization.hpp>
+#include <com/sun/star/lang/XServiceInfo.hpp>
+#include <cppuhelper/implbase.hxx>
+
+#include <framework/signatureengine.hxx>
+
+namespace com::sun::star::xml::crypto { class XSecurityEnvironment; }
+namespace com::sun::star::xml::crypto::sax { class XSignatureCreationResultListener;}
+
+typedef cppu::ImplInheritanceHelper
+<
+ SignatureEngine,
+ css::xml::crypto::sax::XBlockerMonitor,
+ css::xml::crypto::sax::XSignatureCreationResultBroadcaster,
+ css::lang::XInitialization,
+ css::lang::XServiceInfo
+> SignatureCreatorImpl_Base;
+
+class SignatureCreatorImpl final : public SignatureCreatorImpl_Base
+/****** SignatureCreatorImpl.hxx/CLASS SignatureCreatorImpl *******************
+ *
+ * NAME
+ * SignatureCreatorImpl -- generates a signature
+ *
+ * FUNCTION
+ * Collects all resources for a signature generation, then generates the
+ * signature by invoking a xmlsec-based signature bridge component.
+ ******************************************************************************/
+{
+private:
+ /*
+ * the Id of template blocker.
+ */
+ sal_Int32 m_nIdOfBlocker;
+
+ css::uno::Reference< css::xml::crypto::XSecurityEnvironment > m_xSecurityEnvironment;
+
+ virtual void notifyResultListener() const override;
+ virtual void clearUp( ) const override;
+ virtual void startEngine( const rtl::Reference<XMLSignatureTemplateImpl>& xSignatureTemplate) override;
+
+public:
+ explicit SignatureCreatorImpl();
+ virtual ~SignatureCreatorImpl() override;
+
+ /* XBlockerMonitor */
+ virtual void SAL_CALL setBlockerId( sal_Int32 id ) override;
+
+ /* XSignatureCreationResultBroadcaster */
+ void SAL_CALL addSignatureCreationResultListener(
+ const css::uno::Reference< css::xml::crypto::sax::XSignatureCreationResultListener >& listener ) override;
+
+ void SAL_CALL removeSignatureCreationResultListener(
+ const css::uno::Reference< css::xml::crypto::sax::XSignatureCreationResultListener >& listener ) override;
+
+ /* XInitialization */
+ virtual void SAL_CALL initialize(
+ const css::uno::Sequence< css::uno::Any >& aArguments ) override;
+
+ /* XServiceInfo */
+ virtual OUString SAL_CALL getImplementationName( ) override;
+ virtual sal_Bool SAL_CALL supportsService( const OUString& ServiceName ) override;
+ virtual css::uno::Sequence< OUString > SAL_CALL getSupportedServiceNames( ) override;
+};
+
+/// @throws css::uno::RuntimeException
+OUString SignatureCreatorImpl_getImplementationName();
+
+/// @throws css::uno::RuntimeException
+css::uno::Sequence< OUString > SignatureCreatorImpl_getSupportedServiceNames( );
+
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/framework/signatureengine.hxx b/xmlsecurity/inc/framework/signatureengine.hxx
new file mode 100644
index 000000000..6446c2f36
--- /dev/null
+++ b/xmlsecurity/inc/framework/signatureengine.hxx
@@ -0,0 +1,116 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed
+ * with this work for additional information regarding copyright
+ * ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <com/sun/star/xml/crypto/sax/XReferenceResolvedListener.hpp>
+#include <com/sun/star/xml/crypto/sax/XReferenceCollector.hpp>
+#include <com/sun/star/xml/crypto/sax/XKeyCollector.hpp>
+#include <com/sun/star/xml/crypto/sax/XMissionTaker.hpp>
+#include <com/sun/star/xml/crypto/XUriBinding.hpp>
+
+#include <cppuhelper/implbase.hxx>
+
+#include <xmlsecuritydllapi.h>
+#include <framework/securityengine.hxx>
+
+#include <vector>
+
+namespace com::sun::star::io { class XInputStream; }
+namespace com::sun::star::xml::crypto { class XXMLSignature; }
+namespace rtl { template <class reference_type> class Reference; }
+
+class XMLSignatureTemplateImpl;
+
+class SignatureEngine : public cppu::ImplInheritanceHelper
+<
+ SecurityEngine,
+ css::xml::crypto::sax::XReferenceCollector,
+ css::xml::crypto::XUriBinding
+>
+/****** signatureengine.hxx/CLASS SignatureEngine *****************************
+ *
+ * NAME
+ * SignatureEngine -- Base class of SignatureCreator and SignatureVerifier
+ *
+ * FUNCTION
+ * Maintains common members and methods related with signature operation.
+ ******************************************************************************/
+{
+protected:
+
+ /*
+ * the Signature bridge component, which performs signature generation
+ * and verification based on xmlsec library.
+ */
+ css::uno::Reference< css::xml::crypto::XXMLSignature > m_xXMLSignature;
+
+ /*
+ * a collection of ElementCollector's ids. Each ElementCollector
+ * represents one element signed by this signature.
+ */
+ std::vector< sal_Int32 > m_vReferenceIds;
+
+ /*
+ * remembers how many references this signature has.
+ */
+ sal_Int32 m_nTotalReferenceNumber;
+
+ /*
+ * a collection of Uri binding.
+ *
+ * the m_vUris is used to hold the Uri strings, and the m_vXInputStreams is used
+ * to hold corresponding bound XInputStream interface.
+ */
+ std::vector< OUString > m_vUris;
+ std::vector< css::uno::Reference< css::io::XInputStream > > m_vXInputStreams;
+
+protected:
+ explicit SignatureEngine();
+ virtual ~SignatureEngine() override {};
+
+ virtual void tryToPerform( ) override;
+ virtual void clearUp( ) const override;
+ bool checkReady() const;
+
+ /*
+ * starts the main function. This method will be implemented by any sub-class.
+ * For a SignatureCreator, it performs signing operation;
+ * for a SignatureVerifier, verification operation is performed.
+ */
+ /// @throws css::uno::Exception
+ /// @throws css::uno::RuntimeException
+ virtual void startEngine( const rtl::Reference<XMLSignatureTemplateImpl>&)
+ {};
+
+public:
+ /* XReferenceCollector */
+ virtual void SAL_CALL setReferenceCount( sal_Int32 count ) override;
+
+ virtual void SAL_CALL setReferenceId( sal_Int32 id ) override;
+
+ /* XUriBinding */
+ virtual void SAL_CALL setUriBinding(
+ const OUString& uri,
+ const css::uno::Reference< css::io::XInputStream >& aInputStream ) override;
+ virtual css::uno::Reference< css::io::XInputStream >
+ SAL_CALL getUriBinding( const OUString& uri ) override;
+};
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/framework/signatureverifierimpl.hxx b/xmlsecurity/inc/framework/signatureverifierimpl.hxx
new file mode 100644
index 000000000..15c79643e
--- /dev/null
+++ b/xmlsecurity/inc/framework/signatureverifierimpl.hxx
@@ -0,0 +1,88 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed
+ * with this work for additional information regarding copyright
+ * ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <com/sun/star/xml/crypto/sax/XSignatureVerifyResultBroadcaster.hpp>
+#include <com/sun/star/lang/XInitialization.hpp>
+#include <com/sun/star/lang/XServiceInfo.hpp>
+#include <cppuhelper/implbase.hxx>
+
+#include <xmlsecuritydllapi.h>
+#include <framework/signatureengine.hxx>
+
+namespace com::sun::star::xml::crypto::sax { class XSignatureVerifyResultListener; }
+namespace com::sun::star::xml::crypto { class XXMLSecurityContext; }
+
+typedef cppu::ImplInheritanceHelper
+<
+ SignatureEngine,
+ css::xml::crypto::sax::XSignatureVerifyResultBroadcaster,
+ css::lang::XInitialization,
+ css::lang::XServiceInfo
+> SignatureVerifierImpl_Base;
+
+class SignatureVerifierImpl final : public SignatureVerifierImpl_Base
+/****** SignatureVerifier.hxx/CLASS SignatureVerifierImpl *********************
+ *
+ * NAME
+ * SignatureVerifierImpl -- verifies a signature
+ *
+ * FUNCTION
+ * Collects all resources for a signature verification, then verifies the
+ * signature by invoking a xmlsec-based signature bridge component.
+ ******************************************************************************/
+{
+private:
+ css::uno::Reference< css::xml::crypto::XXMLSecurityContext > m_xXMLSecurityContext;
+
+ virtual void notifyResultListener() const override;
+ virtual void startEngine( const rtl::Reference<XMLSignatureTemplateImpl>& xSignatureTemplate) override;
+
+public:
+ explicit SignatureVerifierImpl();
+ virtual ~SignatureVerifierImpl() override;
+
+ /* XSignatureVerifyResultBroadcaster */
+ virtual void SAL_CALL addSignatureVerifyResultListener(
+ const css::uno::Reference< css::xml::crypto::sax::XSignatureVerifyResultListener >& listener ) override;
+ virtual void SAL_CALL removeSignatureVerifyResultListener(
+ const css::uno::Reference< css::xml::crypto::sax::XSignatureVerifyResultListener >& listener ) override;
+
+ /* XInitialization */
+ virtual void SAL_CALL initialize(
+ const css::uno::Sequence< css::uno::Any >& aArguments ) override;
+
+ /* XServiceInfo */
+ virtual OUString SAL_CALL getImplementationName( ) override;
+ virtual sal_Bool SAL_CALL supportsService( const OUString& ServiceName ) override;
+ virtual css::uno::Sequence< OUString > SAL_CALL getSupportedServiceNames( ) override;
+
+ void updateSignature( const css::uno::Reference< css::xml::crypto::XXMLSignature >& xSignature,
+ const css::uno::Reference< css::xml::crypto::XXMLSecurityContext >& xContext ) { m_xXMLSignature = xSignature; m_xXMLSecurityContext = xContext; }
+};
+
+/// @throws css::uno::RuntimeException
+OUString SignatureVerifierImpl_getImplementationName();
+
+/// @throws css::uno::RuntimeException
+css::uno::Sequence< OUString > SignatureVerifierImpl_getSupportedServiceNames( );
+
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/framework/xmlsignaturetemplateimpl.hxx b/xmlsecurity/inc/framework/xmlsignaturetemplateimpl.hxx
new file mode 100644
index 000000000..c0dee1173
--- /dev/null
+++ b/xmlsecurity/inc/framework/xmlsignaturetemplateimpl.hxx
@@ -0,0 +1,95 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed
+ * with this work for additional information regarding copyright
+ * ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <sal/config.h>
+#include <rtl/ustring.hxx>
+#include <cppuhelper/implbase.hxx>
+
+#include <com/sun/star/uno/Reference.hxx>
+
+#include <com/sun/star/lang/XServiceInfo.hpp>
+#include <com/sun/star/xml/crypto/XXMLSignatureTemplate.hpp>
+
+#include <vector>
+
+namespace com::sun::star::lang { class XMultiServiceFactory; }
+namespace com::sun::star::xml::wrapper { class XXMLElementWrapper; }
+
+class XMLSignatureTemplateImpl final : public ::cppu::WeakImplHelper<
+ css::xml::crypto::XXMLSignatureTemplate ,
+ css::lang::XServiceInfo >
+{
+ private:
+ css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > m_xTemplate ;
+ std::vector< css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > > targets;
+ css::uno::Reference< css::xml::crypto::XUriBinding > m_xUriBinding;
+ css::xml::crypto::SecurityOperationStatus m_nStatus;
+
+ public:
+ explicit XMLSignatureTemplateImpl();
+ virtual ~XMLSignatureTemplateImpl() override;
+
+ //Methods from XXMLSignatureTemplate
+ virtual void SAL_CALL setTemplate(
+ const css::uno::Reference< css::xml::wrapper::XXMLElementWrapper >& aXmlElement
+ ) override;
+
+ virtual css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > SAL_CALL getTemplate(
+ ) override;
+
+ virtual void SAL_CALL setTarget(
+ const css::uno::Reference< css::xml::wrapper::XXMLElementWrapper >& aXmlElement
+ ) override;
+
+ virtual css::uno::Sequence< css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > > SAL_CALL getTargets(
+ ) override;
+
+ virtual void SAL_CALL setBinding(
+ const css::uno::Reference< css::xml::crypto::XUriBinding >& aUriBinding ) override;
+ virtual css::uno::Reference< css::xml::crypto::XUriBinding >
+ SAL_CALL getBinding( ) override;
+
+ virtual void SAL_CALL setStatus(
+ css::xml::crypto::SecurityOperationStatus status ) override;
+ virtual css::xml::crypto::SecurityOperationStatus
+ SAL_CALL getStatus( ) override;
+
+ //Methods from XServiceInfo
+ virtual OUString SAL_CALL getImplementationName() override ;
+
+ virtual sal_Bool SAL_CALL supportsService(
+ const OUString& ServiceName
+ ) override ;
+
+ virtual css::uno::Sequence< OUString > SAL_CALL getSupportedServiceNames() override ;
+
+ //Helper for XServiceInfo
+ static css::uno::Sequence< OUString > impl_getSupportedServiceNames() ;
+
+ /// @throws css::uno::RuntimeException
+ static OUString impl_getImplementationName() ;
+
+ //Helper for registry
+ /// @throws css::uno::RuntimeException
+ static css::uno::Reference< css::uno::XInterface > impl_createInstance( const css::uno::Reference< css::lang::XMultiServiceFactory >& aServiceManager ) ;
+};
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/gpg/SEInitializer.hxx b/xmlsecurity/inc/gpg/SEInitializer.hxx
new file mode 100644
index 000000000..e4da22029
--- /dev/null
+++ b/xmlsecurity/inc/gpg/SEInitializer.hxx
@@ -0,0 +1,47 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#pragma once
+
+#include <com/sun/star/uno/Reference.hxx>
+#include <com/sun/star/uno/Sequence.hxx>
+#include <com/sun/star/lang/XServiceInfo.hpp>
+#include <com/sun/star/xml/crypto/XSEInitializer.hpp>
+
+#include <xsecxmlsecdllapi.h>
+#include <cppuhelper/implbase.hxx>
+
+namespace com::sun::star::xml::crypto { class XXMLSecurityContext; }
+
+class XSECXMLSEC_DLLPUBLIC SEInitializerGpg final : public cppu::WeakImplHelper
+<
+ css::xml::crypto::XSEInitializer,
+ css::lang::XServiceInfo
+>
+{
+public:
+ SEInitializerGpg();
+ virtual ~SEInitializerGpg() override;
+
+ /* XSEInitializer */
+ virtual css::uno::Reference< css::xml::crypto::XXMLSecurityContext >
+ SAL_CALL createSecurityContext( const OUString& ) override;
+
+ virtual void SAL_CALL freeSecurityContext( const css::uno::Reference<
+ css::xml::crypto::XXMLSecurityContext >& securityContext ) override;
+
+ /* XServiceInfo */
+ virtual OUString SAL_CALL getImplementationName( ) override;
+
+ virtual sal_Bool SAL_CALL supportsService( const OUString& ServiceName ) override;
+
+ virtual css::uno::Sequence< OUString > SAL_CALL getSupportedServiceNames( ) override;
+};
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/gpg/xmlsignature_gpgimpl.hxx b/xmlsecurity/inc/gpg/xmlsignature_gpgimpl.hxx
new file mode 100644
index 000000000..906a51d19
--- /dev/null
+++ b/xmlsecurity/inc/gpg/xmlsignature_gpgimpl.hxx
@@ -0,0 +1,77 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed
+ * with this work for additional information regarding copyright
+ * ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <sal/config.h>
+#include <rtl/ustring.hxx>
+#include <xsecxmlsecdllapi.h>
+
+#include <cppuhelper/implbase.hxx>
+
+#include <com/sun/star/uno/Reference.hxx>
+
+#include <com/sun/star/lang/XServiceInfo.hpp>
+#include <com/sun/star/xml/crypto/XXMLSignature.hpp>
+
+namespace com::sun::star::xml::crypto { class XXMLSignatureTemplate; }
+namespace com::sun::star::xml::crypto { class XXMLSecurityContext; }
+namespace com::sun::star::lang { class XMultiServiceFactory; }
+
+
+class XSECXMLSEC_DLLPUBLIC XMLSignature_GpgImpl final : public ::cppu::WeakImplHelper<
+ css::xml::crypto::XXMLSignature ,
+ css::lang::XServiceInfo >
+{
+ public:
+ explicit XMLSignature_GpgImpl();
+ virtual ~XMLSignature_GpgImpl() override ;
+
+ //Methods from XXMLSignature
+ virtual css::uno::Reference< css::xml::crypto::XXMLSignatureTemplate > SAL_CALL generate(
+ const css::uno::Reference< css::xml::crypto::XXMLSignatureTemplate >& aTemplate ,
+ const css::uno::Reference< css::xml::crypto::XSecurityEnvironment >& aEnvironment
+ ) override ;
+
+ virtual css::uno::Reference< css::xml::crypto::XXMLSignatureTemplate > SAL_CALL validate(
+ const css::uno::Reference< css::xml::crypto::XXMLSignatureTemplate >& aTemplate ,
+ const css::uno::Reference< css::xml::crypto::XXMLSecurityContext >& aContext
+ ) override;
+
+ //Methods from XServiceInfo
+ virtual OUString SAL_CALL getImplementationName() override ;
+
+ virtual sal_Bool SAL_CALL supportsService(
+ const OUString& ServiceName
+ ) override ;
+
+ virtual css::uno::Sequence< OUString > SAL_CALL getSupportedServiceNames() override ;
+
+ //Helper for XServiceInfo
+ static css::uno::Sequence< OUString > impl_getSupportedServiceNames() ;
+
+ /// @throws css::uno::RuntimeException
+ static OUString impl_getImplementationName() ;
+
+ //Helper for registry
+ /// @throws css::uno::RuntimeException
+ static css::uno::Reference< css::uno::XInterface > impl_createInstance( const css::uno::Reference< css::lang::XMultiServiceFactory >& aServiceManager ) ;
+} ;
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/macrosecurity.hxx b/xmlsecurity/inc/macrosecurity.hxx
new file mode 100644
index 000000000..233ef2c1d
--- /dev/null
+++ b/xmlsecurity/inc/macrosecurity.hxx
@@ -0,0 +1,126 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed
+ * with this work for additional information regarding copyright
+ * ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <vcl/weld.hxx>
+#include <unotools/securityoptions.hxx>
+
+namespace com::sun::star::xml::crypto { class XSecurityEnvironment; }
+class MacroSecurityTP;
+
+class MacroSecurity final : public weld::GenericDialogController
+{
+private:
+ friend class MacroSecurityLevelTP;
+ friend class MacroSecurityTrustedSourcesTP;
+
+ css::uno::Reference<css::xml::crypto::XSecurityEnvironment> m_xSecurityEnvironment;
+
+ std::unique_ptr<weld::Notebook> m_xTabCtrl;
+ std::unique_ptr<weld::Button> m_xOkBtn;
+ std::unique_ptr<weld::Button> m_xResetBtn;
+
+ std::unique_ptr<MacroSecurityTP> m_xLevelTP;
+ std::unique_ptr<MacroSecurityTP> m_xTrustSrcTP;
+
+ DECL_LINK(ActivatePageHdl, const OString&, void);
+ DECL_LINK(OkBtnHdl, weld::Button&, void);
+public:
+ MacroSecurity(weld::Window* pParent,
+ const css::uno::Reference<css::xml::crypto::XSecurityEnvironment>& rxSecurityEnvironment);
+
+ void EnableReset(bool bEnable = true)
+ {
+ m_xResetBtn->set_sensitive(bEnable);
+ }
+};
+
+class MacroSecurityTP
+{
+protected:
+ std::unique_ptr<weld::Builder> m_xBuilder;
+ std::unique_ptr<weld::Container> m_xContainer;
+
+ MacroSecurity* m_pDlg;
+public:
+ MacroSecurityTP(weld::Container* pParent, const OUString& rUIXMLDescription,
+ const OString& rID, MacroSecurity* pDlg);
+ virtual ~MacroSecurityTP();
+
+ virtual void ActivatePage();
+ virtual void ClosePage() = 0;
+};
+
+class MacroSecurityLevelTP : public MacroSecurityTP
+{
+private:
+ sal_uInt16 mnCurLevel;
+
+ std::unique_ptr<weld::RadioButton> m_xVeryHighRB;
+ std::unique_ptr<weld::RadioButton> m_xHighRB;
+ std::unique_ptr<weld::RadioButton> m_xMediumRB;
+ std::unique_ptr<weld::RadioButton> m_xLowRB;
+ std::unique_ptr<weld::Widget> m_xVHighImg;
+ std::unique_ptr<weld::Widget> m_xHighImg;
+ std::unique_ptr<weld::Widget> m_xMedImg;
+ std::unique_ptr<weld::Widget> m_xLowImg;
+
+ DECL_LINK(RadioButtonHdl, weld::Toggleable&, void);
+public:
+ MacroSecurityLevelTP(weld::Container* pParent, MacroSecurity* pDlg);
+ virtual void ClosePage() override;
+};
+
+class MacroSecurityTrustedSourcesTP : public MacroSecurityTP
+{
+private:
+ std::vector< SvtSecurityOptions::Certificate > m_aTrustedAuthors;
+
+ bool mbAuthorsReadonly;
+ bool mbURLsReadonly;
+
+ std::unique_ptr<weld::Image> m_xTrustCertROFI;
+ std::unique_ptr<weld::TreeView> m_xTrustCertLB;
+ std::unique_ptr<weld::Button> m_xViewCertPB;
+ std::unique_ptr<weld::Button> m_xRemoveCertPB;
+ std::unique_ptr<weld::Image> m_xTrustFileROFI;
+ std::unique_ptr<weld::TreeView> m_xTrustFileLocLB;
+ std::unique_ptr<weld::Button> m_xAddLocPB;
+ std::unique_ptr<weld::Button> m_xRemoveLocPB;
+
+ DECL_LINK(ViewCertPBHdl, weld::Button&, void);
+ DECL_LINK(RemoveCertPBHdl, weld::Button&, void);
+ DECL_LINK(AddLocPBHdl, weld::Button&, void);
+ DECL_LINK(RemoveLocPBHdl, weld::Button&, void);
+ DECL_LINK(TrustCertLBSelectHdl, weld::TreeView&, void);
+ DECL_LINK(TrustFileLocLBSelectHdl, weld::TreeView&, void);
+
+ void FillCertLB(const bool bShowWarnings = false);
+ void ImplCheckButtons();
+ void ShowBrokenCertificateError(std::u16string_view rData);
+
+public:
+ MacroSecurityTrustedSourcesTP(weld::Container* pParent, MacroSecurity* pDlg);
+
+ virtual void ActivatePage() override;
+ virtual void ClosePage() override;
+};
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/pch/precompiled_xmlsecurity.cxx b/xmlsecurity/inc/pch/precompiled_xmlsecurity.cxx
new file mode 100644
index 000000000..16ace305f
--- /dev/null
+++ b/xmlsecurity/inc/pch/precompiled_xmlsecurity.cxx
@@ -0,0 +1,12 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#include "precompiled_xmlsecurity.hxx"
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/pch/precompiled_xmlsecurity.hxx b/xmlsecurity/inc/pch/precompiled_xmlsecurity.hxx
new file mode 100644
index 000000000..21e6b93a9
--- /dev/null
+++ b/xmlsecurity/inc/pch/precompiled_xmlsecurity.hxx
@@ -0,0 +1,201 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+/*
+ This file has been autogenerated by update_pch.sh. It is possible to edit it
+ manually (such as when an include file has been moved/renamed/removed). All such
+ manual changes will be rewritten by the next run of update_pch.sh (which presumably
+ also fixes all possible problems, so it's usually better to use it).
+
+ Generated on 2021-04-11 19:48:55 using:
+ ./bin/update_pch xmlsecurity xmlsecurity --cutoff=6 --exclude:system --include:module --include:local
+
+ If after updating build fails, use the following command to locate conflicting headers:
+ ./bin/update_pch_bisect ./xmlsecurity/inc/pch/precompiled_xmlsecurity.hxx "make xmlsecurity.build" --find-conflicts
+*/
+
+#include <sal/config.h>
+#if PCH_LEVEL >= 1
+#include <algorithm>
+#include <assert.h>
+#include <cassert>
+#include <chrono>
+#include <cmath>
+#include <cstddef>
+#include <cstdlib>
+#include <cstring>
+#include <float.h>
+#include <functional>
+#include <initializer_list>
+#include <iomanip>
+#include <limits.h>
+#include <limits>
+#include <math.h>
+#include <memory>
+#include <new>
+#include <ostream>
+#include <set>
+#include <stddef.h>
+#include <string.h>
+#include <string>
+#include <string_view>
+#include <type_traits>
+#include <unordered_map>
+#include <utility>
+#include <vector>
+#endif // PCH_LEVEL >= 1
+#if PCH_LEVEL >= 2
+#include <osl/diagnose.h>
+#include <osl/doublecheckedlocking.h>
+#include <osl/endian.h>
+#include <osl/file.hxx>
+#include <osl/getglobalmutex.hxx>
+#include <osl/interlck.h>
+#include <osl/mutex.h>
+#include <osl/mutex.hxx>
+#include <osl/thread.h>
+#include <osl/time.h>
+#include <rtl/alloc.h>
+#include <rtl/instance.hxx>
+#include <rtl/locale.h>
+#include <rtl/math.h>
+#include <rtl/ref.hxx>
+#include <rtl/strbuf.hxx>
+#include <rtl/string.h>
+#include <rtl/string.hxx>
+#include <rtl/stringconcat.hxx>
+#include <rtl/stringutils.hxx>
+#include <rtl/textcvt.h>
+#include <rtl/textenc.h>
+#include <rtl/uri.hxx>
+#include <rtl/ustrbuf.hxx>
+#include <rtl/ustring.h>
+#include <rtl/ustring.hxx>
+#include <rtl/uuid.h>
+#include <sal/log.hxx>
+#include <sal/macros.h>
+#include <sal/saldllapi.h>
+#include <sal/types.h>
+#include <sal/typesizes.h>
+#include <vcl/BinaryDataContainer.hxx>
+#include <vcl/Scanline.hxx>
+#include <vcl/alpha.hxx>
+#include <vcl/bitmap.hxx>
+#include <vcl/bitmap/BitmapTypes.hxx>
+#include <vcl/bitmapex.hxx>
+#include <vcl/checksum.hxx>
+#include <vcl/dllapi.h>
+#include <vcl/errcode.hxx>
+#include <vcl/fntstyle.hxx>
+#include <vcl/font.hxx>
+#include <vcl/mapmod.hxx>
+#include <vcl/region.hxx>
+#include <vcl/scopedbitmapaccess.hxx>
+#include <vcl/task.hxx>
+#include <vcl/uitest/factory.hxx>
+#include <vcl/vclenum.hxx>
+#include <vcl/vclptr.hxx>
+#endif // PCH_LEVEL >= 2
+#if PCH_LEVEL >= 3
+#include <basegfx/basegfxdllapi.h>
+#include <basegfx/color/bcolor.hxx>
+#include <basegfx/numeric/ftools.hxx>
+#include <basegfx/point/b2dpoint.hxx>
+#include <basegfx/point/b2ipoint.hxx>
+#include <basegfx/polygon/b2dpolygon.hxx>
+#include <basegfx/polygon/b2dpolypolygon.hxx>
+#include <basegfx/range/b2drange.hxx>
+#include <basegfx/range/b2irange.hxx>
+#include <basegfx/range/basicrange.hxx>
+#include <basegfx/tuple/b2dtuple.hxx>
+#include <basegfx/tuple/b2i64tuple.hxx>
+#include <basegfx/tuple/b2ituple.hxx>
+#include <basegfx/tuple/b3dtuple.hxx>
+#include <basegfx/utils/common.hxx>
+#include <basegfx/vector/b2dvector.hxx>
+#include <basegfx/vector/b2enums.hxx>
+#include <basegfx/vector/b2ivector.hxx>
+#include <com/sun/star/accessibility/XAccessible.hpp>
+#include <com/sun/star/accessibility/XAccessibleRelationSet.hpp>
+#include <com/sun/star/embed/ElementModes.hpp>
+#include <com/sun/star/embed/StorageFormats.hpp>
+#include <com/sun/star/embed/XStorage.hpp>
+#include <com/sun/star/lang/XServiceInfo.hpp>
+#include <com/sun/star/lang/XTypeProvider.hpp>
+#include <com/sun/star/uno/Any.h>
+#include <com/sun/star/uno/Any.hxx>
+#include <com/sun/star/uno/Reference.h>
+#include <com/sun/star/uno/Reference.hxx>
+#include <com/sun/star/uno/RuntimeException.hpp>
+#include <com/sun/star/uno/Sequence.h>
+#include <com/sun/star/uno/Sequence.hxx>
+#include <com/sun/star/uno/Type.h>
+#include <com/sun/star/uno/Type.hxx>
+#include <com/sun/star/uno/TypeClass.hdl>
+#include <com/sun/star/uno/XInterface.hpp>
+#include <com/sun/star/uno/XWeak.hpp>
+#include <com/sun/star/uno/genfunc.h>
+#include <com/sun/star/uno/genfunc.hxx>
+#include <com/sun/star/util/Date.hpp>
+#include <com/sun/star/util/DateTime.hpp>
+#include <com/sun/star/util/XCloneable.hpp>
+#include <com/sun/star/xml/crypto/DigestID.hpp>
+#include <com/sun/star/xml/crypto/SecurityOperationStatus.hpp>
+#include <com/sun/star/xml/crypto/XXMLSignature.hpp>
+#include <com/sun/star/xml/crypto/sax/XReferenceResolvedBroadcaster.hpp>
+#include <com/sun/star/xml/sax/XFastAttributeList.hpp>
+#include <com/sun/star/xml/sax/XFastTokenHandler.hpp>
+#include <comphelper/comphelperdllapi.h>
+#include <cppu/cppudllapi.h>
+#include <cppu/unotype.hxx>
+#include <cppuhelper/cppuhelperdllapi.h>
+#include <cppuhelper/implbase.hxx>
+#include <cppuhelper/implbase_ex.hxx>
+#include <cppuhelper/implbase_ex_post.hxx>
+#include <cppuhelper/implbase_ex_pre.hxx>
+#include <cppuhelper/supportsservice.hxx>
+#include <cppuhelper/weak.hxx>
+#include <i18nlangtag/lang.h>
+#include <o3tl/cow_wrapper.hxx>
+#include <o3tl/strong_int.hxx>
+#include <o3tl/typed_flags_set.hxx>
+#include <o3tl/underlyingenumvalue.hxx>
+#include <salhelper/salhelperdllapi.h>
+#include <salhelper/simplereferenceobject.hxx>
+#include <sax/saxdllapi.h>
+#include <svl/sigstruct.hxx>
+#include <tools/color.hxx>
+#include <tools/date.hxx>
+#include <tools/degree.hxx>
+#include <tools/fldunit.hxx>
+#include <tools/fontenum.hxx>
+#include <tools/gen.hxx>
+#include <tools/link.hxx>
+#include <tools/long.hxx>
+#include <tools/mapunit.hxx>
+#include <tools/solar.h>
+#include <tools/toolsdllapi.h>
+#include <typelib/typeclass.h>
+#include <typelib/typedescription.h>
+#include <typelib/uik.h>
+#include <uno/any2.h>
+#include <uno/data.h>
+#include <uno/sequence2.h>
+#include <unotools/datetime.hxx>
+#include <unotools/options.hxx>
+#include <unotools/unotoolsdllapi.h>
+#include <xmloff/dllapi.h>
+#endif // PCH_LEVEL >= 3
+#if PCH_LEVEL >= 4
+#include <biginteger.hxx>
+#include <xmlsecuritydllapi.h>
+#include <xsecctl.hxx>
+#endif // PCH_LEVEL >= 4
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/pch/precompiled_xsec_xmlsec.cxx b/xmlsecurity/inc/pch/precompiled_xsec_xmlsec.cxx
new file mode 100644
index 000000000..74123c2f1
--- /dev/null
+++ b/xmlsecurity/inc/pch/precompiled_xsec_xmlsec.cxx
@@ -0,0 +1,12 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#include "precompiled_xsec_xmlsec.hxx"
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/pch/precompiled_xsec_xmlsec.hxx b/xmlsecurity/inc/pch/precompiled_xsec_xmlsec.hxx
new file mode 100644
index 000000000..3ed774968
--- /dev/null
+++ b/xmlsecurity/inc/pch/precompiled_xsec_xmlsec.hxx
@@ -0,0 +1,149 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+/*
+ This file has been autogenerated by update_pch.sh. It is possible to edit it
+ manually (such as when an include file has been moved/renamed/removed). All such
+ manual changes will be rewritten by the next run of update_pch.sh (which presumably
+ also fixes all possible problems, so it's usually better to use it).
+
+ Generated on 2021-04-08 13:57:49 using:
+ ./bin/update_pch xmlsecurity xsec_xmlsec --cutoff=2 --exclude:system --include:module --include:local
+
+ If after updating build fails, use the following command to locate conflicting headers:
+ ./bin/update_pch_bisect ./xmlsecurity/inc/pch/precompiled_xsec_xmlsec.hxx "make xmlsecurity.build" --find-conflicts
+*/
+
+#include <sal/config.h>
+#if PCH_LEVEL >= 1
+#include <algorithm>
+#include <cassert>
+#include <chrono>
+#include <cstddef>
+#include <cstdlib>
+#include <initializer_list>
+#include <iomanip>
+#include <limits>
+#include <memory>
+#include <new>
+#include <ostream>
+#ifdef XMLSEC_CRYPTO_NSS
+#include <pk11pub.h>
+#endif
+#include <stddef.h>
+#include <string.h>
+#include <string>
+#include <string_view>
+#include <type_traits>
+#include <utility>
+#include <vector>
+#endif // PCH_LEVEL >= 1
+#if PCH_LEVEL >= 2
+#include <osl/diagnose.h>
+#include <osl/doublecheckedlocking.h>
+#include <osl/file.h>
+#include <osl/file.hxx>
+#include <osl/getglobalmutex.hxx>
+#include <osl/interlck.h>
+#include <osl/mutex.h>
+#include <osl/mutex.hxx>
+#include <osl/thread.h>
+#include <osl/time.h>
+#include <rtl/alloc.h>
+#include <rtl/bootstrap.h>
+#include <rtl/bootstrap.hxx>
+#include <rtl/instance.hxx>
+#include <rtl/malformeduriexception.hxx>
+#include <rtl/random.h>
+#include <rtl/ref.hxx>
+#include <rtl/string.h>
+#include <rtl/string.hxx>
+#include <rtl/stringconcat.hxx>
+#include <rtl/stringutils.hxx>
+#include <rtl/textcvt.h>
+#include <rtl/textenc.h>
+#include <rtl/uri.h>
+#include <rtl/uri.hxx>
+#include <rtl/ustring.h>
+#include <rtl/ustring.hxx>
+#include <rtl/uuid.h>
+#include <sal/log.hxx>
+#include <sal/macros.h>
+#include <sal/saldllapi.h>
+#include <sal/types.h>
+#include <sal/typesizes.h>
+#include <vcl/dllapi.h>
+#include <vcl/errcode.hxx>
+#endif // PCH_LEVEL >= 2
+#if PCH_LEVEL >= 3
+#include <com/sun/star/lang/DisposedException.hpp>
+#include <com/sun/star/lang/IllegalArgumentException.hpp>
+#include <com/sun/star/lang/XServiceInfo.hpp>
+#include <com/sun/star/lang/XTypeProvider.hpp>
+#include <com/sun/star/lang/XUnoTunnel.hpp>
+#include <com/sun/star/uno/Any.h>
+#include <com/sun/star/uno/Any.hxx>
+#include <com/sun/star/uno/Exception.hpp>
+#include <com/sun/star/uno/Reference.h>
+#include <com/sun/star/uno/RuntimeException.hpp>
+#include <com/sun/star/uno/Sequence.h>
+#include <com/sun/star/uno/Sequence.hxx>
+#include <com/sun/star/uno/Type.h>
+#include <com/sun/star/uno/Type.hxx>
+#include <com/sun/star/uno/TypeClass.hdl>
+#include <com/sun/star/uno/XComponentContext.hpp>
+#include <com/sun/star/uno/XInterface.hpp>
+#include <com/sun/star/uno/XWeak.hpp>
+#include <com/sun/star/uno/genfunc.h>
+#include <com/sun/star/uno/genfunc.hxx>
+#include <com/sun/star/util/XCloneable.hpp>
+#include <com/sun/star/xml/csax/XCompressedDocumentHandler.hpp>
+#include <com/sun/star/xml/sax/XAttributeList.hpp>
+#include <com/sun/star/xml/wrapper/XXMLDocumentWrapper.hpp>
+#include <comphelper/servicehelper.hxx>
+#include <cppu/cppudllapi.h>
+#include <cppu/unotype.hxx>
+#include <cppuhelper/cppuhelperdllapi.h>
+#include <cppuhelper/exc_hlp.hxx>
+#include <cppuhelper/implbase.hxx>
+#include <cppuhelper/implbase_ex.hxx>
+#include <cppuhelper/implbase_ex_post.hxx>
+#include <cppuhelper/implbase_ex_pre.hxx>
+#include <cppuhelper/supportsservice.hxx>
+#include <cppuhelper/weak.hxx>
+#include <libxml/tree.h>
+#include <o3tl/typed_flags_set.hxx>
+#include <o3tl/underlyingenumvalue.hxx>
+#include <salhelper/singletonref.hxx>
+#include <tools/lineend.hxx>
+#include <tools/long.hxx>
+#include <tools/ref.hxx>
+#include <tools/stream.hxx>
+#include <tools/toolsdllapi.h>
+#include <typelib/typeclass.h>
+#include <typelib/typedescription.h>
+#include <typelib/uik.h>
+#include <uno/any2.h>
+#include <uno/data.h>
+#include <uno/sequence2.h>
+#include <unotools/unotoolsdllapi.h>
+#include <xmloff/dllapi.h>
+#endif // PCH_LEVEL >= 3
+#if PCH_LEVEL >= 4
+#include <xmlsec-wrapper.h>
+#include <xsecxmlsecdllapi.h>
+#endif // PCH_LEVEL >= 4
+
+// Cleanup windows header macro pollution.
+#if defined(_WIN32) && defined(WINAPI)
+#include <postwin.h>
+#undef RGB
+#endif
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/pdfsignaturehelper.hxx b/xmlsecurity/inc/pdfsignaturehelper.hxx
new file mode 100644
index 000000000..ea24685d2
--- /dev/null
+++ b/xmlsecurity/inc/pdfsignaturehelper.hxx
@@ -0,0 +1,73 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ */
+
+#pragma once
+
+#include "xmlsecuritydllapi.h"
+
+#include <svl/sigstruct.hxx>
+
+namespace com::sun::star
+{
+namespace frame
+{
+class XModel;
+}
+namespace io
+{
+class XInputStream;
+}
+namespace security
+{
+class XCertificate;
+}
+namespace security
+{
+struct DocumentSignatureInformation;
+}
+namespace xml::crypto
+{
+class XSecurityEnvironment;
+}
+}
+class SvStream;
+
+/// Handles signatures of a PDF file.
+class XMLSECURITY_DLLPUBLIC PDFSignatureHelper
+{
+ SignatureInformations m_aSignatureInfos;
+
+ css::uno::Reference<css::security::XCertificate> m_xCertificate;
+ OUString m_aDescription;
+
+public:
+ PDFSignatureHelper();
+ bool ReadAndVerifySignature(const css::uno::Reference<css::io::XInputStream>& xInputStream);
+ bool ReadAndVerifySignatureSvStream(SvStream& rStream);
+ css::uno::Sequence<css::security::DocumentSignatureInformation>
+ GetDocumentSignatureInformations(
+ const css::uno::Reference<css::xml::crypto::XSecurityEnvironment>& xSecEnv) const;
+ SignatureInformations const& GetSignatureInformations() const;
+
+ /// Return the ID of the next created signature.
+ sal_Int32 GetNewSecurityId() const;
+ /// Certificate to be used next time signing is performed.
+ void SetX509Certificate(const css::uno::Reference<css::security::XCertificate>& xCertificate);
+ /// Comment / reason to be used next time signing is performed.
+ void SetDescription(const OUString& rDescription);
+ /// Append a new signature at the end of xInputStream.
+ bool Sign(const css::uno::Reference<css::frame::XModel>& xModel,
+ const css::uno::Reference<css::io::XInputStream>& xInputStream, bool bAdES);
+ /// Remove the signature at nPosition (and all dependent signatures) from xInputStream.
+ static bool RemoveSignature(const css::uno::Reference<css::io::XInputStream>& xInputStream,
+ sal_uInt16 nPosition);
+};
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/resourcemanager.hxx b/xmlsecurity/inc/resourcemanager.hxx
new file mode 100644
index 000000000..1dc5b2987
--- /dev/null
+++ b/xmlsecurity/inc/resourcemanager.hxx
@@ -0,0 +1,26 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed
+ * with this work for additional information regarding copyright
+ * ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <unotools/resmgr.hxx>
+
+inline OUString XsResId(TranslateId aId) { return Translate::get(aId, Translate::Create("xsc")); }
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/strings.hrc b/xmlsecurity/inc/strings.hrc
new file mode 100644
index 000000000..8cf89b211
--- /dev/null
+++ b/xmlsecurity/inc/strings.hrc
@@ -0,0 +1,67 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed
+ * with this work for additional information regarding copyright
+ * ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#define NC_(Context, String) TranslateId(Context, reinterpret_cast<char const *>(u8##String))
+
+#define STR_CERTIFICATE_NOT_VALIDATED NC_("STR_CERTIFICATE_NOT_VALIDATED", "The certificate could not be validated.")
+#define STR_VERSION NC_("STR_VERSION", "Version")
+#define STR_SERIALNUM NC_("STR_SERIALNUM", "Serial Number")
+#define STR_ISSUER NC_("STR_ISSUER", "Issuer")
+#define STR_VALIDFROM NC_("STR_VALIDFROM", "Valid From")
+#define STR_VALIDTO NC_("STR_VALIDTO", "Valid to")
+#define STR_SUBJECT NC_("STR_SUBJECT", "Subject")
+#define STR_SUBJECT_PUBKEY_ALGO NC_("STR_SUBJECT_PUBKEY_ALGO", "Subject Algorithm")
+#define STR_SUBJECT_PUBKEY_VAL NC_("STR_SUBJECT_PUBKEY_VAL", "Public Key")
+#define STR_SIGNATURE_ALGO NC_("STR_SIGNATURE_ALGO", "Signature Algorithm")
+#define STR_USE NC_("STR_USE", "Certificate Use")
+#define STR_THUMBPRINT_SHA1 NC_("STR_THUMBPRINT_SHA1", "Thumbprint SHA1")
+#define STR_THUMBPRINT_MD5 NC_("STR_THUMBPRINT_MD5", "Thumbprint MD5")
+
+#define STR_XMLSECDLG_OLD_ODF_FORMAT NC_("STR_XMLSECDLG_OLD_ODF_FORMAT", "This document contains signatures in ODF 1.1 (OpenOffice.org 2.x) format. " \
+ "Signing documents in %PRODUCTNAME %PRODUCTVERSION requires ODF 1.2 format version. " \
+ "Thus no signatures can be added or removed to this document.\n\n" \
+ "Save document in ODF 1.2 format and add all desired signatures again.")
+#define STR_XMLSECDLG_QUERY_REMOVEDOCSIGNBEFORESIGN NC_("STR_XMLSECDLG_QUERY_REMOVEDOCSIGNBEFORESIGN", "Adding or removing a macro signature will remove all document signatures.\n" \
+ "Do you really want to continue?")
+#define STR_XMLSECDLG_QUERY_REALLYREMOVE NC_("STR_XMLSECDLG_QUERY_REALLYREMOVE", "Document signature cannot be restored, once removed.\n" \
+ "Do you really want to remove selected signature?")
+
+#define STR_XMLSECDLG_SIGNING_FAILED NC_("STR_XMLSECDLG_SIGNING_FAILED", "An error occurred while adding the signature.")
+#define STR_XMLSECDLG_NO_CERT_MANAGER NC_("STR_XMLSECDLG_NO_CERT_MANAGER", "Could not find any certificate manager.")
+#define STR_XMLSECDLG_NO_CERT_FOUND NC_("STR_XMLSECDLG_NO_CERT_FOUND", "Could not find the certificate.")
+
+#define RID_XMLSECWB_NO_MOZILLA_PROFILE NC_("RID_XMLSECWB_NO_MOZILLA_PROFILE", "Digital signatures functionality could not be used, because no Mozilla user profile was found. Please check the Mozilla installation.")
+
+#define STR_DIGITAL_SIGNATURE NC_("selectcertificatedialog|STR_DIGITAL_SIGNATURE", "Digital signature")
+#define STR_NON_REPUDIATION NC_("selectcertificatedialog|STR_NON_REPUDIATION", "Non-repudiation")
+#define STR_KEY_ENCIPHERMENT NC_("selectcertificatedialog|STR_KEY_ENCIPHERMENT", "Key encipherment")
+#define STR_DATA_ENCIPHERMENT NC_("selectcertificatedialog|STR_DATA_ENCIPHERMENT", "Data encipherment")
+#define STR_KEY_AGREEMENT NC_("selectcertificatedialog|STR_KEY_AGREEMENT", "Key Agreement")
+#define STR_KEY_CERT_SIGN NC_("selectcertificatedialog|STR_KEY_CERT_SIGN", "Certificate signature verification")
+#define STR_CRL_SIGN NC_("selectcertificatedialog|STR_CRL_SIGN", "CRL signature verification")
+#define STR_ENCIPHER_ONLY NC_("selectcertificatedialog|STR_ENCIPHER_ONLY", "Only for encipherment")
+#define STR_SIGN NC_("selectcertificatedialog|str_sign", "Sign")
+#define STR_SELECTSIGN NC_("selectcertificatedialog|str_selectsign", "Select")
+#define STR_ENCRYPT NC_("selectcertificatedialog|str_encrypt", "Encrypt")
+
+#define STR_BROKEN_MACRO_CERTIFICATE_DATA NC_("STR_BROKEN_MACRO_CERTIFICATE_DATA", "Macro security problem!\n\nBroken certificate data: %{data}")
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/xmlsec-wrapper.h b/xmlsecurity/inc/xmlsec-wrapper.h
new file mode 100644
index 000000000..e4048de94
--- /dev/null
+++ b/xmlsecurity/inc/xmlsec-wrapper.h
@@ -0,0 +1,47 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed
+ * with this work for additional information regarding copyright
+ * ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <sal/config.h>
+
+#include <sal/types.h>
+
+// Cf. xmlsec's configure.in:
+#if SAL_TYPES_SIZEOFPOINTER != 4 && !defined SYSTEM_XMLSEC
+#define XMLSEC_NO_SIZE_T
+#endif
+
+#include <xmlsec/base64.h>
+#include <xmlsec/bn.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/io.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/strings.h>
+#include <xmlsec/xmldsig.h>
+#include <xmlsec/xmlenc.h>
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#ifdef XMLSEC_CRYPTO_NSS
+#include <xmlsec/nss/app.h>
+#include <xmlsec/nss/crypto.h>
+#include <xmlsec/nss/pkikeys.h>
+#endif
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/xmlsec/errorcallback.hxx b/xmlsecurity/inc/xmlsec/errorcallback.hxx
new file mode 100644
index 000000000..80ba564e9
--- /dev/null
+++ b/xmlsecurity/inc/xmlsec/errorcallback.hxx
@@ -0,0 +1,30 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed
+ * with this work for additional information regarding copyright
+ * ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <xsecxmlsecdllapi.h>
+
+// Only used for logging
+void setErrorRecorder();
+//ToDo
+//void setErrorRecorder(const css::uno::Reference< css::xml::crypto::XXMLEncryptionTemplate >& xTemplate);
+void clearErrorRecorder();
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/xmlsec/saxhelper.hxx b/xmlsecurity/inc/xmlsec/saxhelper.hxx
new file mode 100644
index 000000000..a49ccef18
--- /dev/null
+++ b/xmlsecurity/inc/xmlsec/saxhelper.hxx
@@ -0,0 +1,85 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed
+ * with this work for additional information regarding copyright
+ * ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <sal/config.h>
+
+#include <string_view>
+
+#include <libxml/tree.h>
+
+#include <rtl/ustring.hxx>
+
+namespace com::sun::star::xml::csax { struct XMLAttribute; }
+namespace com::sun::star::uno { template <typename > class Sequence; }
+
+/** This class represents a SAX handler which simply forwards to
+ the corresponding libxml API and translates parameter if necessary.
+*/
+class SAXHelper final
+{
+ private:
+ xmlParserCtxtPtr m_pParserCtxt ;
+ xmlSAXHandlerPtr m_pSaxHandler ;
+
+ public:
+ SAXHelper( ) ;
+ ~SAXHelper() ;
+
+ xmlNodePtr getCurrentNode() { return m_pParserCtxt->node;}
+ void setCurrentNode(const xmlNodePtr pNode);
+ xmlDocPtr getDocument() { return m_pParserCtxt->myDoc;}
+
+ /// @throws css::xml::sax::SAXException
+ /// @throws css::uno::RuntimeException
+ void startDocument() ;
+
+ /// @throws css::xml::sax::SAXException
+ /// @throws css::uno::RuntimeException
+ void endDocument() ;
+
+ /// @throws css::xml::sax::SAXException
+ /// @throws css::uno::RuntimeException
+ void startElement(
+ std::u16string_view aName ,
+ const css::uno::Sequence<
+ css::xml::csax::XMLAttribute >& aAttributes ) ;
+
+ /// @throws css::xml::sax::SAXException
+ /// @throws css::uno::RuntimeException
+ void endElement( std::u16string_view aName ) ;
+
+ /// @throws css::xml::sax::SAXException
+ /// @throws css::uno::RuntimeException
+ void characters( std::u16string_view aChars ) ;
+
+ /// @throws css::xml::sax::SAXException
+ /// @throws css::uno::RuntimeException
+ void ignorableWhitespace( std::u16string_view aWhitespaces ) ;
+
+ /// @throws css::xml::sax::SAXException
+ /// @throws css::uno::RuntimeException
+ void processingInstruction(
+ std::u16string_view aTarget ,
+ std::u16string_view aData ) ;
+
+} ;
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/xmlsec/xmldocumentwrapper_xmlsecimpl.hxx b/xmlsecurity/inc/xmlsec/xmldocumentwrapper_xmlsecimpl.hxx
new file mode 100644
index 000000000..8f5695d10
--- /dev/null
+++ b/xmlsecurity/inc/xmlsec/xmldocumentwrapper_xmlsecimpl.hxx
@@ -0,0 +1,208 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed
+ * with this work for additional information regarding copyright
+ * ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <com/sun/star/xml/wrapper/XXMLDocumentWrapper.hpp>
+#include <com/sun/star/xml/csax/XCompressedDocumentHandler.hpp>
+#include <com/sun/star/lang/XServiceInfo.hpp>
+#include <cppuhelper/implbase.hxx>
+
+#include <xmlsec/saxhelper.hxx>
+#include <xsecxmlsecdllapi.h>
+
+#define NODEPOSITION_NORMAL 1
+#define NODEPOSITION_STARTELEMENT 2
+#define NODEPOSITION_ENDELEMENT 3
+
+#include <libxml/tree.h>
+
+class XSECXMLSEC_DLLPUBLIC XMLDocumentWrapper_XmlSecImpl final : public cppu::WeakImplHelper
+<
+ css::xml::wrapper::XXMLDocumentWrapper,
+ css::xml::sax::XDocumentHandler,
+ css::xml::csax::XCompressedDocumentHandler,
+ css::lang::XServiceInfo
+>
+/**
+ * NAME
+ * XMLDocumentWrapper_XmlSecImpl -- Class to manipulate a libxml2
+ * document
+ *
+ * FUNCTION
+ * Converts SAX events into a libxml2 document, converts the document back
+ * into SAX event stream, and manipulate nodes in the document.
+ ******************************************************************************/
+{
+private:
+ /* the sax helper */
+ SAXHelper saxHelper;
+
+ /* the document used to convert SAX events to */
+ xmlDocPtr m_pDocument;
+
+ /* the root element */
+ xmlNodePtr m_pRootElement;
+
+ /*
+ * the current active element. The next incoming SAX event will be
+ * appended to this element
+ */
+ xmlNodePtr m_pCurrentElement;
+
+ /*
+ * This variable is used when converting the document or part of it into
+ * SAX events. See getNextSAXEvent method.
+ */
+ sal_Int32 m_nCurrentPosition;
+
+ /*
+ * used for recursive deletion. See recursiveDelete method
+ */
+ xmlNodePtr m_pStopAtNode;
+ xmlNodePtr m_pCurrentReservedNode;
+ css::uno::Sequence< css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > > m_aReservedNodes;
+ sal_Int32 m_nReservedNodeIndex;
+
+private:
+ void getNextSAXEvent();
+
+ /// @throws css::xml::sax::SAXException
+ static void sendStartElement(
+ const css::uno::Reference< css::xml::sax::XDocumentHandler >& xHandler,
+ const css::uno::Reference< css::xml::sax::XDocumentHandler >& xHandler2,
+ const xmlNodePtr pNode);
+
+ /// @throws css::xml::sax::SAXException
+ static void sendEndElement(
+ const css::uno::Reference< css::xml::sax::XDocumentHandler >& xHandler,
+ const css::uno::Reference< css::xml::sax::XDocumentHandler >& xHandler2,
+ const xmlNodePtr pNode);
+
+ /// @throws css::xml::sax::SAXException
+ static void sendNode(
+ const css::uno::Reference< css::xml::sax::XDocumentHandler >& xHandler,
+ const css::uno::Reference< css::xml::sax::XDocumentHandler >& xHandler2,
+ const xmlNodePtr pNode);
+
+ static OString getNodeQName(const xmlNodePtr pNode);
+
+ sal_Int32 recursiveDelete( const xmlNodePtr pNode);
+
+ void getNextReservedNode();
+
+ void removeNode( const xmlNodePtr pNode) const;
+
+ static xmlNodePtr checkElement(
+ const css::uno::Reference< css::xml::wrapper::XXMLElementWrapper >& xXMLElement);
+
+ void buildIDAttr( xmlNodePtr pNode ) const;
+ void rebuildIDLink( xmlNodePtr pNode ) const;
+
+public:
+ XMLDocumentWrapper_XmlSecImpl();
+ virtual ~XMLDocumentWrapper_XmlSecImpl() override;
+
+ /* css::xml::wrapper::XXMLDocumentWrapper */
+ virtual css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > SAL_CALL getCurrentElement( ) override;
+
+ virtual void SAL_CALL setCurrentElement( const css::uno::Reference<
+ css::xml::wrapper::XXMLElementWrapper >& element ) override;
+
+ virtual void SAL_CALL removeCurrentElement( ) override;
+
+ virtual sal_Bool SAL_CALL isCurrent( const css::uno::Reference<
+ css::xml::wrapper::XXMLElementWrapper >& node ) override;
+
+ virtual sal_Bool SAL_CALL isCurrentElementEmpty( ) override;
+
+ virtual OUString SAL_CALL getNodeName( const css::uno::Reference<
+ css::xml::wrapper::XXMLElementWrapper >& node ) override;
+
+ virtual void SAL_CALL clearUselessData(
+ const css::uno::Reference< css::xml::wrapper::XXMLElementWrapper >& node,
+ const css::uno::Sequence< css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > >& reservedDescendants,
+ const css::uno::Reference< css::xml::wrapper::XXMLElementWrapper >& stopAtNode ) override;
+
+ virtual void SAL_CALL collapse( const css::uno::Reference<
+ css::xml::wrapper::XXMLElementWrapper >& node ) override;
+
+ virtual void SAL_CALL generateSAXEvents(
+ const css::uno::Reference< css::xml::sax::XDocumentHandler >& handler,
+ const css::uno::Reference< css::xml::sax::XDocumentHandler >& xEventKeeperHandler,
+ const css::uno::Reference< css::xml::wrapper::XXMLElementWrapper >& startNode,
+ const css::uno::Reference< css::xml::wrapper::XXMLElementWrapper >& endNode ) override;
+
+ virtual void SAL_CALL getTree(
+ const css::uno::Reference< css::xml::sax::XDocumentHandler >& handler ) override;
+
+ virtual void SAL_CALL rebuildIDLink(
+ const css::uno::Reference< css::xml::wrapper::XXMLElementWrapper >& node ) override;
+
+ /* css::xml::sax::XDocumentHandler */
+ virtual void SAL_CALL startDocument( ) override;
+
+ virtual void SAL_CALL endDocument( ) override;
+
+ virtual void SAL_CALL startElement(
+ const OUString& aName,
+ const css::uno::Reference< css::xml::sax::XAttributeList >& xAttribs ) override;
+
+ virtual void SAL_CALL endElement( const OUString& aName ) override;
+
+ virtual void SAL_CALL characters( const OUString& aChars ) override;
+
+ virtual void SAL_CALL ignorableWhitespace( const OUString& aWhitespaces ) override;
+
+ virtual void SAL_CALL processingInstruction( const OUString& aTarget, const OUString& aData ) override;
+
+ virtual void SAL_CALL setDocumentLocator( const css::uno::Reference< css::xml::sax::XLocator >& xLocator ) override;
+
+ /* css::xml::csax::XCompressedDocumentHandler */
+ virtual void SAL_CALL compressedStartDocument( ) override;
+
+ virtual void SAL_CALL compressedEndDocument( ) override;
+
+ virtual void SAL_CALL compressedStartElement(
+ const OUString& aName,
+ const css::uno::Sequence< css::xml::csax::XMLAttribute >& aAttributes ) override;
+
+ virtual void SAL_CALL compressedEndElement( const OUString& aName ) override;
+
+ virtual void SAL_CALL compressedCharacters( const OUString& aChars ) override;
+
+ virtual void SAL_CALL compressedIgnorableWhitespace( const OUString& aWhitespaces ) override;
+
+ virtual void SAL_CALL compressedProcessingInstruction( const OUString& aTarget, const OUString& aData ) override;
+
+ virtual void SAL_CALL compressedSetDocumentLocator(
+ sal_Int32 columnNumber,
+ sal_Int32 lineNumber,
+ const OUString& publicId,
+ const OUString& systemId ) override;
+
+ /* css::lang::XServiceInfo */
+ virtual OUString SAL_CALL getImplementationName( ) override;
+
+ virtual sal_Bool SAL_CALL supportsService( const OUString& ServiceName ) override;
+
+ virtual css::uno::Sequence< OUString > SAL_CALL getSupportedServiceNames( ) override;
+};
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/xmlsec/xmlsec_init.hxx b/xmlsecurity/inc/xmlsec/xmlsec_init.hxx
new file mode 100644
index 000000000..417acd288
--- /dev/null
+++ b/xmlsecurity/inc/xmlsec/xmlsec_init.hxx
@@ -0,0 +1,17 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#pragma once
+
+#include <xsecxmlsecdllapi.h>
+
+XSECXMLSEC_DLLPUBLIC void initXmlSec();
+XSECXMLSEC_DLLPUBLIC void deInitXmlSec();
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/xmlsec/xmlstreamio.hxx b/xmlsecurity/inc/xmlsec/xmlstreamio.hxx
new file mode 100644
index 000000000..6e3d506a4
--- /dev/null
+++ b/xmlsecurity/inc/xmlsec/xmlstreamio.hxx
@@ -0,0 +1,39 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed
+ * with this work for additional information regarding copyright
+ * ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <xsecxmlsecdllapi.h>
+
+namespace com::sun::star::xml::crypto
+{
+class XUriBinding;
+}
+namespace com::sun::star::uno
+{
+template <typename> class Reference;
+}
+
+int xmlEnableStreamInputCallbacks();
+void xmlDisableStreamInputCallbacks();
+int xmlRegisterStreamInputCallbacks(
+ css::uno::Reference<css::xml::crypto::XUriBinding> const& aUriBinding);
+int xmlUnregisterStreamInputCallbacks();
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/xmlsecuritydllapi.h b/xmlsecurity/inc/xmlsecuritydllapi.h
new file mode 100644
index 000000000..7f31e6f8f
--- /dev/null
+++ b/xmlsecurity/inc/xmlsecuritydllapi.h
@@ -0,0 +1,20 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#pragma once
+
+#include <sal/types.h>
+
+#if defined(XMLSECURITY_DLLIMPLEMENTATION)
+#define XMLSECURITY_DLLPUBLIC SAL_DLLPUBLIC_EXPORT
+#else
+#define XMLSECURITY_DLLPUBLIC SAL_DLLPUBLIC_IMPORT
+#endif
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/xmlsignaturehelper.hxx b/xmlsecurity/inc/xmlsignaturehelper.hxx
new file mode 100644
index 000000000..de7de9908
--- /dev/null
+++ b/xmlsecurity/inc/xmlsignaturehelper.hxx
@@ -0,0 +1,176 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed
+ * with this work for additional information regarding copyright
+ * ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <tools/link.hxx>
+#include <rtl/ustring.hxx>
+#include <rtl/ref.hxx>
+#include <svl/sigstruct.hxx>
+#include "xmlsecuritydllapi.h"
+#include "xmlsignaturehelper.hxx"
+#include "xsecctl.hxx"
+
+#include <com/sun/star/security/XCertificate.hpp>
+#include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp>
+
+class DateTime;
+class UriBindingHelper;
+
+namespace com::sun::star {
+ namespace io {
+ class XOutputStream;
+ class XInputStream;
+ }
+ namespace embed { class XStorage; }
+}
+
+namespace com::sun::star::graphic { class XGraphic; }
+namespace com::sun::star::uno { class XComponentContext; }
+namespace com::sun::star::xml::crypto { class XXMLSecurityContext; }
+namespace com::sun::star::xml::sax { class XDocumentHandler; }
+namespace com::sun::star::xml::sax { class XWriter; }
+
+/**********************************************************
+ XMLSignatureHelper
+
+ Helper class for the XML Security framework
+
+ Functions:
+ 1. help to create a security context;
+ 2. help to listen signature creation result;
+ 3. help to listen signature verify result;
+ 4. help to indicate which signature to verify.
+
+ **********************************************************/
+
+class XMLSECURITY_DLLPUBLIC XMLSignatureHelper
+{
+private:
+ css::uno::Reference< css::uno::XComponentContext > mxCtx;
+ rtl::Reference<UriBindingHelper> mxUriBinding;
+
+ rtl::Reference<XSecController> mpXSecController;
+ bool mbError;
+ bool mbODFPre1_2;
+ Link<LinkParamNone*,bool> maStartVerifySignatureHdl;
+
+private:
+ XMLSignatureHelper(const XMLSignatureHelper&) = delete;
+
+public:
+ XMLSignatureHelper(const css::uno::Reference< css::uno::XComponentContext >& mrCtx );
+ ~XMLSignatureHelper();
+
+ void StartVerifySignatureElement();
+
+ // Set the storage which should be used by the default UriBinding
+ // Must be set before StartMission().
+ //sODFVersion indicates the ODF version
+ void SetStorage( const css::uno::Reference < css::embed::XStorage >& rxStorage, const OUString& sODFVersion );
+
+ // Argument for the Link is a uno::Reference< xml::sax::XAttributeList >*
+ // Return 1 to verify, 0 to skip.
+ // Default handler will verify all.
+ void SetStartVerifySignatureHdl( const Link<LinkParamNone*,bool>& rLink );
+
+ // After signing/verifying, get information about signatures
+ SignatureInformation GetSignatureInformation( sal_Int32 nSecurityId ) const;
+ SignatureInformations GetSignatureInformations() const;
+ /// ImplVerifySignature calls this to figure out which X509Data is the
+ /// signing certificate and update the internal state with the result.
+ /// @return
+ /// A sequence with the signing certificate at the back on success.
+ /// An empty sequence on failure.
+ std::vector<css::uno::Reference<css::security::XCertificate>>
+ CheckAndUpdateSignatureInformation(
+ css::uno::Reference<css::xml::crypto::XSecurityEnvironment> const& xSecEnv,
+ SignatureInformation const& rInfo);
+
+ // See XSecController for documentation
+ void StartMission(const css::uno::Reference<css::xml::crypto::XXMLSecurityContext>& xSecurityContext);
+ void EndMission();
+ sal_Int32 GetNewSecurityId();
+ /** sets data that describes the certificate.
+
+ It is absolutely necessary that the parameter ouX509IssuerName is set. It contains
+ the base64 encoded certificate, which is DER encoded. The XMLSec needs it to find
+ the private key. Although issuer name and certificate should be sufficient to identify
+ the certificate the implementation in XMLSec is broken, both for Windows and mozilla.
+ The reason is that they use functions to find the certificate which take as parameter
+ the DER encoded ASN.1 issuer name. The issuer name is a DName, where most attributes
+ are of type DirectoryName, which is a choice of 5 string types. This information is
+ not contained in the issuer string and while it is converted to the ASN.1 name the
+ conversion function must assume a particular type, which is often wrong. For example,
+ the Windows function CertStrToName will use a T.61 string if the string does not contain
+ special characters. So if the certificate uses simple characters but encodes the
+ issuer attributes in Utf8, then CertStrToName will use T.61. The resulting DER encoded
+ ASN.1 name now contains different bytes which indicate the string type. The functions
+ for finding the certificate apparently use memcmp - hence they fail to find the
+ certificate.
+ */
+ void SetX509Certificate(sal_Int32 nSecurityId, const OUString& ouX509IssuerName,
+ const OUString& ouX509SerialNumber, const OUString& ouX509Cert, const OUString& ouX509CertDigest,
+ svl::crypto::SignatureMethodAlgorithm eAlgorithmID);
+
+ void AddEncapsulatedX509Certificate(const OUString& ouEncapsulatedX509Certificate);
+
+ void SetGpgCertificate(sal_Int32 nSecurityId, const OUString& ouGpgCertDigest,
+ const OUString& ouGpgCert, const OUString& ouGpgOwner);
+
+ void SetDateTime( sal_Int32 nSecurityId, const DateTime& rDateTime );
+ void SetDescription(sal_Int32 nSecurityId, const OUString& rDescription);
+ void SetSignatureLineId(sal_Int32 nSecurityId, const OUString& rSignatureLineId);
+ void
+ SetSignatureLineValidGraphic(sal_Int32 nSecurityId,
+ const css::uno::Reference<css::graphic::XGraphic>& xValidGraphic);
+ void SetSignatureLineInvalidGraphic(
+ sal_Int32 nSecurityId, const css::uno::Reference<css::graphic::XGraphic>& xInvalidGraphic);
+
+ void AddForSigning( sal_Int32 securityId, const OUString& uri, bool bBinary, bool bXAdESCompliantIfODF );
+ void CreateAndWriteSignature( const css::uno::Reference< css::xml::sax::XDocumentHandler >& xDocumentHandler, bool bXAdESCompliantIfODF );
+ bool ReadAndVerifySignature( const css::uno::Reference< css::io::XInputStream >& xInputStream );
+
+ // MT: ??? I think only for adding/removing, not for new signatures...
+ // MM: Yes, but if you want to insert a new signature into an existing signature file, those function
+ // will be very useful, see Mission 3 in the new "multisigdemo" program :-)
+ css::uno::Reference< css::xml::sax::XWriter> CreateDocumentHandlerWithHeader( const css::uno::Reference< css::io::XOutputStream >& xOutputStream );
+ static void CloseDocumentHandler( const css::uno::Reference< css::xml::sax::XDocumentHandler>& xDocumentHandler );
+ static void ExportSignature(
+ const css::uno::Reference< css::xml::sax::XDocumentHandler >& xDocumentHandler,
+ const SignatureInformation& signatureInfo,
+ bool bXAdESCompliantIfODF );
+
+ /// Read and verify OOXML signatures.
+ bool ReadAndVerifySignatureStorage(const css::uno::Reference<css::embed::XStorage>& xStorage, bool bCacheLastSignature = true);
+ /// Read and verify a single OOXML signature.
+ bool ReadAndVerifySignatureStorageStream(const css::uno::Reference<css::io::XInputStream>& xInputStream);
+ /// Adds or removes an OOXML digital signature relation to _rels/.rels if there wasn't any before.
+ void EnsureSignaturesRelation(const css::uno::Reference<css::embed::XStorage>& xStorage, bool bAdd);
+ /// Given that xStorage is an OOXML _xmlsignatures storage, create origin.sigs and its relations.
+ void ExportSignatureRelations(const css::uno::Reference<css::embed::XStorage>& xStorage, int nSignatureCount);
+ /// Given that xSignatureStorage is an OOXML _xmlsignatures storage, create and write a new signature.
+ void CreateAndWriteOOXMLSignature(const css::uno::Reference<css::embed::XStorage>& xRootStorage, const css::uno::Reference<css::embed::XStorage>& xSignatureStorage, int nSignatureIndex);
+ /// Similar to CreateAndWriteOOXMLSignature(), but used to write the signature to the persistent storage, not the temporary one.
+ void ExportOOXMLSignature(const css::uno::Reference<css::embed::XStorage>& xRootStorage, const css::uno::Reference<css::embed::XStorage>& xSignatureStorage, const SignatureInformation& rInformation, int nSignatureIndex);
+ /// Given that xStorage is an OOXML root storage, advertise signatures in its [Content_Types].xml stream.
+ void ExportSignatureContentTypes(const css::uno::Reference<css::embed::XStorage>& xStorage, int nSignatureCount);
+};
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/xsecctl.hxx b/xmlsecurity/inc/xsecctl.hxx
new file mode 100644
index 000000000..adfd251b1
--- /dev/null
+++ b/xmlsecurity/inc/xsecctl.hxx
@@ -0,0 +1,408 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This file incorporates work covered by the following license notice:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed
+ * with this work for additional information regarding copyright
+ * ownership. The ASF licenses this file to you under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.apache.org/licenses/LICENSE-2.0 .
+ */
+
+#pragma once
+
+#include <svl/sigstruct.hxx>
+
+#include <com/sun/star/xml/crypto/sax/XSAXEventKeeperStatusChangeListener.hpp>
+#include <com/sun/star/xml/crypto/sax/XSignatureCreationResultListener.hpp>
+#include <com/sun/star/xml/crypto/sax/XSignatureVerifyResultListener.hpp>
+
+#include <rtl/ref.hxx>
+#include <cppuhelper/implbase.hxx>
+
+#include <vector>
+
+#include "UriBindingHelper.hxx"
+
+namespace com::sun::star::embed { class XStorage; }
+namespace com::sun::star::graphic { class XGraphic; }
+namespace com::sun::star::io { class XInputStream; }
+namespace com::sun::star::lang { class XInitialization; }
+namespace com::sun::star::uno { class XComponentContext; }
+namespace com::sun::star::xml::crypto { class XXMLSecurityContext; }
+namespace com::sun::star::xml::crypto { class XXMLSignature; }
+namespace com::sun::star::xml::crypto:: sax { class XReferenceResolvedListener; }
+namespace com::sun::star::xml::sax { class XDocumentHandler; }
+
+inline constexpr OUStringLiteral NS_XMLDSIG = u"http://www.w3.org/2000/09/xmldsig#";
+inline constexpr OUStringLiteral NS_DC = u"http://purl.org/dc/elements/1.1/";
+inline constexpr OUStringLiteral NS_XD = u"http://uri.etsi.org/01903/v1.3.2#";
+inline constexpr OUStringLiteral NS_MDSSI = u"http://schemas.openxmlformats.org/package/2006/digital-signature";
+inline constexpr OUStringLiteral NS_LOEXT = u"urn:org:documentfoundation:names:experimental:office:xmlns:loext:1.0";
+
+inline constexpr OUStringLiteral ALGO_C14N = u"http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
+inline constexpr OUStringLiteral ALGO_RSASHA1 = u"http://www.w3.org/2000/09/xmldsig#rsa-sha1";
+inline constexpr OUStringLiteral ALGO_RSASHA256 = u"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
+inline constexpr OUStringLiteral ALGO_RSASHA512 = u"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
+inline constexpr OUStringLiteral ALGO_ECDSASHA1 = u"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1";
+inline constexpr OUStringLiteral ALGO_ECDSASHA256 = u"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256";
+inline constexpr OUStringLiteral ALGO_ECDSASHA512 = u"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512";
+inline constexpr OUStringLiteral ALGO_XMLDSIGSHA1 = u"http://www.w3.org/2000/09/xmldsig#sha1";
+inline constexpr OUStringLiteral ALGO_XMLDSIGSHA256 = u"http://www.w3.org/2001/04/xmlenc#sha256";
+inline constexpr OUStringLiteral ALGO_XMLDSIGSHA512 = u"http://www.w3.org/2001/04/xmlenc#sha512";
+inline constexpr OUStringLiteral ALGO_RELATIONSHIP = u"http://schemas.openxmlformats.org/package/2006/RelationshipTransform";
+
+class XMLDocumentWrapper_XmlSecImpl;
+class SAXEventKeeperImpl;
+class XMLSignatureHelper;
+namespace svl::crypto { enum class SignatureMethodAlgorithm; }
+
+class InternalSignatureInformation
+{
+public:
+ SignatureInformation signatureInfor;
+
+ css::uno::Reference< css::xml::crypto::sax::XReferenceResolvedListener > xReferenceResolvedListener;
+
+ ::std::vector< sal_Int32 > vKeeperIds;
+
+ InternalSignatureInformation(
+ sal_Int32 nId,
+ css::uno::Reference< css::xml::crypto::sax::XReferenceResolvedListener > const & xListener)
+ :signatureInfor(nId)
+ {
+ xReferenceResolvedListener = xListener;
+ }
+
+ void addReference( SignatureReferenceType type, sal_Int32 digestID, const OUString& uri, sal_Int32 keeperId, const OUString& rType )
+ {
+ signatureInfor.vSignatureReferenceInfors.push_back(
+ SignatureReferenceInformation(type, digestID, uri, rType));
+ vKeeperIds.push_back( keeperId );
+ }
+};
+
+class XSecController final : public cppu::WeakImplHelper
+<
+ css::xml::crypto::sax::XSAXEventKeeperStatusChangeListener,
+ css::xml::crypto::sax::XSignatureCreationResultListener,
+ css::xml::crypto::sax::XSignatureVerifyResultListener
+>
+/****** XSecController.hxx/CLASS XSecController *******************************
+ *
+ * NAME
+ * XSecController -- the xml security framework controller
+ *
+ * FUNCTION
+ * Controls the whole xml security framework to create signatures or to
+ * verify signatures.
+ *
+ ******************************************************************************/
+{
+ friend class XSecParser;
+ friend class OOXMLSecParser;
+
+private:
+ css::uno::Reference< css::uno::XComponentContext> mxCtx;
+
+ /*
+ * used to buffer SAX events
+ */
+ rtl::Reference<XMLDocumentWrapper_XmlSecImpl> m_xXMLDocumentWrapper;
+
+ /*
+ * the SAX events keeper
+ */
+ rtl::Reference<SAXEventKeeperImpl> m_xSAXEventKeeper;
+
+ /*
+ * the bridge component which creates/verifies signature
+ */
+ css::uno::Reference< css::xml::crypto::XXMLSignature > m_xXMLSignature;
+
+ /*
+ * the Security Context
+ */
+ css::uno::Reference< css::xml::crypto::XXMLSecurityContext > m_xSecurityContext;
+
+ /*
+ * the security id incrementer, in order to make any security id unique
+ * to the SAXEventKeeper.
+ * Because each XSecController has its own SAXEventKeeper, so this variable
+ * is not necessary to be static.
+ */
+ sal_Int32 m_nNextSecurityId;
+
+ /*
+ * Signature information
+ */
+ std::vector< InternalSignatureInformation > m_vInternalSignatureInformations;
+
+ /*
+ * the previous node on the SAX chain.
+ * The reason that use a Reference<XInterface> type variable
+ * is that the previous components are different when exporting
+ * and importing, and there is no other common interface they
+ * can provided.
+ */
+ css::uno::Reference< css::uno::XInterface > m_xPreviousNodeOnSAXChain;
+ /*
+ * whether the previous node can provide an XInitialize interface,
+ * use this variable in order to typecast the XInterface to the
+ * correct interface type.
+ */
+ bool m_bIsPreviousNodeInitializable;
+
+ /*
+ * a flag representing whether the SAXEventKeeper is now on the
+ * SAX chain.
+ */
+ bool m_bIsSAXEventKeeperConnected;
+
+ /*
+ * a flag representing whether it is collecting some element,
+ * which means that the SAXEventKeeper can't be chained off the
+ * SAX chain.
+ */
+ bool m_bIsCollectingElement;
+
+ /*
+ * a flag representing whether the SAX event stream is blocking,
+ * which also means that the SAXEventKeeper can't be chained off
+ * the SAX chain.
+ */
+ bool m_bIsBlocking;
+
+ /*
+ * a flag representing the current status of security related
+ * components.
+ */
+
+ /*
+ * status of security related components
+ */
+ enum class InitializationState { UNINITIALIZED, INITIALIZED, FAILTOINITIALIZED } m_eStatusOfSecurityComponents;
+
+ /*
+ * a flag representing whether the SAXEventKeeper need to be
+ * on the SAX chain all the time.
+ * This flag is used to the situation when creating signature.
+ */
+ bool m_bIsSAXEventKeeperSticky;
+
+ /*
+ * the XSecParser which is used to parse the signature stream
+ */
+ css::uno::Reference<css::xml::sax::XDocumentHandler> m_xSecParser;
+
+ /*
+ * the caller assigned signature id for the next signature in the
+ * signature stream
+ */
+ sal_Int32 m_nReservedSignatureId;
+
+ /*
+ * representing whether to verify the current signature
+ */
+ bool m_bVerifyCurrentSignature;
+
+ /*
+ * An xUriBinding is provided to map Uris to XInputStream interfaces.
+ */
+ rtl::Reference<UriBindingHelper> m_xUriBinding;
+
+private:
+
+ /*
+ * Common methods
+ */
+ void createXSecComponent( );
+ int findSignatureInfor( sal_Int32 nSecurityId ) const;
+ bool chainOn();
+ void chainOff();
+ void checkChainingStatus();
+ void initializeSAXChain();
+
+ css::uno::Reference< css::io::XInputStream > getObjectInputStream( const OUString& objectURL );
+
+ //sal_Int32 getFastPropertyIndex(sal_Int32 nHandle) const;
+
+ /*
+ * For signature generation
+ */
+ static OUString createId();
+ css::uno::Reference< css::xml::crypto::sax::XReferenceResolvedListener > prepareSignatureToWrite(
+ InternalSignatureInformation& signatureInfo,
+ sal_Int32 nStorageFormat,
+ bool bXAdESCompliantIfODF );
+
+ /*
+ * For signature verification
+ */
+ void addSignature();
+ /// Sets algorithm from <SignatureMethod Algorithm="...">.
+ void setSignatureMethod(svl::crypto::SignatureMethodAlgorithm eAlgorithmID);
+ void switchGpgSignature();
+ bool haveReferenceForId(std::u16string_view rId) const;
+ void addReference(
+ const OUString& ouUri,
+ sal_Int32 nDigestID,
+ const OUString& ouType );
+ void addStreamReference(
+ const OUString& ouUri,
+ bool isBinary,
+ sal_Int32 nDigestID );
+ void setReferenceCount() const;
+
+ void setX509Data(
+ std::vector<std::pair<OUString, OUString>> & rX509IssuerSerials,
+ std::vector<OUString> const& rX509Certificates);
+ void setX509CertDigest(
+ OUString const& rCertDigest, sal_Int32 const nReferenceDigestID,
+ std::u16string_view const& rX509IssuerName, std::u16string_view const& rX509SerialNumber);
+
+ void setSignatureValue( OUString const & ouSignatureValue );
+ void setDigestValue( sal_Int32 nDigestID, OUString const & ouDigestValue );
+ void setGpgKeyID( OUString const & ouKeyID );
+ void setGpgCertificate( OUString const & ouGpgCert );
+ void setGpgOwner( OUString const & ouGpgOwner );
+
+ void setDate(OUString const& rId, OUString const& ouDate);
+ void setDescription(OUString const& rId, OUString const& rDescription);
+ void setValidSignatureImage(std::u16string_view rValidSigImg);
+ void setInvalidSignatureImage(std::u16string_view rInvalidSigImg);
+ void setSignatureLineId(const OUString& rSignatureLineId);
+
+public:
+ void setSignatureBytes(const css::uno::Sequence<sal_Int8>& rBytes);
+
+private:
+ void setId( OUString const & ouId );
+
+ css::uno::Reference< css::xml::crypto::sax::XReferenceResolvedListener > prepareSignatureToRead(
+ sal_Int32 nSecurityId );
+
+public:
+ explicit XSecController(const css::uno::Reference<css::uno::XComponentContext>& rxCtx);
+ virtual ~XSecController() override;
+
+ sal_Int32 getNewSecurityId( );
+
+ void startMission(const rtl::Reference<UriBindingHelper>& xUriBinding, const css::uno::Reference<css::xml::crypto::XXMLSecurityContext>& xSecurityContext);
+
+ void setSAXChainConnector(const css::uno::Reference< css::lang::XInitialization >& xInitialization);
+
+ void clearSAXChainConnector();
+ void endMission();
+
+ SignatureInformation getSignatureInformation( sal_Int32 nSecurityId ) const;
+ SignatureInformations getSignatureInformations() const;
+ /// only verify can figure out which X509Data is the signing certificate
+ void UpdateSignatureInformation(sal_Int32 nSecurityId,
+ std::vector<SignatureInformation::X509Data> && rDatas);
+
+ static void exportSignature(
+ const css::uno::Reference< css::xml::sax::XDocumentHandler >& xDocumentHandler,
+ const SignatureInformation& signatureInfo,
+ bool bXAdESCompliantIfODF );
+
+
+ /*
+ * For signature generation
+ */
+ void signAStream( sal_Int32 securityId, const OUString& uri, bool isBinary, bool bXAdESCompliantIfODF);
+
+
+ /** sets data that describes the certificate.
+
+ It is absolutely necessary that the parameter ouX509IssuerName is set. It contains
+ the base64 encoded certificate, which is DER encoded. The XMLSec needs it to find
+ the private key. Although issuer name and certificate should be sufficient to identify
+ the certificate the implementation in XMLSec is broken, both for Windows and mozilla.
+ The reason is that they use functions to find the certificate which take as parameter
+ the DER encoded ASN.1 issuer name. The issuer name is a DName, where most attributes
+ are of type DirectoryName, which is a choice of 5 string types. This information is
+ not contained in the issuer string and while it is converted to the ASN.1 name the
+ conversion function must assume a particular type, which is often wrong. For example,
+ the Windows function CertStrToName will use a T.61 string if the string does not contain
+ special characters. So if the certificate uses simple characters but encodes the
+ issuer attributes in Utf8, then CertStrToName will use T.61. The resulting DER encoded
+ ASN.1 name now contains different bytes which indicate the string type. The functions
+ for finding the certificate apparently use memcmp - hence they fail to find the
+ certificate.
+ */
+ void setX509Certificate(
+ sal_Int32 nSecurityId,
+ const OUString& ouX509IssuerName,
+ const OUString& ouX509SerialNumber,
+ const OUString& ouX509Cert,
+ const OUString& ouX509CertDigest,
+ svl::crypto::SignatureMethodAlgorithm eAlgorithmID);
+
+ void addEncapsulatedX509Certificate(const OUString& rEncapsulatedX509Certificate);
+
+ void setGpgCertificate(
+ sal_Int32 nSecurityId,
+ const OUString& ouCertDigest,
+ const OUString& ouCert,
+ const OUString& ouOwner);
+
+ void setDate(
+ sal_Int32 nSecurityId,
+ const css::util::DateTime& rDateTime );
+ void setDescription(sal_Int32 nSecurityId, const OUString& rDescription);
+ void setSignatureLineId(sal_Int32 nSecurityId, const OUString& rSignatureLineId);
+ void
+ setSignatureLineValidGraphic(sal_Int32 nSecurityId,
+ const css::uno::Reference<css::graphic::XGraphic>& xValidGraphic);
+ void setSignatureLineInvalidGraphic(
+ sal_Int32 nSecurityId, const css::uno::Reference<css::graphic::XGraphic>& xInvalidGraphic);
+
+ bool WriteSignature(
+ const css::uno::Reference< css::xml::sax::XDocumentHandler >& xDocumentHandler,
+ bool bXAdESCompliantIfODF);
+
+ /*
+ * For signature verification
+ */
+ void collectToVerify( std::u16string_view referenceId );
+ void addSignature( sal_Int32 nSignatureId );
+ css::uno::Reference< css::xml::sax::XDocumentHandler > const & createSignatureReader(XMLSignatureHelper& rXMLSignatureHelper, sal_Int32 nType = 0);
+ void releaseSignatureReader();
+
+public:
+ /* Interface methods */
+
+ /*
+ * XSAXEventKeeperStatusChangeListener
+ */
+ virtual void SAL_CALL blockingStatusChanged( sal_Bool isBlocking ) override;
+ virtual void SAL_CALL collectionStatusChanged(
+ sal_Bool isInsideCollectedElement ) override;
+ virtual void SAL_CALL bufferStatusChanged( sal_Bool isBufferEmpty ) override;
+
+ /*
+ * XSignatureCreationResultListener
+ */
+ virtual void SAL_CALL signatureCreated( sal_Int32 securityId, css::xml::crypto::SecurityOperationStatus nResult ) override;
+
+ /*
+ * XSignatureVerifyResultListener
+ */
+ virtual void SAL_CALL signatureVerified( sal_Int32 securityId, css::xml::crypto::SecurityOperationStatus nResult ) override;
+
+ /// Writes XML elements inside a single OOXML signature's <Signature> element.
+ bool WriteOOXMLSignature(const css::uno::Reference<css::embed::XStorage>& xRootStorage, const css::uno::Reference<css::xml::sax::XDocumentHandler>& xDocumentHandler);
+ /// Exports an OOXML signature, called by WriteOOXMLSignature().
+ void exportOOXMLSignature(const css::uno::Reference<css::embed::XStorage>& xRootStorage, const css::uno::Reference<css::xml::sax::XDocumentHandler>& xDocumentHandler, const SignatureInformation& rInformation);
+};
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/xmlsecurity/inc/xsecxmlsecdllapi.h b/xmlsecurity/inc/xsecxmlsecdllapi.h
new file mode 100644
index 000000000..36f8ad52a
--- /dev/null
+++ b/xmlsecurity/inc/xsecxmlsecdllapi.h
@@ -0,0 +1,20 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#pragma once
+
+#include <sal/types.h>
+
+#if defined(XSECXMLSEC_DLLIMPLEMENTATION)
+#define XSECXMLSEC_DLLPUBLIC SAL_DLLPUBLIC_EXPORT
+#else
+#define XSECXMLSEC_DLLPUBLIC SAL_DLLPUBLIC_IMPORT
+#endif
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */