From ed5640d8b587fbcfed7dd7967f3de04b37a76f26 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 11:06:44 +0200 Subject: Adding upstream version 4:7.4.7. Signed-off-by: Daniel Baumann --- xmlsecurity/inc/UriBindingHelper.hxx | 51 +++ xmlsecurity/inc/biginteger.hxx | 51 +++ xmlsecurity/inc/bitmaps.hlst | 21 ++ xmlsecurity/inc/certificate.hxx | 43 +++ xmlsecurity/inc/certificatechooser.hxx | 96 +++++ xmlsecurity/inc/certificateviewer.hxx | 158 ++++++++ xmlsecurity/inc/digitalsignaturesdialog.hxx | 126 +++++++ xmlsecurity/inc/documentsignaturehelper.hxx | 104 ++++++ xmlsecurity/inc/documentsignaturemanager.hxx | 135 +++++++ xmlsecurity/inc/framework/saxeventkeeperimpl.hxx | 290 +++++++++++++++ xmlsecurity/inc/framework/securityengine.hxx | 142 +++++++ xmlsecurity/inc/framework/signaturecreatorimpl.hxx | 96 +++++ xmlsecurity/inc/framework/signatureengine.hxx | 116 ++++++ .../inc/framework/signatureverifierimpl.hxx | 88 +++++ .../inc/framework/xmlsignaturetemplateimpl.hxx | 95 +++++ xmlsecurity/inc/gpg/SEInitializer.hxx | 47 +++ xmlsecurity/inc/gpg/xmlsignature_gpgimpl.hxx | 77 ++++ xmlsecurity/inc/macrosecurity.hxx | 126 +++++++ xmlsecurity/inc/pch/precompiled_xmlsecurity.cxx | 12 + xmlsecurity/inc/pch/precompiled_xmlsecurity.hxx | 201 ++++++++++ xmlsecurity/inc/pch/precompiled_xsec_xmlsec.cxx | 12 + xmlsecurity/inc/pch/precompiled_xsec_xmlsec.hxx | 149 ++++++++ xmlsecurity/inc/pdfsignaturehelper.hxx | 73 ++++ xmlsecurity/inc/resourcemanager.hxx | 26 ++ xmlsecurity/inc/strings.hrc | 67 ++++ xmlsecurity/inc/xmlsec-wrapper.h | 47 +++ xmlsecurity/inc/xmlsec/errorcallback.hxx | 30 ++ xmlsecurity/inc/xmlsec/saxhelper.hxx | 85 +++++ .../inc/xmlsec/xmldocumentwrapper_xmlsecimpl.hxx | 208 +++++++++++ xmlsecurity/inc/xmlsec/xmlsec_init.hxx | 17 + xmlsecurity/inc/xmlsec/xmlstreamio.hxx | 39 ++ xmlsecurity/inc/xmlsecuritydllapi.h | 20 + xmlsecurity/inc/xmlsignaturehelper.hxx | 176 +++++++++ xmlsecurity/inc/xsecctl.hxx | 408 +++++++++++++++++++++ xmlsecurity/inc/xsecxmlsecdllapi.h | 20 + 35 files changed, 3452 insertions(+) create mode 100644 xmlsecurity/inc/UriBindingHelper.hxx create mode 100644 xmlsecurity/inc/biginteger.hxx create mode 100644 xmlsecurity/inc/bitmaps.hlst create mode 100644 xmlsecurity/inc/certificate.hxx create mode 100644 xmlsecurity/inc/certificatechooser.hxx create mode 100644 xmlsecurity/inc/certificateviewer.hxx create mode 100644 xmlsecurity/inc/digitalsignaturesdialog.hxx create mode 100644 xmlsecurity/inc/documentsignaturehelper.hxx create mode 100644 xmlsecurity/inc/documentsignaturemanager.hxx create mode 100644 xmlsecurity/inc/framework/saxeventkeeperimpl.hxx create mode 100644 xmlsecurity/inc/framework/securityengine.hxx create mode 100644 xmlsecurity/inc/framework/signaturecreatorimpl.hxx create mode 100644 xmlsecurity/inc/framework/signatureengine.hxx create mode 100644 xmlsecurity/inc/framework/signatureverifierimpl.hxx create mode 100644 xmlsecurity/inc/framework/xmlsignaturetemplateimpl.hxx create mode 100644 xmlsecurity/inc/gpg/SEInitializer.hxx create mode 100644 xmlsecurity/inc/gpg/xmlsignature_gpgimpl.hxx create mode 100644 xmlsecurity/inc/macrosecurity.hxx create mode 100644 xmlsecurity/inc/pch/precompiled_xmlsecurity.cxx create mode 100644 xmlsecurity/inc/pch/precompiled_xmlsecurity.hxx create mode 100644 xmlsecurity/inc/pch/precompiled_xsec_xmlsec.cxx create mode 100644 xmlsecurity/inc/pch/precompiled_xsec_xmlsec.hxx create mode 100644 xmlsecurity/inc/pdfsignaturehelper.hxx create mode 100644 xmlsecurity/inc/resourcemanager.hxx create mode 100644 xmlsecurity/inc/strings.hrc create mode 100644 xmlsecurity/inc/xmlsec-wrapper.h create mode 100644 xmlsecurity/inc/xmlsec/errorcallback.hxx create mode 100644 xmlsecurity/inc/xmlsec/saxhelper.hxx create mode 100644 xmlsecurity/inc/xmlsec/xmldocumentwrapper_xmlsecimpl.hxx create mode 100644 xmlsecurity/inc/xmlsec/xmlsec_init.hxx create mode 100644 xmlsecurity/inc/xmlsec/xmlstreamio.hxx create mode 100644 xmlsecurity/inc/xmlsecuritydllapi.h create mode 100644 xmlsecurity/inc/xmlsignaturehelper.hxx create mode 100644 xmlsecurity/inc/xsecctl.hxx create mode 100644 xmlsecurity/inc/xsecxmlsecdllapi.h (limited to 'xmlsecurity/inc') diff --git a/xmlsecurity/inc/UriBindingHelper.hxx b/xmlsecurity/inc/UriBindingHelper.hxx new file mode 100644 index 000000000..67c9ae69f --- /dev/null +++ b/xmlsecurity/inc/UriBindingHelper.hxx @@ -0,0 +1,51 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include + +#include + +#include + +namespace com::sun::star { + namespace io { class XInputStream; } + namespace embed { class XStorage; } +} + +// XUriBinding + +class UriBindingHelper final : public cppu::WeakImplHelper< css::xml::crypto::XUriBinding > +{ +private: + css::uno::Reference < css::embed::XStorage > mxStorage; + +public: + UriBindingHelper(); + explicit UriBindingHelper( const css::uno::Reference < css::embed::XStorage >& rxStorage ); + + void SAL_CALL setUriBinding( const OUString& uri, const css::uno::Reference< css::io::XInputStream >& aInputStream ) override; + + css::uno::Reference< css::io::XInputStream > SAL_CALL getUriBinding( const OUString& uri ) override; + + static css::uno::Reference < css::io::XInputStream > OpenInputStream( const css::uno::Reference < css::embed::XStorage >& rxStore, const OUString& rURI ); +}; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/biginteger.hxx b/xmlsecurity/inc/biginteger.hxx new file mode 100644 index 000000000..fc99320c7 --- /dev/null +++ b/xmlsecurity/inc/biginteger.hxx @@ -0,0 +1,51 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include + +#include + +#include + +#include + +#include "xsecxmlsecdllapi.h" + +namespace xmlsecurity +{ +XSECXMLSEC_DLLPUBLIC OUString bigIntegerToNumericString(const css::uno::Sequence& serial); +XSECXMLSEC_DLLPUBLIC css::uno::Sequence +numericStringToBigInteger(std::u16string_view serialNumber); + +// DNs read as strings from XML files may need to be mangled for compatibility +// as NSS and MS CryptoAPI have different string serialisations; if the DN is +// from an XCertificate it's "native" already and doesn't need to be mangled. +enum EqualMode +{ + NOCOMPAT, + COMPAT_2ND, + COMPAT_BOTH +}; +XSECXMLSEC_DLLPUBLIC bool EqualDistinguishedNames(std::u16string_view rName1, + std::u16string_view rName2, EqualMode eMode); +} + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/bitmaps.hlst b/xmlsecurity/inc/bitmaps.hlst new file mode 100644 index 000000000..2d4ccd0c4 --- /dev/null +++ b/xmlsecurity/inc/bitmaps.hlst @@ -0,0 +1,21 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#pragma once + +inline constexpr OUStringLiteral BMP_STATE_NOT_VALIDATED = u"xmlecurity/res/notcertificate_40x56.png"; + +#define BMP_CERT_OK "xmlsecurity/res/certificate_16.png" +#define BMP_CERT_NOT_OK "xmlsecurity/res/notcertificate_16.png" + +inline constexpr OUStringLiteral BMP_SIG_VALID = u"xmlsecurity/res/signet_11x16.png"; +inline constexpr OUStringLiteral BMP_SIG_INVALID = u"svx/res/caution_11x16.png"; +inline constexpr OUStringLiteral BMP_SIG_NOT_VALIDATED = u"xmlsecurity/res/notcertificate_16.png"; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s cinkeys+=0=break: */ diff --git a/xmlsecurity/inc/certificate.hxx b/xmlsecurity/inc/certificate.hxx new file mode 100644 index 000000000..bd24bcd72 --- /dev/null +++ b/xmlsecurity/inc/certificate.hxx @@ -0,0 +1,43 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#pragma once + +#include + +#include + +namespace svl +{ +namespace crypto +{ +enum class SignatureMethodAlgorithm; +} +} + +namespace xmlsecurity +{ +/// Extension of css::security::XCertificate for module-internal purposes. +class SAL_NO_VTABLE SAL_DLLPUBLIC_RTTI Certificate +{ +public: + /// Returns the SHA-256 thumbprint. + /// + /// @throws css::uno::RuntimeException + virtual css::uno::Sequence getSHA256Thumbprint() = 0; + + /// Same as getSubjectPublicKeyAlgorithm(), but returns an ID, not a string. + virtual svl::crypto::SignatureMethodAlgorithm getSignatureMethodAlgorithm() = 0; + +protected: + ~Certificate() noexcept = default; +}; +} + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/certificatechooser.hxx b/xmlsecurity/inc/certificatechooser.hxx new file mode 100644 index 000000000..8ad4c3190 --- /dev/null +++ b/xmlsecurity/inc/certificatechooser.hxx @@ -0,0 +1,96 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include +#include +#include + +namespace com::sun::star { + namespace security { class XCertificate; } + namespace xml::crypto { + class XSecurityEnvironment; + } +} + +namespace com::sun::star::xml::crypto { class XXMLSecurityContext; } + +struct UserData +{ + css::uno::Reference xCertificate; + css::uno::Reference xSecurityContext; + css::uno::Reference xSecurityEnvironment; +}; + +enum class UserAction +{ + Sign, + SelectSign, // Select signing certificate + Encrypt +}; + +class CertificateChooser final : public weld::GenericDialogController +{ +private: + std::vector< css::uno::Reference< css::xml::crypto::XXMLSecurityContext > > mxSecurityContexts; + std::vector> mvUserData; + + bool mbInitialized; + UserAction const meAction; + OUString msPreferredKey; + css::uno::Reference mxEncryptToSelf; + + std::unique_ptr m_xFTSign; + std::unique_ptr m_xFTEncrypt; + std::unique_ptr m_xCertLB; + std::unique_ptr m_xViewBtn; + std::unique_ptr m_xOKBtn; + std::unique_ptr m_xFTDescription; + std::unique_ptr m_xDescriptionED; + + DECL_LINK(ViewButtonHdl, weld::Button&, void); + DECL_LINK(CertificateHighlightHdl, weld::TreeView&, void); + DECL_LINK(CertificateSelectHdl, weld::TreeView&, bool); + + void ImplShowCertificateDetails(); + void ImplInitialize(); + + static void HandleOneUsageBit(OUString& string, int& bits, int bit, TranslateId name); + +public: + CertificateChooser(weld::Window* pParent, + std::vector< css::uno::Reference< css::xml::crypto::XXMLSecurityContext > > && rxSecurityContexts, + UserAction eAction); + virtual ~CertificateChooser() override; + + short run() override; + + css::uno::Sequence > GetSelectedCertificates(); + css::uno::Reference< css::xml::crypto::XXMLSecurityContext > GetSelectedSecurityContext() const; + /// Gets the description string provided when selecting the certificate. + OUString GetDescription() const; + + /// Returns the usage string of the selected certificate, if any. + OUString GetUsageText(); + + static OUString UsageInClearText(int bits); +}; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/certificateviewer.hxx b/xmlsecurity/inc/certificateviewer.hxx new file mode 100644 index 000000000..ea47c4102 --- /dev/null +++ b/xmlsecurity/inc/certificateviewer.hxx @@ -0,0 +1,158 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include + +namespace com::sun::star { + namespace security { class XCertificate; } + namespace xml::crypto { class XSecurityEnvironment; } +} + +class CertificateViewerGeneralTP; +class CertificateViewerDetailsTP; +class CertificateViewerCertPathTP; +class CertificateChooser; + +class CertificateViewer final : public weld::GenericDialogController +{ +private: + friend class CertificateViewerGeneralTP; + friend class CertificateViewerDetailsTP; + friend class CertificateViewerCertPathTP; + + bool const mbCheckForPrivateKey; + + css::uno::Reference< css::xml::crypto::XSecurityEnvironment > mxSecurityEnvironment; + css::uno::Reference< css::security::XCertificate > mxCert; + + CertificateChooser* mpParentChooser; + + std::unique_ptr mxTabCtrl; + + std::unique_ptr mxGeneralPage; + std::unique_ptr mxDetailsPage; + std::unique_ptr mxPathId; + + DECL_LINK(ActivatePageHdl, const OString&, void); + +public: + CertificateViewer(weld::Window* pParent, const css::uno::Reference< css::xml::crypto::XSecurityEnvironment >& rxSecurityEnvironment, const css::uno::Reference< css::security::XCertificate >& rXCert, bool bCheckForPrivateKey, CertificateChooser* pParentChooser); + CertificateChooser* GetParentChooser() { return mpParentChooser; } +}; + +class CertificateViewerTP +{ +protected: + std::unique_ptr mxBuilder; + std::unique_ptr mxContainer; + CertificateViewer* mpDlg; + +public: + CertificateViewerTP(weld::Container* pParent, const OUString& rUIXMLDescription, + const OString& rID, CertificateViewer* pDlg); +}; + +class CertificateViewerGeneralTP : public CertificateViewerTP +{ +private: + std::unique_ptr m_xCertImg; + std::unique_ptr m_xHintNotTrustedFT; + std::unique_ptr m_xIssuedToLabelFT; + std::unique_ptr m_xIssuedToFT; + std::unique_ptr m_xIssuedByLabelFT; + std::unique_ptr m_xIssuedByFT; + std::unique_ptr m_xValidFromDateFT; + std::unique_ptr m_xValidToDateFT; + std::unique_ptr m_xKeyImg; + std::unique_ptr m_xHintCorrespPrivKeyFT; + +public: + CertificateViewerGeneralTP(weld::Container* pParent, CertificateViewer* pDlg); +}; + +struct Details_UserDatat +{ + OUString const maTxt; + bool const mbFixedWidthFont; + + Details_UserDatat(const OUString& rTxt, bool bFixedWidthFont) + : maTxt(rTxt) + , mbFixedWidthFont(bFixedWidthFont) + { + } +}; + +class CertificateViewerDetailsTP : public CertificateViewerTP +{ +private: + std::vector> m_aUserData; + + std::unique_ptr m_xElementsLB; + std::unique_ptr m_xValueDetails; + + DECL_LINK(ElementSelectHdl, weld::TreeView&, void); + void InsertElement(const OUString& rField, const OUString& rValue, + const OUString& rDetails, bool bFixedWidthFont = false); +public: + CertificateViewerDetailsTP(weld::Container* pParent, CertificateViewer* pDlg); +}; + +struct CertPath_UserData +{ + css::uno::Reference< css::security::XCertificate > mxCert; + bool const mbValid; + + CertPath_UserData(css::uno::Reference const & xCert, bool bValid) + : mxCert(xCert) + , mbValid(bValid) + { + } +}; + +class CertificateViewerCertPathTP : public CertificateViewerTP +{ +private: + CertificateViewer* mpParent; + bool mbFirstActivateDone; + + std::vector> maUserData; + std::shared_ptr mxCertificateViewer; + + std::unique_ptr mxCertPathLB; + std::unique_ptr mxScratchIter; + std::unique_ptr mxViewCertPB; + std::unique_ptr mxCertStatusML; + std::unique_ptr mxCertOK; + std::unique_ptr mxCertNotValidated; + + DECL_LINK(ViewCertHdl, weld::Button&, void); + DECL_LINK(CertSelectHdl, weld::TreeView&, void); + void InsertCert(const weld::TreeIter* pParent, const OUString& _rName, + const css::uno::Reference< css::security::XCertificate >& rxCert, + bool bValid); + +public: + CertificateViewerCertPathTP(weld::Container* pParent, CertificateViewer* pDlg); + ~CertificateViewerCertPathTP(); + void ActivatePage(); +}; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/digitalsignaturesdialog.hxx b/xmlsecurity/inc/digitalsignaturesdialog.hxx new file mode 100644 index 000000000..28ed32ccb --- /dev/null +++ b/xmlsecurity/inc/digitalsignaturesdialog.hxx @@ -0,0 +1,126 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include +#include + +#include "documentsignaturehelper.hxx" +#include "xmlsignaturehelper.hxx" +#include "documentsignaturemanager.hxx" + +#include + +namespace com::sun::star { + namespace lang { class XMultiServiceFactory; } + namespace io { class XStream; } + namespace embed { class XStorage; } + namespace xml::dom { class XDocumentBuilder; } +} + + +class HeaderBar; +class CertificateViewer; + +class DigitalSignaturesDialog final : public weld::GenericDialogController +{ +private: + DocumentSignatureManager maSignatureManager; + bool mbVerifySignatures; + bool mbSignaturesChanged; + + OUString const m_sODFVersion; + //Signals if the document contains already a document signature. This is only + //important when we are signing macros and if the value is true. + bool const m_bHasDocumentSignature; + bool m_bWarningShowSignMacro; + + bool m_bAdESCompliant; + + std::unique_ptr m_xHintDocFT; + std::unique_ptr m_xHintBasicFT; + std::unique_ptr m_xHintPackageFT; + std::unique_ptr m_xSignaturesLB; + std::unique_ptr m_xSigsValidImg; + std::unique_ptr m_xSigsValidFI; + std::unique_ptr m_xSigsInvalidImg; + std::unique_ptr m_xSigsInvalidFI; + std::unique_ptr m_xSigsNotvalidatedImg; + std::unique_ptr m_xSigsNotvalidatedFI; + std::unique_ptr m_xSigsOldSignatureImg; + std::unique_ptr m_xSigsOldSignatureFI; + std::unique_ptr m_xAdESCompliantCB; + std::unique_ptr m_xViewBtn; + std::unique_ptr m_xAddBtn; + std::unique_ptr m_xRemoveBtn; + std::unique_ptr m_xStartCertMgrBtn; + std::unique_ptr m_xCloseBtn; + + std::shared_ptr m_xViewer; + std::shared_ptr m_xInfoBox; + + DECL_LINK(AdESCompliantCheckBoxHdl, weld::Toggleable&, void); + DECL_LINK(ViewButtonHdl, weld::Button&, void); + DECL_LINK(AddButtonHdl, weld::Button&, void); + DECL_LINK(RemoveButtonHdl, weld::Button&, void); + DECL_LINK(SignatureHighlightHdl, weld::TreeView&, void); + DECL_LINK(SignatureSelectHdl, weld::TreeView&, bool); + DECL_LINK(StartVerifySignatureHdl, LinkParamNone*, bool); + DECL_LINK(OKButtonHdl, weld::Button&, void); + DECL_LINK(CertMgrButtonHdl, weld::Button&, void); + + void ImplGetSignatureInformations(bool bUseTempStream, bool bCacheLastSignature); + void ImplFillSignaturesBox(); + void ImplShowSignaturesDetails(); + + css::uno::Reference getCertificate(const SignatureInformation& rInfo); + css::uno::Reference getSecurityEnvironmentForCertificate( + const css::uno::Reference& xCert); + + //Checks if adding is allowed. + //See the spec at specs/www/appwide/security/Electronic_Signatures_and_Security.sxw + //(6.6.2)Behaviour with regard to ODF 1.2 + bool canAdd(); + bool canRemove(); + + bool canAddRemove(); + +public: + DigitalSignaturesDialog(weld::Window* pParent, const css::uno::Reference< + css::uno::XComponentContext >& rxCtx, DocumentSignatureMode eMode, + bool bReadOnly, const OUString& sODFVersion, bool bHasDocumentSignature); + virtual ~DigitalSignaturesDialog() override; + + // Initialize the dialog and the security environment, returns TRUE on success + bool Init(); + + // Set the storage which should be signed or verified + void SetStorage( const css::uno::Reference < css::embed::XStorage >& rxStore ); + void SetSignatureStream( const css::uno::Reference < css::io::XStream >& rxStream ); + + // Execute the dialog... + void beforeRun(); + short run() override; + + // Did signatures change? + bool SignaturesChanged() const { return mbSignaturesChanged; } +}; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/documentsignaturehelper.hxx b/xmlsecurity/inc/documentsignaturehelper.hxx new file mode 100644 index 000000000..b18ccf103 --- /dev/null +++ b/xmlsecurity/inc/documentsignaturehelper.hxx @@ -0,0 +1,104 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include +#include +#include + +#include + +namespace com::sun::star { + namespace io { class XStream; } + namespace embed { class XStorage; } +} + +namespace com::sun::star::xml::sax { class XDocumentHandler; } + +enum class DocumentSignatureMode +{ + Content, + Macros, + Package +}; + +enum class DocumentSignatureAlgorithm +{ + OOo2, + OOo3_0, + OOo3_2 +}; + +struct SignatureStreamHelper +{ + css::uno::Reference < css::embed::XStorage > xSignatureStorage; + css::uno::Reference < css::io::XStream > xSignatureStream; + /// If this is embed::StorageFormats::OFOPXML, then it's expected that xSignatureStream is an empty reference. + sal_Int32 nStorageFormat; + + SignatureStreamHelper() + : nStorageFormat(0) + { + } +}; + +namespace DocumentSignatureHelper +{ + SignatureStreamHelper OpenSignatureStream( + const css::uno::Reference < css::embed::XStorage >& rxStore, sal_Int32 nOpenMode, + DocumentSignatureMode eDocSigMode ); + + std::vector< OUString > CreateElementList( + const css::uno::Reference < css::embed::XStorage >& rxStore, + DocumentSignatureMode eMode, + const DocumentSignatureAlgorithm mode); + + bool isODFPre_1_2(const OUString & sODFVersion); + bool isOOo3_2_Signature(const SignatureInformation & sigInfo); + + DocumentSignatureAlgorithm getDocumentAlgorithm( + const OUString & sODFVersion, const SignatureInformation & sigInfo); + + bool CanSignWithGPG(const css::uno::Reference < css::embed::XStorage >& rxStore, + const OUString& sOdfVersion); + + bool checkIfAllFilesAreSigned( const ::std::vector< OUString > & sElementList, + const SignatureInformation & sigInfo, const DocumentSignatureAlgorithm alg); + + bool equalsReferenceUriManifestPath( + std::u16string_view rUri, std::u16string_view rPath); + + OUString GetDocumentContentSignatureDefaultStreamName(); + OUString GetScriptingContentSignatureDefaultStreamName(); + OUString GetPackageSignatureDefaultStreamName(); + + /// In case the storage is OOXML, prepend a leading '/' and append content type to the element URIs. + void AppendContentTypes(const css::uno::Reference& xStorage, std::vector& rElements); + + void writeDigestMethod( + const css::uno::Reference& xDocumentHandler); + void writeSignedProperties( + const css::uno::Reference& xDocumentHandler, + const SignatureInformation& signatureInfo, + const OUString& sDate, + const bool bWriteSignatureLineData); +}; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/documentsignaturemanager.hxx b/xmlsecurity/inc/documentsignaturemanager.hxx new file mode 100644 index 000000000..06dd200de --- /dev/null +++ b/xmlsecurity/inc/documentsignaturemanager.hxx @@ -0,0 +1,135 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include "xmlsecuritydllapi.h" + +#include + +#include +#include "xmlsignaturehelper.hxx" +#include "documentsignaturehelper.hxx" + +#include + +namespace com::sun::star +{ +namespace beans +{ +struct PropertyValue; +} +namespace embed +{ +class XStorage; +} +namespace frame +{ +class XModel; +} +namespace graphic +{ +class XGraphic; +} +namespace uno +{ +class XComponentContext; +} +} +class PDFSignatureHelper; + +/// Manages signatures (addition, removal), used by DigitalSignaturesDialog. +class XMLSECURITY_DLLPUBLIC DocumentSignatureManager +{ +private: + css::uno::Reference mxContext; + css::uno::Reference mxStore; + XMLSignatureHelper maSignatureHelper; + std::unique_ptr mpPDFSignatureHelper; + SignatureInformations maCurrentSignatureInformations; + DocumentSignatureMode const meSignatureMode; + css::uno::Sequence> m_manifest; + css::uno::Reference mxSignatureStream; + css::uno::Reference mxModel; + css::uno::Reference mxTempSignatureStream; + /// Storage containing all OOXML signatures, unused for ODF. + css::uno::Reference mxTempSignatureStorage; + css::uno::Reference mxSEInitializer; + css::uno::Reference mxSecurityContext; + css::uno::Reference mxGpgSEInitializer; + css::uno::Reference mxGpgSecurityContext; + +public: + DocumentSignatureManager(const css::uno::Reference& xContext, + DocumentSignatureMode eMode); + ~DocumentSignatureManager(); + + /** + * Checks if a particular stream is a valid xml stream. Those are treated + * differently when they are signed (c14n transformation) + */ + bool isXML(std::u16string_view rURI); + bool readManifest(); + + SignatureStreamHelper ImplOpenSignatureStream(sal_Int32 nStreamOpenMode, bool bTempStream); + /// Add a new signature, using xCert as a signing certificate, and rDescription as description. + bool add(const css::uno::Reference& xCert, + const css::uno::Reference& xSecurityContext, + const OUString& rDescription, sal_Int32& nSecurityId, bool bAdESCompliant, + const OUString& rSignatureLineId = OUString(), + const css::uno::Reference& xValidGraphic + = css::uno::Reference(), + const css::uno::Reference& xInvalidGraphic + = css::uno::Reference()); + /// Remove signature at nPosition. + void remove(sal_uInt16 nPosition); + /// Read signatures from either a temp stream or the real storage. + void read(bool bUseTempStream, bool bCacheLastSignature = true); + /// Write signatures back to the persistent storage. + void write(bool bXAdESCompliantIfODF); + /// Lazy creation of PDF helper. + PDFSignatureHelper& getPDFSignatureHelper(); +#if 0 + // Checks if the document is a kind where it is relevant to distinguish between using XAdES or not + bool IsXAdESRelevant(); +#endif + /// Attempts to initialize the platform-specific crypto. + bool init(); + /// Get the security environment. + css::uno::Reference getSecurityEnvironment(); + css::uno::Reference getGpgSecurityEnvironment(); + css::uno::Reference const& getSecurityContext() const; + css::uno::Reference const& getGpgSecurityContext() const; + void setStore(const css::uno::Reference& xStore) { mxStore = xStore; } + XMLSignatureHelper& getSignatureHelper() { return maSignatureHelper; } + bool hasPDFSignatureHelper() const { return bool(mpPDFSignatureHelper); } + void setSignatureStream(const css::uno::Reference& xSignatureStream) + { + mxSignatureStream = xSignatureStream; + } + void setModel(const css::uno::Reference& xModel); + const css::uno::Reference& getStore() const { return mxStore; } + DocumentSignatureMode getSignatureMode() const { return meSignatureMode; } + SignatureInformations& getCurrentSignatureInformations() + { + return maCurrentSignatureInformations; + } +}; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/framework/saxeventkeeperimpl.hxx b/xmlsecurity/inc/framework/saxeventkeeperimpl.hxx new file mode 100644 index 000000000..161b9a936 --- /dev/null +++ b/xmlsecurity/inc/framework/saxeventkeeperimpl.hxx @@ -0,0 +1,290 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +class BufferNode; +class ElementMark; +class ElementCollector; +namespace com::sun::star::xml::crypto::sax { class XSAXEventKeeperStatusChangeListener; } +namespace com::sun::star::xml::csax { class XCompressedDocumentHandler; } +namespace com::sun::star::xml::wrapper { class XXMLDocumentWrapper; } + + +class SAXEventKeeperImpl final : public cppu::WeakImplHelper +< + css::xml::crypto::sax::XSecuritySAXEventKeeper, + css::xml::crypto::sax::XReferenceResolvedBroadcaster, + css::xml::crypto::sax::XSAXEventKeeperStatusChangeBroadcaster, + css::xml::sax::XDocumentHandler, + css::lang::XInitialization, + css::lang::XServiceInfo +> +/****** SAXEventKeeperImpl.hxx/CLASS SAXEventKeeperImpl *********************** + * + * NAME + * SAXEventKeeperImpl -- SAX events buffer controller + * + * FUNCTION + * Controls SAX events to be buffered, and controls buffered SAX events + * to be released. + ******************************************************************************/ +{ +private: + /* + * the XMLDocumentWrapper component which maintains all buffered SAX + * in DOM format. + */ + css::uno::Reference< css::xml::wrapper::XXMLDocumentWrapper > + m_xXMLDocument; + + /* + * the document handler provided by the XMLDocumentWrapper component. + */ + css::uno::Reference< css::xml::sax::XDocumentHandler > m_xDocumentHandler; + + /* + * the compressed document handler provided by the XMLDocumentWrapper + * component, the handler has more efficient method definition that the + * normal document handler. + */ + css::uno::Reference< css::xml::csax::XCompressedDocumentHandler > + m_xCompressedDocumentHandler; + + /* + * a listener which receives this SAXEventKeeper's status change + * notification. + * Based on the status changes, the listener can decide whether the + * SAXEventKeeper should chain on/chain off the SAX chain, or whether + * the SAXEventKeeper is useless any long. + */ + css::uno::Reference< css::xml::crypto::sax::XSAXEventKeeperStatusChangeListener > + m_xSAXEventKeeperStatusChangeListener; + + /* + * the root node of the BufferNode tree. + * the BufferNode tree is used to keep track of all buffered elements, + * it has the same structure with the document which maintains those + * elements physically. + */ + std::unique_ptr m_pRootBufferNode; + + /* + * the current active BufferNode. + * this is used to keep track the current location in the BufferNode tree, + * the next generated BufferNode will become a child BufferNode of it. + */ + BufferNode* m_pCurrentBufferNode; + + /* + * the next Id for a coming ElementMark. + * the variable is increased by 1 when a new ElementMark is generated, + * in this way, we can promise the Id of any ElementMark is unique. + */ + sal_Int32 m_nNextElementMarkId; + + /* + * maintains a collection of all ElementMarks. + */ + std::vector> m_vElementMarkBuffers; + + /* + * maintains a list of new ElementCollectors that will be created + * on the element represented by the next incoming startElement SAX + * event. + * The reason that such the m_vNewElementCollectors is necessary + * is: when an ElementCollector is asked to create, it can't be + * created completely at once, because the BufferNode it will be + * working on has not been created until the next startElement + * SAX event comes. + */ + std::vector< const ElementCollector* > m_vNewElementCollectors; + + /* + * maintains the new Blocker that will be created + * on the element represented by the next incoming startElement SAX + * event. + */ + ElementMark* m_pNewBlocker; + + /* + * the document handler to which all received SAX events will be + * forwarded. + */ + css::uno::Reference< css::xml::sax::XDocumentHandler > m_xNextHandler; + + /* + * the current BufferNode which prevents the SAX events to be + * forwarded to the m_xNextHandler. + */ + BufferNode* m_pCurrentBlockingBufferNode; + + /* + * maintains a list of ElementMark that has been asked to release. + * Because during processing a request of releasing an ElementMark, + * another releasing ElementMark request can be invoked. To avoid + * reentering the same method, a such request only add that ElementMark + * into this ElementMark list, then all ElementMarks will be processed in + * order. + */ + std::vector< sal_Int32 > m_vReleasedElementMarkBuffers; + + /* + * a flag to indicate whether the ElementMark releasing process is running. + * When a releasing request comes, the assigned ElementMark is added to + * the m_vReleasedElementMarkBuffers first, then this flag is checked. + * If the ElementMark releasing process is not running, then call that + * method. + */ + bool m_bIsReleasing; + + /* + * a flag to indicate whether it is the "Forwarding" mode now. + * A "Forwarding" mode means that all received SAX events are from the + * XMLDocumentWrapper component, instead of up-stream component in the + * SAX chain. + * The difference between "Forwarding" mode and normal mode is that: + * no SAX events need to be transferred to the XMLDocumentWrapper component + * again even if a buffer request happens. + */ + bool m_bIsForwarding; + + void setCurrentBufferNode(BufferNode* pBufferNode); + + BufferNode* addNewElementMarkBuffers(); + + ElementMark* findElementMarkBuffer(sal_Int32 nId) const; + + void removeElementMarkBuffer(sal_Int32 nId); + + OUString printBufferNode( + BufferNode const * pBufferNode, sal_Int32 nIndent) const; + + static css::uno::Sequence< css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > > + collectChildWorkingElement(BufferNode const * pBufferNode); + + void smashBufferNode( + BufferNode* pBufferNode, bool bClearRoot) const; + + static BufferNode* findNextBlockingBufferNode( + BufferNode* pStartBufferNode); + + static void diffuse(BufferNode* pBufferNode); + + void releaseElementMarkBuffer(); + + void markElementMarkBuffer(sal_Int32 nId); + + sal_Int32 createElementCollector( + css::xml::crypto::sax::ElementMarkPriority nPriority, + bool bModifyElement, + const css::uno::Reference< css::xml::crypto::sax::XReferenceResolvedListener>& xReferenceResolvedListener); + + sal_Int32 createBlocker(); + +public: + SAXEventKeeperImpl(); + virtual ~SAXEventKeeperImpl() override; + + SAXEventKeeperImpl(const SAXEventKeeperImpl&) = delete; + SAXEventKeeperImpl& operator=(const SAXEventKeeperImpl&) = delete; + + /* XSAXEventKeeper */ + virtual sal_Int32 SAL_CALL addElementCollector( ) override; + virtual void SAL_CALL removeElementCollector( sal_Int32 id ) override; + virtual sal_Int32 SAL_CALL addBlocker( ) override; + virtual void SAL_CALL removeBlocker( sal_Int32 id ) override; + virtual sal_Bool SAL_CALL isBlocking( ) override; + virtual css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > SAL_CALL + getElement( sal_Int32 id ) override; + virtual void SAL_CALL setElement( + sal_Int32 id, + const css::uno::Reference< css::xml::wrapper::XXMLElementWrapper >& aElement ) override; + virtual css::uno::Reference< + css::xml::sax::XDocumentHandler > SAL_CALL + setNextHandler( const css::uno::Reference< + css::xml::sax::XDocumentHandler >& xNewHandler ) override; + virtual OUString SAL_CALL printBufferNodeTree() override; + virtual css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > SAL_CALL + getCurrentBlockingNode() override; + + /* XSecuritySAXEventKeeper */ + virtual sal_Int32 SAL_CALL addSecurityElementCollector( + css::xml::crypto::sax::ElementMarkPriority priority, + sal_Bool modifyElement ) override; + virtual void SAL_CALL setSecurityId( sal_Int32 id, sal_Int32 securityId ) override; + + /* XReferenceResolvedBroadcaster */ + virtual void SAL_CALL addReferenceResolvedListener( + sal_Int32 referenceId, + const css::uno::Reference< css::xml::crypto::sax::XReferenceResolvedListener >& listener ) override; + virtual void SAL_CALL removeReferenceResolvedListener( + sal_Int32 referenceId, + const css::uno::Reference< css::xml::crypto::sax::XReferenceResolvedListener >& listener ) override; + + /* XSAXEventKeeperStatusChangeBroadcaster */ + virtual void SAL_CALL addSAXEventKeeperStatusChangeListener( + const css::uno::Reference< css::xml::crypto::sax::XSAXEventKeeperStatusChangeListener >& listener ) override; + virtual void SAL_CALL removeSAXEventKeeperStatusChangeListener( + const css::uno::Reference< css::xml::crypto::sax::XSAXEventKeeperStatusChangeListener >& listener ) override; + + /* XDocumentHandler */ + virtual void SAL_CALL startDocument( ) override; + virtual void SAL_CALL endDocument( ) override; + virtual void SAL_CALL startElement( + const OUString& aName, + const css::uno::Reference< css::xml::sax::XAttributeList >& + xAttribs ) override; + virtual void SAL_CALL endElement( const OUString& aName ) override; + virtual void SAL_CALL characters( const OUString& aChars ) override; + virtual void SAL_CALL ignorableWhitespace( const OUString& aWhitespaces ) override; + virtual void SAL_CALL processingInstruction( + const OUString& aTarget, const OUString& aData ) override; + virtual void SAL_CALL setDocumentLocator( + const css::uno::Reference< css::xml::sax::XLocator >& xLocator ) override; + + /* XInitialization */ + virtual void SAL_CALL initialize( + const css::uno::Sequence< css::uno::Any >& aArguments ) override; + + /* XServiceInfo */ + virtual OUString SAL_CALL getImplementationName( ) override; + virtual sal_Bool SAL_CALL supportsService( const OUString& ServiceName ) override; + virtual css::uno::Sequence< OUString > SAL_CALL getSupportedServiceNames( ) override; +}; + +/// @throws css::uno::RuntimeException +OUString SAXEventKeeperImpl_getImplementationName(); + +/// @throws css::uno::RuntimeException +css::uno::Sequence< OUString > SAXEventKeeperImpl_getSupportedServiceNames( ); + + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/framework/securityengine.hxx b/xmlsecurity/inc/framework/securityengine.hxx new file mode 100644 index 000000000..bebf07306 --- /dev/null +++ b/xmlsecurity/inc/framework/securityengine.hxx @@ -0,0 +1,142 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include +#include +#include +#include +#include +#include + +#include + +#include + +class SAL_DLLPUBLIC_RTTI SecurityEngine : public cppu::WeakImplHelper +< + css::xml::crypto::sax::XReferenceResolvedListener, + css::xml::crypto::sax::XKeyCollector, + css::xml::crypto::sax::XMissionTaker +> +/****** securityengine.hxx/CLASS SecurityEngine ******************************* + * + * NAME + * SecurityEngine -- Base class of SignatureEngine and EncryptionEngine + * + * FUNCTION + * Maintains common members and methods related with security engine + * operation. + ******************************************************************************/ +{ +protected: + + /* + * A SAXEventKeeper internally maintains all resources that a security + * operation needs. The m_xSAXEventKeeper member is used to release + * those resources when the security operation finishes. + */ + css::uno::Reference< css::xml::crypto::sax::XSAXEventKeeper > m_xSAXEventKeeper; + + /* + * the id of ElementCollector of the template element. + * For a signature, the template element is the Signature element, + * for an encryption, the EncryptedData/EncryptedKey element is. + */ + sal_Int32 m_nIdOfTemplateEC; + + /* + * remembers how many referenced elements have been buffered completely, + * including the key element, template element, and referenced element of + * signature. + */ + sal_Int32 m_nNumOfResolvedReferences; + + /* + * the id of ElementCollector of the key element. + * If a Signature element or EncryptedData/EncryptedKey element has + * an internal key sub-element, then this member should be -1 + */ + sal_Int32 m_nIdOfKeyEC; + + /* + * remembers whether the current operation has finished. + */ + bool m_bMissionDone; + + /* + * the Id of the security entity, a signature or encryption, which is used for + * the result listener to identify the entity. + */ + sal_Int32 m_nSecurityId; + + /* + * the status of the operation + */ + css::xml::crypto::SecurityOperationStatus m_nStatus; + + /* + * the result listener, which will receives the security operation result. + */ + css::uno::Reference< css::uno::XInterface > m_xResultListener; + +protected: + explicit SecurityEngine(); + virtual ~SecurityEngine() override {}; + + /* + * perform the security operation. + * Any derived class will implement this method respectively. + */ + /// @throws css::uno::Exception + /// @throws css::uno::RuntimeException + virtual void tryToPerform( ){}; + + /* + * clear up all resources used by this operation. + * This method is called after the operation finishes, or a End-Your-Mission + * message is received. + * Any derived class will implement this method respectively. + */ + virtual void clearUp( ) const {}; + + /* + * notifies any possible result listener. + * When verify a signature or conduct a decryption, the operation result will + * be transferred to a listener by this method. + * Any derived class will implement this method respectively. + */ + /// @throws css::uno::Exception + /// @throws css::uno::RuntimeException + virtual void notifyResultListener() const + {}; + +public: + /* XReferenceResolvedListener */ + virtual void SAL_CALL referenceResolved( sal_Int32 referenceId ) override; + + /* XKeyCollector */ + virtual void SAL_CALL setKeyId( sal_Int32 id ) override; + + /* XMissionTaker */ + virtual sal_Bool SAL_CALL endMission( ) override; +}; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/framework/signaturecreatorimpl.hxx b/xmlsecurity/inc/framework/signaturecreatorimpl.hxx new file mode 100644 index 000000000..d0fc1dc33 --- /dev/null +++ b/xmlsecurity/inc/framework/signaturecreatorimpl.hxx @@ -0,0 +1,96 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include +#include +#include +#include +#include + +#include + +namespace com::sun::star::xml::crypto { class XSecurityEnvironment; } +namespace com::sun::star::xml::crypto::sax { class XSignatureCreationResultListener;} + +typedef cppu::ImplInheritanceHelper +< + SignatureEngine, + css::xml::crypto::sax::XBlockerMonitor, + css::xml::crypto::sax::XSignatureCreationResultBroadcaster, + css::lang::XInitialization, + css::lang::XServiceInfo +> SignatureCreatorImpl_Base; + +class SignatureCreatorImpl final : public SignatureCreatorImpl_Base +/****** SignatureCreatorImpl.hxx/CLASS SignatureCreatorImpl ******************* + * + * NAME + * SignatureCreatorImpl -- generates a signature + * + * FUNCTION + * Collects all resources for a signature generation, then generates the + * signature by invoking a xmlsec-based signature bridge component. + ******************************************************************************/ +{ +private: + /* + * the Id of template blocker. + */ + sal_Int32 m_nIdOfBlocker; + + css::uno::Reference< css::xml::crypto::XSecurityEnvironment > m_xSecurityEnvironment; + + virtual void notifyResultListener() const override; + virtual void clearUp( ) const override; + virtual void startEngine( const rtl::Reference& xSignatureTemplate) override; + +public: + explicit SignatureCreatorImpl(); + virtual ~SignatureCreatorImpl() override; + + /* XBlockerMonitor */ + virtual void SAL_CALL setBlockerId( sal_Int32 id ) override; + + /* XSignatureCreationResultBroadcaster */ + void SAL_CALL addSignatureCreationResultListener( + const css::uno::Reference< css::xml::crypto::sax::XSignatureCreationResultListener >& listener ) override; + + void SAL_CALL removeSignatureCreationResultListener( + const css::uno::Reference< css::xml::crypto::sax::XSignatureCreationResultListener >& listener ) override; + + /* XInitialization */ + virtual void SAL_CALL initialize( + const css::uno::Sequence< css::uno::Any >& aArguments ) override; + + /* XServiceInfo */ + virtual OUString SAL_CALL getImplementationName( ) override; + virtual sal_Bool SAL_CALL supportsService( const OUString& ServiceName ) override; + virtual css::uno::Sequence< OUString > SAL_CALL getSupportedServiceNames( ) override; +}; + +/// @throws css::uno::RuntimeException +OUString SignatureCreatorImpl_getImplementationName(); + +/// @throws css::uno::RuntimeException +css::uno::Sequence< OUString > SignatureCreatorImpl_getSupportedServiceNames( ); + + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/framework/signatureengine.hxx b/xmlsecurity/inc/framework/signatureengine.hxx new file mode 100644 index 000000000..6446c2f36 --- /dev/null +++ b/xmlsecurity/inc/framework/signatureengine.hxx @@ -0,0 +1,116 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include +#include +#include +#include +#include + +#include + +#include +#include + +#include + +namespace com::sun::star::io { class XInputStream; } +namespace com::sun::star::xml::crypto { class XXMLSignature; } +namespace rtl { template class Reference; } + +class XMLSignatureTemplateImpl; + +class SignatureEngine : public cppu::ImplInheritanceHelper +< + SecurityEngine, + css::xml::crypto::sax::XReferenceCollector, + css::xml::crypto::XUriBinding +> +/****** signatureengine.hxx/CLASS SignatureEngine ***************************** + * + * NAME + * SignatureEngine -- Base class of SignatureCreator and SignatureVerifier + * + * FUNCTION + * Maintains common members and methods related with signature operation. + ******************************************************************************/ +{ +protected: + + /* + * the Signature bridge component, which performs signature generation + * and verification based on xmlsec library. + */ + css::uno::Reference< css::xml::crypto::XXMLSignature > m_xXMLSignature; + + /* + * a collection of ElementCollector's ids. Each ElementCollector + * represents one element signed by this signature. + */ + std::vector< sal_Int32 > m_vReferenceIds; + + /* + * remembers how many references this signature has. + */ + sal_Int32 m_nTotalReferenceNumber; + + /* + * a collection of Uri binding. + * + * the m_vUris is used to hold the Uri strings, and the m_vXInputStreams is used + * to hold corresponding bound XInputStream interface. + */ + std::vector< OUString > m_vUris; + std::vector< css::uno::Reference< css::io::XInputStream > > m_vXInputStreams; + +protected: + explicit SignatureEngine(); + virtual ~SignatureEngine() override {}; + + virtual void tryToPerform( ) override; + virtual void clearUp( ) const override; + bool checkReady() const; + + /* + * starts the main function. This method will be implemented by any sub-class. + * For a SignatureCreator, it performs signing operation; + * for a SignatureVerifier, verification operation is performed. + */ + /// @throws css::uno::Exception + /// @throws css::uno::RuntimeException + virtual void startEngine( const rtl::Reference&) + {}; + +public: + /* XReferenceCollector */ + virtual void SAL_CALL setReferenceCount( sal_Int32 count ) override; + + virtual void SAL_CALL setReferenceId( sal_Int32 id ) override; + + /* XUriBinding */ + virtual void SAL_CALL setUriBinding( + const OUString& uri, + const css::uno::Reference< css::io::XInputStream >& aInputStream ) override; + virtual css::uno::Reference< css::io::XInputStream > + SAL_CALL getUriBinding( const OUString& uri ) override; +}; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/framework/signatureverifierimpl.hxx b/xmlsecurity/inc/framework/signatureverifierimpl.hxx new file mode 100644 index 000000000..15c79643e --- /dev/null +++ b/xmlsecurity/inc/framework/signatureverifierimpl.hxx @@ -0,0 +1,88 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include +#include +#include +#include + +#include +#include + +namespace com::sun::star::xml::crypto::sax { class XSignatureVerifyResultListener; } +namespace com::sun::star::xml::crypto { class XXMLSecurityContext; } + +typedef cppu::ImplInheritanceHelper +< + SignatureEngine, + css::xml::crypto::sax::XSignatureVerifyResultBroadcaster, + css::lang::XInitialization, + css::lang::XServiceInfo +> SignatureVerifierImpl_Base; + +class SignatureVerifierImpl final : public SignatureVerifierImpl_Base +/****** SignatureVerifier.hxx/CLASS SignatureVerifierImpl ********************* + * + * NAME + * SignatureVerifierImpl -- verifies a signature + * + * FUNCTION + * Collects all resources for a signature verification, then verifies the + * signature by invoking a xmlsec-based signature bridge component. + ******************************************************************************/ +{ +private: + css::uno::Reference< css::xml::crypto::XXMLSecurityContext > m_xXMLSecurityContext; + + virtual void notifyResultListener() const override; + virtual void startEngine( const rtl::Reference& xSignatureTemplate) override; + +public: + explicit SignatureVerifierImpl(); + virtual ~SignatureVerifierImpl() override; + + /* XSignatureVerifyResultBroadcaster */ + virtual void SAL_CALL addSignatureVerifyResultListener( + const css::uno::Reference< css::xml::crypto::sax::XSignatureVerifyResultListener >& listener ) override; + virtual void SAL_CALL removeSignatureVerifyResultListener( + const css::uno::Reference< css::xml::crypto::sax::XSignatureVerifyResultListener >& listener ) override; + + /* XInitialization */ + virtual void SAL_CALL initialize( + const css::uno::Sequence< css::uno::Any >& aArguments ) override; + + /* XServiceInfo */ + virtual OUString SAL_CALL getImplementationName( ) override; + virtual sal_Bool SAL_CALL supportsService( const OUString& ServiceName ) override; + virtual css::uno::Sequence< OUString > SAL_CALL getSupportedServiceNames( ) override; + + void updateSignature( const css::uno::Reference< css::xml::crypto::XXMLSignature >& xSignature, + const css::uno::Reference< css::xml::crypto::XXMLSecurityContext >& xContext ) { m_xXMLSignature = xSignature; m_xXMLSecurityContext = xContext; } +}; + +/// @throws css::uno::RuntimeException +OUString SignatureVerifierImpl_getImplementationName(); + +/// @throws css::uno::RuntimeException +css::uno::Sequence< OUString > SignatureVerifierImpl_getSupportedServiceNames( ); + + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/framework/xmlsignaturetemplateimpl.hxx b/xmlsecurity/inc/framework/xmlsignaturetemplateimpl.hxx new file mode 100644 index 000000000..c0dee1173 --- /dev/null +++ b/xmlsecurity/inc/framework/xmlsignaturetemplateimpl.hxx @@ -0,0 +1,95 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include +#include +#include + +#include + +#include +#include + +#include + +namespace com::sun::star::lang { class XMultiServiceFactory; } +namespace com::sun::star::xml::wrapper { class XXMLElementWrapper; } + +class XMLSignatureTemplateImpl final : public ::cppu::WeakImplHelper< + css::xml::crypto::XXMLSignatureTemplate , + css::lang::XServiceInfo > +{ + private: + css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > m_xTemplate ; + std::vector< css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > > targets; + css::uno::Reference< css::xml::crypto::XUriBinding > m_xUriBinding; + css::xml::crypto::SecurityOperationStatus m_nStatus; + + public: + explicit XMLSignatureTemplateImpl(); + virtual ~XMLSignatureTemplateImpl() override; + + //Methods from XXMLSignatureTemplate + virtual void SAL_CALL setTemplate( + const css::uno::Reference< css::xml::wrapper::XXMLElementWrapper >& aXmlElement + ) override; + + virtual css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > SAL_CALL getTemplate( + ) override; + + virtual void SAL_CALL setTarget( + const css::uno::Reference< css::xml::wrapper::XXMLElementWrapper >& aXmlElement + ) override; + + virtual css::uno::Sequence< css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > > SAL_CALL getTargets( + ) override; + + virtual void SAL_CALL setBinding( + const css::uno::Reference< css::xml::crypto::XUriBinding >& aUriBinding ) override; + virtual css::uno::Reference< css::xml::crypto::XUriBinding > + SAL_CALL getBinding( ) override; + + virtual void SAL_CALL setStatus( + css::xml::crypto::SecurityOperationStatus status ) override; + virtual css::xml::crypto::SecurityOperationStatus + SAL_CALL getStatus( ) override; + + //Methods from XServiceInfo + virtual OUString SAL_CALL getImplementationName() override ; + + virtual sal_Bool SAL_CALL supportsService( + const OUString& ServiceName + ) override ; + + virtual css::uno::Sequence< OUString > SAL_CALL getSupportedServiceNames() override ; + + //Helper for XServiceInfo + static css::uno::Sequence< OUString > impl_getSupportedServiceNames() ; + + /// @throws css::uno::RuntimeException + static OUString impl_getImplementationName() ; + + //Helper for registry + /// @throws css::uno::RuntimeException + static css::uno::Reference< css::uno::XInterface > impl_createInstance( const css::uno::Reference< css::lang::XMultiServiceFactory >& aServiceManager ) ; +}; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/gpg/SEInitializer.hxx b/xmlsecurity/inc/gpg/SEInitializer.hxx new file mode 100644 index 000000000..e4da22029 --- /dev/null +++ b/xmlsecurity/inc/gpg/SEInitializer.hxx @@ -0,0 +1,47 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#pragma once + +#include +#include +#include +#include + +#include +#include + +namespace com::sun::star::xml::crypto { class XXMLSecurityContext; } + +class XSECXMLSEC_DLLPUBLIC SEInitializerGpg final : public cppu::WeakImplHelper +< + css::xml::crypto::XSEInitializer, + css::lang::XServiceInfo +> +{ +public: + SEInitializerGpg(); + virtual ~SEInitializerGpg() override; + + /* XSEInitializer */ + virtual css::uno::Reference< css::xml::crypto::XXMLSecurityContext > + SAL_CALL createSecurityContext( const OUString& ) override; + + virtual void SAL_CALL freeSecurityContext( const css::uno::Reference< + css::xml::crypto::XXMLSecurityContext >& securityContext ) override; + + /* XServiceInfo */ + virtual OUString SAL_CALL getImplementationName( ) override; + + virtual sal_Bool SAL_CALL supportsService( const OUString& ServiceName ) override; + + virtual css::uno::Sequence< OUString > SAL_CALL getSupportedServiceNames( ) override; +}; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/gpg/xmlsignature_gpgimpl.hxx b/xmlsecurity/inc/gpg/xmlsignature_gpgimpl.hxx new file mode 100644 index 000000000..906a51d19 --- /dev/null +++ b/xmlsecurity/inc/gpg/xmlsignature_gpgimpl.hxx @@ -0,0 +1,77 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include +#include +#include + +#include + +#include + +#include +#include + +namespace com::sun::star::xml::crypto { class XXMLSignatureTemplate; } +namespace com::sun::star::xml::crypto { class XXMLSecurityContext; } +namespace com::sun::star::lang { class XMultiServiceFactory; } + + +class XSECXMLSEC_DLLPUBLIC XMLSignature_GpgImpl final : public ::cppu::WeakImplHelper< + css::xml::crypto::XXMLSignature , + css::lang::XServiceInfo > +{ + public: + explicit XMLSignature_GpgImpl(); + virtual ~XMLSignature_GpgImpl() override ; + + //Methods from XXMLSignature + virtual css::uno::Reference< css::xml::crypto::XXMLSignatureTemplate > SAL_CALL generate( + const css::uno::Reference< css::xml::crypto::XXMLSignatureTemplate >& aTemplate , + const css::uno::Reference< css::xml::crypto::XSecurityEnvironment >& aEnvironment + ) override ; + + virtual css::uno::Reference< css::xml::crypto::XXMLSignatureTemplate > SAL_CALL validate( + const css::uno::Reference< css::xml::crypto::XXMLSignatureTemplate >& aTemplate , + const css::uno::Reference< css::xml::crypto::XXMLSecurityContext >& aContext + ) override; + + //Methods from XServiceInfo + virtual OUString SAL_CALL getImplementationName() override ; + + virtual sal_Bool SAL_CALL supportsService( + const OUString& ServiceName + ) override ; + + virtual css::uno::Sequence< OUString > SAL_CALL getSupportedServiceNames() override ; + + //Helper for XServiceInfo + static css::uno::Sequence< OUString > impl_getSupportedServiceNames() ; + + /// @throws css::uno::RuntimeException + static OUString impl_getImplementationName() ; + + //Helper for registry + /// @throws css::uno::RuntimeException + static css::uno::Reference< css::uno::XInterface > impl_createInstance( const css::uno::Reference< css::lang::XMultiServiceFactory >& aServiceManager ) ; +} ; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/macrosecurity.hxx b/xmlsecurity/inc/macrosecurity.hxx new file mode 100644 index 000000000..233ef2c1d --- /dev/null +++ b/xmlsecurity/inc/macrosecurity.hxx @@ -0,0 +1,126 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include +#include + +namespace com::sun::star::xml::crypto { class XSecurityEnvironment; } +class MacroSecurityTP; + +class MacroSecurity final : public weld::GenericDialogController +{ +private: + friend class MacroSecurityLevelTP; + friend class MacroSecurityTrustedSourcesTP; + + css::uno::Reference m_xSecurityEnvironment; + + std::unique_ptr m_xTabCtrl; + std::unique_ptr m_xOkBtn; + std::unique_ptr m_xResetBtn; + + std::unique_ptr m_xLevelTP; + std::unique_ptr m_xTrustSrcTP; + + DECL_LINK(ActivatePageHdl, const OString&, void); + DECL_LINK(OkBtnHdl, weld::Button&, void); +public: + MacroSecurity(weld::Window* pParent, + const css::uno::Reference& rxSecurityEnvironment); + + void EnableReset(bool bEnable = true) + { + m_xResetBtn->set_sensitive(bEnable); + } +}; + +class MacroSecurityTP +{ +protected: + std::unique_ptr m_xBuilder; + std::unique_ptr m_xContainer; + + MacroSecurity* m_pDlg; +public: + MacroSecurityTP(weld::Container* pParent, const OUString& rUIXMLDescription, + const OString& rID, MacroSecurity* pDlg); + virtual ~MacroSecurityTP(); + + virtual void ActivatePage(); + virtual void ClosePage() = 0; +}; + +class MacroSecurityLevelTP : public MacroSecurityTP +{ +private: + sal_uInt16 mnCurLevel; + + std::unique_ptr m_xVeryHighRB; + std::unique_ptr m_xHighRB; + std::unique_ptr m_xMediumRB; + std::unique_ptr m_xLowRB; + std::unique_ptr m_xVHighImg; + std::unique_ptr m_xHighImg; + std::unique_ptr m_xMedImg; + std::unique_ptr m_xLowImg; + + DECL_LINK(RadioButtonHdl, weld::Toggleable&, void); +public: + MacroSecurityLevelTP(weld::Container* pParent, MacroSecurity* pDlg); + virtual void ClosePage() override; +}; + +class MacroSecurityTrustedSourcesTP : public MacroSecurityTP +{ +private: + std::vector< SvtSecurityOptions::Certificate > m_aTrustedAuthors; + + bool mbAuthorsReadonly; + bool mbURLsReadonly; + + std::unique_ptr m_xTrustCertROFI; + std::unique_ptr m_xTrustCertLB; + std::unique_ptr m_xViewCertPB; + std::unique_ptr m_xRemoveCertPB; + std::unique_ptr m_xTrustFileROFI; + std::unique_ptr m_xTrustFileLocLB; + std::unique_ptr m_xAddLocPB; + std::unique_ptr m_xRemoveLocPB; + + DECL_LINK(ViewCertPBHdl, weld::Button&, void); + DECL_LINK(RemoveCertPBHdl, weld::Button&, void); + DECL_LINK(AddLocPBHdl, weld::Button&, void); + DECL_LINK(RemoveLocPBHdl, weld::Button&, void); + DECL_LINK(TrustCertLBSelectHdl, weld::TreeView&, void); + DECL_LINK(TrustFileLocLBSelectHdl, weld::TreeView&, void); + + void FillCertLB(const bool bShowWarnings = false); + void ImplCheckButtons(); + void ShowBrokenCertificateError(std::u16string_view rData); + +public: + MacroSecurityTrustedSourcesTP(weld::Container* pParent, MacroSecurity* pDlg); + + virtual void ActivatePage() override; + virtual void ClosePage() override; +}; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/pch/precompiled_xmlsecurity.cxx b/xmlsecurity/inc/pch/precompiled_xmlsecurity.cxx new file mode 100644 index 000000000..16ace305f --- /dev/null +++ b/xmlsecurity/inc/pch/precompiled_xmlsecurity.cxx @@ -0,0 +1,12 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#include "precompiled_xmlsecurity.hxx" + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/pch/precompiled_xmlsecurity.hxx b/xmlsecurity/inc/pch/precompiled_xmlsecurity.hxx new file mode 100644 index 000000000..21e6b93a9 --- /dev/null +++ b/xmlsecurity/inc/pch/precompiled_xmlsecurity.hxx @@ -0,0 +1,201 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +/* + This file has been autogenerated by update_pch.sh. It is possible to edit it + manually (such as when an include file has been moved/renamed/removed). All such + manual changes will be rewritten by the next run of update_pch.sh (which presumably + also fixes all possible problems, so it's usually better to use it). + + Generated on 2021-04-11 19:48:55 using: + ./bin/update_pch xmlsecurity xmlsecurity --cutoff=6 --exclude:system --include:module --include:local + + If after updating build fails, use the following command to locate conflicting headers: + ./bin/update_pch_bisect ./xmlsecurity/inc/pch/precompiled_xmlsecurity.hxx "make xmlsecurity.build" --find-conflicts +*/ + +#include +#if PCH_LEVEL >= 1 +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#endif // PCH_LEVEL >= 1 +#if PCH_LEVEL >= 2 +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#endif // PCH_LEVEL >= 2 +#if PCH_LEVEL >= 3 +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#endif // PCH_LEVEL >= 3 +#if PCH_LEVEL >= 4 +#include +#include +#include +#endif // PCH_LEVEL >= 4 + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/pch/precompiled_xsec_xmlsec.cxx b/xmlsecurity/inc/pch/precompiled_xsec_xmlsec.cxx new file mode 100644 index 000000000..74123c2f1 --- /dev/null +++ b/xmlsecurity/inc/pch/precompiled_xsec_xmlsec.cxx @@ -0,0 +1,12 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#include "precompiled_xsec_xmlsec.hxx" + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/pch/precompiled_xsec_xmlsec.hxx b/xmlsecurity/inc/pch/precompiled_xsec_xmlsec.hxx new file mode 100644 index 000000000..3ed774968 --- /dev/null +++ b/xmlsecurity/inc/pch/precompiled_xsec_xmlsec.hxx @@ -0,0 +1,149 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +/* + This file has been autogenerated by update_pch.sh. It is possible to edit it + manually (such as when an include file has been moved/renamed/removed). All such + manual changes will be rewritten by the next run of update_pch.sh (which presumably + also fixes all possible problems, so it's usually better to use it). + + Generated on 2021-04-08 13:57:49 using: + ./bin/update_pch xmlsecurity xsec_xmlsec --cutoff=2 --exclude:system --include:module --include:local + + If after updating build fails, use the following command to locate conflicting headers: + ./bin/update_pch_bisect ./xmlsecurity/inc/pch/precompiled_xsec_xmlsec.hxx "make xmlsecurity.build" --find-conflicts +*/ + +#include +#if PCH_LEVEL >= 1 +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef XMLSEC_CRYPTO_NSS +#include +#endif +#include +#include +#include +#include +#include +#include +#include +#endif // PCH_LEVEL >= 1 +#if PCH_LEVEL >= 2 +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#endif // PCH_LEVEL >= 2 +#if PCH_LEVEL >= 3 +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#endif // PCH_LEVEL >= 3 +#if PCH_LEVEL >= 4 +#include +#include +#endif // PCH_LEVEL >= 4 + +// Cleanup windows header macro pollution. +#if defined(_WIN32) && defined(WINAPI) +#include +#undef RGB +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/pdfsignaturehelper.hxx b/xmlsecurity/inc/pdfsignaturehelper.hxx new file mode 100644 index 000000000..ea24685d2 --- /dev/null +++ b/xmlsecurity/inc/pdfsignaturehelper.hxx @@ -0,0 +1,73 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + */ + +#pragma once + +#include "xmlsecuritydllapi.h" + +#include + +namespace com::sun::star +{ +namespace frame +{ +class XModel; +} +namespace io +{ +class XInputStream; +} +namespace security +{ +class XCertificate; +} +namespace security +{ +struct DocumentSignatureInformation; +} +namespace xml::crypto +{ +class XSecurityEnvironment; +} +} +class SvStream; + +/// Handles signatures of a PDF file. +class XMLSECURITY_DLLPUBLIC PDFSignatureHelper +{ + SignatureInformations m_aSignatureInfos; + + css::uno::Reference m_xCertificate; + OUString m_aDescription; + +public: + PDFSignatureHelper(); + bool ReadAndVerifySignature(const css::uno::Reference& xInputStream); + bool ReadAndVerifySignatureSvStream(SvStream& rStream); + css::uno::Sequence + GetDocumentSignatureInformations( + const css::uno::Reference& xSecEnv) const; + SignatureInformations const& GetSignatureInformations() const; + + /// Return the ID of the next created signature. + sal_Int32 GetNewSecurityId() const; + /// Certificate to be used next time signing is performed. + void SetX509Certificate(const css::uno::Reference& xCertificate); + /// Comment / reason to be used next time signing is performed. + void SetDescription(const OUString& rDescription); + /// Append a new signature at the end of xInputStream. + bool Sign(const css::uno::Reference& xModel, + const css::uno::Reference& xInputStream, bool bAdES); + /// Remove the signature at nPosition (and all dependent signatures) from xInputStream. + static bool RemoveSignature(const css::uno::Reference& xInputStream, + sal_uInt16 nPosition); +}; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/resourcemanager.hxx b/xmlsecurity/inc/resourcemanager.hxx new file mode 100644 index 000000000..1dc5b2987 --- /dev/null +++ b/xmlsecurity/inc/resourcemanager.hxx @@ -0,0 +1,26 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include + +inline OUString XsResId(TranslateId aId) { return Translate::get(aId, Translate::Create("xsc")); } + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/strings.hrc b/xmlsecurity/inc/strings.hrc new file mode 100644 index 000000000..8cf89b211 --- /dev/null +++ b/xmlsecurity/inc/strings.hrc @@ -0,0 +1,67 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#define NC_(Context, String) TranslateId(Context, reinterpret_cast(u8##String)) + +#define STR_CERTIFICATE_NOT_VALIDATED NC_("STR_CERTIFICATE_NOT_VALIDATED", "The certificate could not be validated.") +#define STR_VERSION NC_("STR_VERSION", "Version") +#define STR_SERIALNUM NC_("STR_SERIALNUM", "Serial Number") +#define STR_ISSUER NC_("STR_ISSUER", "Issuer") +#define STR_VALIDFROM NC_("STR_VALIDFROM", "Valid From") +#define STR_VALIDTO NC_("STR_VALIDTO", "Valid to") +#define STR_SUBJECT NC_("STR_SUBJECT", "Subject") +#define STR_SUBJECT_PUBKEY_ALGO NC_("STR_SUBJECT_PUBKEY_ALGO", "Subject Algorithm") +#define STR_SUBJECT_PUBKEY_VAL NC_("STR_SUBJECT_PUBKEY_VAL", "Public Key") +#define STR_SIGNATURE_ALGO NC_("STR_SIGNATURE_ALGO", "Signature Algorithm") +#define STR_USE NC_("STR_USE", "Certificate Use") +#define STR_THUMBPRINT_SHA1 NC_("STR_THUMBPRINT_SHA1", "Thumbprint SHA1") +#define STR_THUMBPRINT_MD5 NC_("STR_THUMBPRINT_MD5", "Thumbprint MD5") + +#define STR_XMLSECDLG_OLD_ODF_FORMAT NC_("STR_XMLSECDLG_OLD_ODF_FORMAT", "This document contains signatures in ODF 1.1 (OpenOffice.org 2.x) format. " \ + "Signing documents in %PRODUCTNAME %PRODUCTVERSION requires ODF 1.2 format version. " \ + "Thus no signatures can be added or removed to this document.\n\n" \ + "Save document in ODF 1.2 format and add all desired signatures again.") +#define STR_XMLSECDLG_QUERY_REMOVEDOCSIGNBEFORESIGN NC_("STR_XMLSECDLG_QUERY_REMOVEDOCSIGNBEFORESIGN", "Adding or removing a macro signature will remove all document signatures.\n" \ + "Do you really want to continue?") +#define STR_XMLSECDLG_QUERY_REALLYREMOVE NC_("STR_XMLSECDLG_QUERY_REALLYREMOVE", "Document signature cannot be restored, once removed.\n" \ + "Do you really want to remove selected signature?") + +#define STR_XMLSECDLG_SIGNING_FAILED NC_("STR_XMLSECDLG_SIGNING_FAILED", "An error occurred while adding the signature.") +#define STR_XMLSECDLG_NO_CERT_MANAGER NC_("STR_XMLSECDLG_NO_CERT_MANAGER", "Could not find any certificate manager.") +#define STR_XMLSECDLG_NO_CERT_FOUND NC_("STR_XMLSECDLG_NO_CERT_FOUND", "Could not find the certificate.") + +#define RID_XMLSECWB_NO_MOZILLA_PROFILE NC_("RID_XMLSECWB_NO_MOZILLA_PROFILE", "Digital signatures functionality could not be used, because no Mozilla user profile was found. Please check the Mozilla installation.") + +#define STR_DIGITAL_SIGNATURE NC_("selectcertificatedialog|STR_DIGITAL_SIGNATURE", "Digital signature") +#define STR_NON_REPUDIATION NC_("selectcertificatedialog|STR_NON_REPUDIATION", "Non-repudiation") +#define STR_KEY_ENCIPHERMENT NC_("selectcertificatedialog|STR_KEY_ENCIPHERMENT", "Key encipherment") +#define STR_DATA_ENCIPHERMENT NC_("selectcertificatedialog|STR_DATA_ENCIPHERMENT", "Data encipherment") +#define STR_KEY_AGREEMENT NC_("selectcertificatedialog|STR_KEY_AGREEMENT", "Key Agreement") +#define STR_KEY_CERT_SIGN NC_("selectcertificatedialog|STR_KEY_CERT_SIGN", "Certificate signature verification") +#define STR_CRL_SIGN NC_("selectcertificatedialog|STR_CRL_SIGN", "CRL signature verification") +#define STR_ENCIPHER_ONLY NC_("selectcertificatedialog|STR_ENCIPHER_ONLY", "Only for encipherment") +#define STR_SIGN NC_("selectcertificatedialog|str_sign", "Sign") +#define STR_SELECTSIGN NC_("selectcertificatedialog|str_selectsign", "Select") +#define STR_ENCRYPT NC_("selectcertificatedialog|str_encrypt", "Encrypt") + +#define STR_BROKEN_MACRO_CERTIFICATE_DATA NC_("STR_BROKEN_MACRO_CERTIFICATE_DATA", "Macro security problem!\n\nBroken certificate data: %{data}") + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/xmlsec-wrapper.h b/xmlsecurity/inc/xmlsec-wrapper.h new file mode 100644 index 000000000..e4048de94 --- /dev/null +++ b/xmlsecurity/inc/xmlsec-wrapper.h @@ -0,0 +1,47 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include + +#include + +// Cf. xmlsec's configure.in: +#if SAL_TYPES_SIZEOFPOINTER != 4 && !defined SYSTEM_XMLSEC +#define XMLSEC_NO_SIZE_T +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef XMLSEC_CRYPTO_NSS +#include +#include +#include +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/xmlsec/errorcallback.hxx b/xmlsecurity/inc/xmlsec/errorcallback.hxx new file mode 100644 index 000000000..80ba564e9 --- /dev/null +++ b/xmlsecurity/inc/xmlsec/errorcallback.hxx @@ -0,0 +1,30 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include + +// Only used for logging +void setErrorRecorder(); +//ToDo +//void setErrorRecorder(const css::uno::Reference< css::xml::crypto::XXMLEncryptionTemplate >& xTemplate); +void clearErrorRecorder(); + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/xmlsec/saxhelper.hxx b/xmlsecurity/inc/xmlsec/saxhelper.hxx new file mode 100644 index 000000000..a49ccef18 --- /dev/null +++ b/xmlsecurity/inc/xmlsec/saxhelper.hxx @@ -0,0 +1,85 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include + +#include + +#include + +#include + +namespace com::sun::star::xml::csax { struct XMLAttribute; } +namespace com::sun::star::uno { template class Sequence; } + +/** This class represents a SAX handler which simply forwards to + the corresponding libxml API and translates parameter if necessary. +*/ +class SAXHelper final +{ + private: + xmlParserCtxtPtr m_pParserCtxt ; + xmlSAXHandlerPtr m_pSaxHandler ; + + public: + SAXHelper( ) ; + ~SAXHelper() ; + + xmlNodePtr getCurrentNode() { return m_pParserCtxt->node;} + void setCurrentNode(const xmlNodePtr pNode); + xmlDocPtr getDocument() { return m_pParserCtxt->myDoc;} + + /// @throws css::xml::sax::SAXException + /// @throws css::uno::RuntimeException + void startDocument() ; + + /// @throws css::xml::sax::SAXException + /// @throws css::uno::RuntimeException + void endDocument() ; + + /// @throws css::xml::sax::SAXException + /// @throws css::uno::RuntimeException + void startElement( + std::u16string_view aName , + const css::uno::Sequence< + css::xml::csax::XMLAttribute >& aAttributes ) ; + + /// @throws css::xml::sax::SAXException + /// @throws css::uno::RuntimeException + void endElement( std::u16string_view aName ) ; + + /// @throws css::xml::sax::SAXException + /// @throws css::uno::RuntimeException + void characters( std::u16string_view aChars ) ; + + /// @throws css::xml::sax::SAXException + /// @throws css::uno::RuntimeException + void ignorableWhitespace( std::u16string_view aWhitespaces ) ; + + /// @throws css::xml::sax::SAXException + /// @throws css::uno::RuntimeException + void processingInstruction( + std::u16string_view aTarget , + std::u16string_view aData ) ; + +} ; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/xmlsec/xmldocumentwrapper_xmlsecimpl.hxx b/xmlsecurity/inc/xmlsec/xmldocumentwrapper_xmlsecimpl.hxx new file mode 100644 index 000000000..8f5695d10 --- /dev/null +++ b/xmlsecurity/inc/xmlsec/xmldocumentwrapper_xmlsecimpl.hxx @@ -0,0 +1,208 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include +#include +#include +#include + +#include +#include + +#define NODEPOSITION_NORMAL 1 +#define NODEPOSITION_STARTELEMENT 2 +#define NODEPOSITION_ENDELEMENT 3 + +#include + +class XSECXMLSEC_DLLPUBLIC XMLDocumentWrapper_XmlSecImpl final : public cppu::WeakImplHelper +< + css::xml::wrapper::XXMLDocumentWrapper, + css::xml::sax::XDocumentHandler, + css::xml::csax::XCompressedDocumentHandler, + css::lang::XServiceInfo +> +/** + * NAME + * XMLDocumentWrapper_XmlSecImpl -- Class to manipulate a libxml2 + * document + * + * FUNCTION + * Converts SAX events into a libxml2 document, converts the document back + * into SAX event stream, and manipulate nodes in the document. + ******************************************************************************/ +{ +private: + /* the sax helper */ + SAXHelper saxHelper; + + /* the document used to convert SAX events to */ + xmlDocPtr m_pDocument; + + /* the root element */ + xmlNodePtr m_pRootElement; + + /* + * the current active element. The next incoming SAX event will be + * appended to this element + */ + xmlNodePtr m_pCurrentElement; + + /* + * This variable is used when converting the document or part of it into + * SAX events. See getNextSAXEvent method. + */ + sal_Int32 m_nCurrentPosition; + + /* + * used for recursive deletion. See recursiveDelete method + */ + xmlNodePtr m_pStopAtNode; + xmlNodePtr m_pCurrentReservedNode; + css::uno::Sequence< css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > > m_aReservedNodes; + sal_Int32 m_nReservedNodeIndex; + +private: + void getNextSAXEvent(); + + /// @throws css::xml::sax::SAXException + static void sendStartElement( + const css::uno::Reference< css::xml::sax::XDocumentHandler >& xHandler, + const css::uno::Reference< css::xml::sax::XDocumentHandler >& xHandler2, + const xmlNodePtr pNode); + + /// @throws css::xml::sax::SAXException + static void sendEndElement( + const css::uno::Reference< css::xml::sax::XDocumentHandler >& xHandler, + const css::uno::Reference< css::xml::sax::XDocumentHandler >& xHandler2, + const xmlNodePtr pNode); + + /// @throws css::xml::sax::SAXException + static void sendNode( + const css::uno::Reference< css::xml::sax::XDocumentHandler >& xHandler, + const css::uno::Reference< css::xml::sax::XDocumentHandler >& xHandler2, + const xmlNodePtr pNode); + + static OString getNodeQName(const xmlNodePtr pNode); + + sal_Int32 recursiveDelete( const xmlNodePtr pNode); + + void getNextReservedNode(); + + void removeNode( const xmlNodePtr pNode) const; + + static xmlNodePtr checkElement( + const css::uno::Reference< css::xml::wrapper::XXMLElementWrapper >& xXMLElement); + + void buildIDAttr( xmlNodePtr pNode ) const; + void rebuildIDLink( xmlNodePtr pNode ) const; + +public: + XMLDocumentWrapper_XmlSecImpl(); + virtual ~XMLDocumentWrapper_XmlSecImpl() override; + + /* css::xml::wrapper::XXMLDocumentWrapper */ + virtual css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > SAL_CALL getCurrentElement( ) override; + + virtual void SAL_CALL setCurrentElement( const css::uno::Reference< + css::xml::wrapper::XXMLElementWrapper >& element ) override; + + virtual void SAL_CALL removeCurrentElement( ) override; + + virtual sal_Bool SAL_CALL isCurrent( const css::uno::Reference< + css::xml::wrapper::XXMLElementWrapper >& node ) override; + + virtual sal_Bool SAL_CALL isCurrentElementEmpty( ) override; + + virtual OUString SAL_CALL getNodeName( const css::uno::Reference< + css::xml::wrapper::XXMLElementWrapper >& node ) override; + + virtual void SAL_CALL clearUselessData( + const css::uno::Reference< css::xml::wrapper::XXMLElementWrapper >& node, + const css::uno::Sequence< css::uno::Reference< css::xml::wrapper::XXMLElementWrapper > >& reservedDescendants, + const css::uno::Reference< css::xml::wrapper::XXMLElementWrapper >& stopAtNode ) override; + + virtual void SAL_CALL collapse( const css::uno::Reference< + css::xml::wrapper::XXMLElementWrapper >& node ) override; + + virtual void SAL_CALL generateSAXEvents( + const css::uno::Reference< css::xml::sax::XDocumentHandler >& handler, + const css::uno::Reference< css::xml::sax::XDocumentHandler >& xEventKeeperHandler, + const css::uno::Reference< css::xml::wrapper::XXMLElementWrapper >& startNode, + const css::uno::Reference< css::xml::wrapper::XXMLElementWrapper >& endNode ) override; + + virtual void SAL_CALL getTree( + const css::uno::Reference< css::xml::sax::XDocumentHandler >& handler ) override; + + virtual void SAL_CALL rebuildIDLink( + const css::uno::Reference< css::xml::wrapper::XXMLElementWrapper >& node ) override; + + /* css::xml::sax::XDocumentHandler */ + virtual void SAL_CALL startDocument( ) override; + + virtual void SAL_CALL endDocument( ) override; + + virtual void SAL_CALL startElement( + const OUString& aName, + const css::uno::Reference< css::xml::sax::XAttributeList >& xAttribs ) override; + + virtual void SAL_CALL endElement( const OUString& aName ) override; + + virtual void SAL_CALL characters( const OUString& aChars ) override; + + virtual void SAL_CALL ignorableWhitespace( const OUString& aWhitespaces ) override; + + virtual void SAL_CALL processingInstruction( const OUString& aTarget, const OUString& aData ) override; + + virtual void SAL_CALL setDocumentLocator( const css::uno::Reference< css::xml::sax::XLocator >& xLocator ) override; + + /* css::xml::csax::XCompressedDocumentHandler */ + virtual void SAL_CALL compressedStartDocument( ) override; + + virtual void SAL_CALL compressedEndDocument( ) override; + + virtual void SAL_CALL compressedStartElement( + const OUString& aName, + const css::uno::Sequence< css::xml::csax::XMLAttribute >& aAttributes ) override; + + virtual void SAL_CALL compressedEndElement( const OUString& aName ) override; + + virtual void SAL_CALL compressedCharacters( const OUString& aChars ) override; + + virtual void SAL_CALL compressedIgnorableWhitespace( const OUString& aWhitespaces ) override; + + virtual void SAL_CALL compressedProcessingInstruction( const OUString& aTarget, const OUString& aData ) override; + + virtual void SAL_CALL compressedSetDocumentLocator( + sal_Int32 columnNumber, + sal_Int32 lineNumber, + const OUString& publicId, + const OUString& systemId ) override; + + /* css::lang::XServiceInfo */ + virtual OUString SAL_CALL getImplementationName( ) override; + + virtual sal_Bool SAL_CALL supportsService( const OUString& ServiceName ) override; + + virtual css::uno::Sequence< OUString > SAL_CALL getSupportedServiceNames( ) override; +}; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/xmlsec/xmlsec_init.hxx b/xmlsecurity/inc/xmlsec/xmlsec_init.hxx new file mode 100644 index 000000000..417acd288 --- /dev/null +++ b/xmlsecurity/inc/xmlsec/xmlsec_init.hxx @@ -0,0 +1,17 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#pragma once + +#include + +XSECXMLSEC_DLLPUBLIC void initXmlSec(); +XSECXMLSEC_DLLPUBLIC void deInitXmlSec(); + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/xmlsec/xmlstreamio.hxx b/xmlsecurity/inc/xmlsec/xmlstreamio.hxx new file mode 100644 index 000000000..6e3d506a4 --- /dev/null +++ b/xmlsecurity/inc/xmlsec/xmlstreamio.hxx @@ -0,0 +1,39 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include + +namespace com::sun::star::xml::crypto +{ +class XUriBinding; +} +namespace com::sun::star::uno +{ +template class Reference; +} + +int xmlEnableStreamInputCallbacks(); +void xmlDisableStreamInputCallbacks(); +int xmlRegisterStreamInputCallbacks( + css::uno::Reference const& aUriBinding); +int xmlUnregisterStreamInputCallbacks(); + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/xmlsecuritydllapi.h b/xmlsecurity/inc/xmlsecuritydllapi.h new file mode 100644 index 000000000..7f31e6f8f --- /dev/null +++ b/xmlsecurity/inc/xmlsecuritydllapi.h @@ -0,0 +1,20 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#pragma once + +#include + +#if defined(XMLSECURITY_DLLIMPLEMENTATION) +#define XMLSECURITY_DLLPUBLIC SAL_DLLPUBLIC_EXPORT +#else +#define XMLSECURITY_DLLPUBLIC SAL_DLLPUBLIC_IMPORT +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/xmlsignaturehelper.hxx b/xmlsecurity/inc/xmlsignaturehelper.hxx new file mode 100644 index 000000000..de7de9908 --- /dev/null +++ b/xmlsecurity/inc/xmlsignaturehelper.hxx @@ -0,0 +1,176 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include +#include +#include +#include +#include "xmlsecuritydllapi.h" +#include "xmlsignaturehelper.hxx" +#include "xsecctl.hxx" + +#include +#include + +class DateTime; +class UriBindingHelper; + +namespace com::sun::star { + namespace io { + class XOutputStream; + class XInputStream; + } + namespace embed { class XStorage; } +} + +namespace com::sun::star::graphic { class XGraphic; } +namespace com::sun::star::uno { class XComponentContext; } +namespace com::sun::star::xml::crypto { class XXMLSecurityContext; } +namespace com::sun::star::xml::sax { class XDocumentHandler; } +namespace com::sun::star::xml::sax { class XWriter; } + +/********************************************************** + XMLSignatureHelper + + Helper class for the XML Security framework + + Functions: + 1. help to create a security context; + 2. help to listen signature creation result; + 3. help to listen signature verify result; + 4. help to indicate which signature to verify. + + **********************************************************/ + +class XMLSECURITY_DLLPUBLIC XMLSignatureHelper +{ +private: + css::uno::Reference< css::uno::XComponentContext > mxCtx; + rtl::Reference mxUriBinding; + + rtl::Reference mpXSecController; + bool mbError; + bool mbODFPre1_2; + Link maStartVerifySignatureHdl; + +private: + XMLSignatureHelper(const XMLSignatureHelper&) = delete; + +public: + XMLSignatureHelper(const css::uno::Reference< css::uno::XComponentContext >& mrCtx ); + ~XMLSignatureHelper(); + + void StartVerifySignatureElement(); + + // Set the storage which should be used by the default UriBinding + // Must be set before StartMission(). + //sODFVersion indicates the ODF version + void SetStorage( const css::uno::Reference < css::embed::XStorage >& rxStorage, const OUString& sODFVersion ); + + // Argument for the Link is a uno::Reference< xml::sax::XAttributeList >* + // Return 1 to verify, 0 to skip. + // Default handler will verify all. + void SetStartVerifySignatureHdl( const Link& rLink ); + + // After signing/verifying, get information about signatures + SignatureInformation GetSignatureInformation( sal_Int32 nSecurityId ) const; + SignatureInformations GetSignatureInformations() const; + /// ImplVerifySignature calls this to figure out which X509Data is the + /// signing certificate and update the internal state with the result. + /// @return + /// A sequence with the signing certificate at the back on success. + /// An empty sequence on failure. + std::vector> + CheckAndUpdateSignatureInformation( + css::uno::Reference const& xSecEnv, + SignatureInformation const& rInfo); + + // See XSecController for documentation + void StartMission(const css::uno::Reference& xSecurityContext); + void EndMission(); + sal_Int32 GetNewSecurityId(); + /** sets data that describes the certificate. + + It is absolutely necessary that the parameter ouX509IssuerName is set. It contains + the base64 encoded certificate, which is DER encoded. The XMLSec needs it to find + the private key. Although issuer name and certificate should be sufficient to identify + the certificate the implementation in XMLSec is broken, both for Windows and mozilla. + The reason is that they use functions to find the certificate which take as parameter + the DER encoded ASN.1 issuer name. The issuer name is a DName, where most attributes + are of type DirectoryName, which is a choice of 5 string types. This information is + not contained in the issuer string and while it is converted to the ASN.1 name the + conversion function must assume a particular type, which is often wrong. For example, + the Windows function CertStrToName will use a T.61 string if the string does not contain + special characters. So if the certificate uses simple characters but encodes the + issuer attributes in Utf8, then CertStrToName will use T.61. The resulting DER encoded + ASN.1 name now contains different bytes which indicate the string type. The functions + for finding the certificate apparently use memcmp - hence they fail to find the + certificate. + */ + void SetX509Certificate(sal_Int32 nSecurityId, const OUString& ouX509IssuerName, + const OUString& ouX509SerialNumber, const OUString& ouX509Cert, const OUString& ouX509CertDigest, + svl::crypto::SignatureMethodAlgorithm eAlgorithmID); + + void AddEncapsulatedX509Certificate(const OUString& ouEncapsulatedX509Certificate); + + void SetGpgCertificate(sal_Int32 nSecurityId, const OUString& ouGpgCertDigest, + const OUString& ouGpgCert, const OUString& ouGpgOwner); + + void SetDateTime( sal_Int32 nSecurityId, const DateTime& rDateTime ); + void SetDescription(sal_Int32 nSecurityId, const OUString& rDescription); + void SetSignatureLineId(sal_Int32 nSecurityId, const OUString& rSignatureLineId); + void + SetSignatureLineValidGraphic(sal_Int32 nSecurityId, + const css::uno::Reference& xValidGraphic); + void SetSignatureLineInvalidGraphic( + sal_Int32 nSecurityId, const css::uno::Reference& xInvalidGraphic); + + void AddForSigning( sal_Int32 securityId, const OUString& uri, bool bBinary, bool bXAdESCompliantIfODF ); + void CreateAndWriteSignature( const css::uno::Reference< css::xml::sax::XDocumentHandler >& xDocumentHandler, bool bXAdESCompliantIfODF ); + bool ReadAndVerifySignature( const css::uno::Reference< css::io::XInputStream >& xInputStream ); + + // MT: ??? I think only for adding/removing, not for new signatures... + // MM: Yes, but if you want to insert a new signature into an existing signature file, those function + // will be very useful, see Mission 3 in the new "multisigdemo" program :-) + css::uno::Reference< css::xml::sax::XWriter> CreateDocumentHandlerWithHeader( const css::uno::Reference< css::io::XOutputStream >& xOutputStream ); + static void CloseDocumentHandler( const css::uno::Reference< css::xml::sax::XDocumentHandler>& xDocumentHandler ); + static void ExportSignature( + const css::uno::Reference< css::xml::sax::XDocumentHandler >& xDocumentHandler, + const SignatureInformation& signatureInfo, + bool bXAdESCompliantIfODF ); + + /// Read and verify OOXML signatures. + bool ReadAndVerifySignatureStorage(const css::uno::Reference& xStorage, bool bCacheLastSignature = true); + /// Read and verify a single OOXML signature. + bool ReadAndVerifySignatureStorageStream(const css::uno::Reference& xInputStream); + /// Adds or removes an OOXML digital signature relation to _rels/.rels if there wasn't any before. + void EnsureSignaturesRelation(const css::uno::Reference& xStorage, bool bAdd); + /// Given that xStorage is an OOXML _xmlsignatures storage, create origin.sigs and its relations. + void ExportSignatureRelations(const css::uno::Reference& xStorage, int nSignatureCount); + /// Given that xSignatureStorage is an OOXML _xmlsignatures storage, create and write a new signature. + void CreateAndWriteOOXMLSignature(const css::uno::Reference& xRootStorage, const css::uno::Reference& xSignatureStorage, int nSignatureIndex); + /// Similar to CreateAndWriteOOXMLSignature(), but used to write the signature to the persistent storage, not the temporary one. + void ExportOOXMLSignature(const css::uno::Reference& xRootStorage, const css::uno::Reference& xSignatureStorage, const SignatureInformation& rInformation, int nSignatureIndex); + /// Given that xStorage is an OOXML root storage, advertise signatures in its [Content_Types].xml stream. + void ExportSignatureContentTypes(const css::uno::Reference& xStorage, int nSignatureCount); +}; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/xsecctl.hxx b/xmlsecurity/inc/xsecctl.hxx new file mode 100644 index 000000000..adfd251b1 --- /dev/null +++ b/xmlsecurity/inc/xsecctl.hxx @@ -0,0 +1,408 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include + +#include +#include +#include + +#include +#include + +#include + +#include "UriBindingHelper.hxx" + +namespace com::sun::star::embed { class XStorage; } +namespace com::sun::star::graphic { class XGraphic; } +namespace com::sun::star::io { class XInputStream; } +namespace com::sun::star::lang { class XInitialization; } +namespace com::sun::star::uno { class XComponentContext; } +namespace com::sun::star::xml::crypto { class XXMLSecurityContext; } +namespace com::sun::star::xml::crypto { class XXMLSignature; } +namespace com::sun::star::xml::crypto:: sax { class XReferenceResolvedListener; } +namespace com::sun::star::xml::sax { class XDocumentHandler; } + +inline constexpr OUStringLiteral NS_XMLDSIG = u"http://www.w3.org/2000/09/xmldsig#"; +inline constexpr OUStringLiteral NS_DC = u"http://purl.org/dc/elements/1.1/"; +inline constexpr OUStringLiteral NS_XD = u"http://uri.etsi.org/01903/v1.3.2#"; +inline constexpr OUStringLiteral NS_MDSSI = u"http://schemas.openxmlformats.org/package/2006/digital-signature"; +inline constexpr OUStringLiteral NS_LOEXT = u"urn:org:documentfoundation:names:experimental:office:xmlns:loext:1.0"; + +inline constexpr OUStringLiteral ALGO_C14N = u"http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; +inline constexpr OUStringLiteral ALGO_RSASHA1 = u"http://www.w3.org/2000/09/xmldsig#rsa-sha1"; +inline constexpr OUStringLiteral ALGO_RSASHA256 = u"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; +inline constexpr OUStringLiteral ALGO_RSASHA512 = u"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"; +inline constexpr OUStringLiteral ALGO_ECDSASHA1 = u"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"; +inline constexpr OUStringLiteral ALGO_ECDSASHA256 = u"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"; +inline constexpr OUStringLiteral ALGO_ECDSASHA512 = u"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"; +inline constexpr OUStringLiteral ALGO_XMLDSIGSHA1 = u"http://www.w3.org/2000/09/xmldsig#sha1"; +inline constexpr OUStringLiteral ALGO_XMLDSIGSHA256 = u"http://www.w3.org/2001/04/xmlenc#sha256"; +inline constexpr OUStringLiteral ALGO_XMLDSIGSHA512 = u"http://www.w3.org/2001/04/xmlenc#sha512"; +inline constexpr OUStringLiteral ALGO_RELATIONSHIP = u"http://schemas.openxmlformats.org/package/2006/RelationshipTransform"; + +class XMLDocumentWrapper_XmlSecImpl; +class SAXEventKeeperImpl; +class XMLSignatureHelper; +namespace svl::crypto { enum class SignatureMethodAlgorithm; } + +class InternalSignatureInformation +{ +public: + SignatureInformation signatureInfor; + + css::uno::Reference< css::xml::crypto::sax::XReferenceResolvedListener > xReferenceResolvedListener; + + ::std::vector< sal_Int32 > vKeeperIds; + + InternalSignatureInformation( + sal_Int32 nId, + css::uno::Reference< css::xml::crypto::sax::XReferenceResolvedListener > const & xListener) + :signatureInfor(nId) + { + xReferenceResolvedListener = xListener; + } + + void addReference( SignatureReferenceType type, sal_Int32 digestID, const OUString& uri, sal_Int32 keeperId, const OUString& rType ) + { + signatureInfor.vSignatureReferenceInfors.push_back( + SignatureReferenceInformation(type, digestID, uri, rType)); + vKeeperIds.push_back( keeperId ); + } +}; + +class XSecController final : public cppu::WeakImplHelper +< + css::xml::crypto::sax::XSAXEventKeeperStatusChangeListener, + css::xml::crypto::sax::XSignatureCreationResultListener, + css::xml::crypto::sax::XSignatureVerifyResultListener +> +/****** XSecController.hxx/CLASS XSecController ******************************* + * + * NAME + * XSecController -- the xml security framework controller + * + * FUNCTION + * Controls the whole xml security framework to create signatures or to + * verify signatures. + * + ******************************************************************************/ +{ + friend class XSecParser; + friend class OOXMLSecParser; + +private: + css::uno::Reference< css::uno::XComponentContext> mxCtx; + + /* + * used to buffer SAX events + */ + rtl::Reference m_xXMLDocumentWrapper; + + /* + * the SAX events keeper + */ + rtl::Reference m_xSAXEventKeeper; + + /* + * the bridge component which creates/verifies signature + */ + css::uno::Reference< css::xml::crypto::XXMLSignature > m_xXMLSignature; + + /* + * the Security Context + */ + css::uno::Reference< css::xml::crypto::XXMLSecurityContext > m_xSecurityContext; + + /* + * the security id incrementer, in order to make any security id unique + * to the SAXEventKeeper. + * Because each XSecController has its own SAXEventKeeper, so this variable + * is not necessary to be static. + */ + sal_Int32 m_nNextSecurityId; + + /* + * Signature information + */ + std::vector< InternalSignatureInformation > m_vInternalSignatureInformations; + + /* + * the previous node on the SAX chain. + * The reason that use a Reference type variable + * is that the previous components are different when exporting + * and importing, and there is no other common interface they + * can provided. + */ + css::uno::Reference< css::uno::XInterface > m_xPreviousNodeOnSAXChain; + /* + * whether the previous node can provide an XInitialize interface, + * use this variable in order to typecast the XInterface to the + * correct interface type. + */ + bool m_bIsPreviousNodeInitializable; + + /* + * a flag representing whether the SAXEventKeeper is now on the + * SAX chain. + */ + bool m_bIsSAXEventKeeperConnected; + + /* + * a flag representing whether it is collecting some element, + * which means that the SAXEventKeeper can't be chained off the + * SAX chain. + */ + bool m_bIsCollectingElement; + + /* + * a flag representing whether the SAX event stream is blocking, + * which also means that the SAXEventKeeper can't be chained off + * the SAX chain. + */ + bool m_bIsBlocking; + + /* + * a flag representing the current status of security related + * components. + */ + + /* + * status of security related components + */ + enum class InitializationState { UNINITIALIZED, INITIALIZED, FAILTOINITIALIZED } m_eStatusOfSecurityComponents; + + /* + * a flag representing whether the SAXEventKeeper need to be + * on the SAX chain all the time. + * This flag is used to the situation when creating signature. + */ + bool m_bIsSAXEventKeeperSticky; + + /* + * the XSecParser which is used to parse the signature stream + */ + css::uno::Reference m_xSecParser; + + /* + * the caller assigned signature id for the next signature in the + * signature stream + */ + sal_Int32 m_nReservedSignatureId; + + /* + * representing whether to verify the current signature + */ + bool m_bVerifyCurrentSignature; + + /* + * An xUriBinding is provided to map Uris to XInputStream interfaces. + */ + rtl::Reference m_xUriBinding; + +private: + + /* + * Common methods + */ + void createXSecComponent( ); + int findSignatureInfor( sal_Int32 nSecurityId ) const; + bool chainOn(); + void chainOff(); + void checkChainingStatus(); + void initializeSAXChain(); + + css::uno::Reference< css::io::XInputStream > getObjectInputStream( const OUString& objectURL ); + + //sal_Int32 getFastPropertyIndex(sal_Int32 nHandle) const; + + /* + * For signature generation + */ + static OUString createId(); + css::uno::Reference< css::xml::crypto::sax::XReferenceResolvedListener > prepareSignatureToWrite( + InternalSignatureInformation& signatureInfo, + sal_Int32 nStorageFormat, + bool bXAdESCompliantIfODF ); + + /* + * For signature verification + */ + void addSignature(); + /// Sets algorithm from . + void setSignatureMethod(svl::crypto::SignatureMethodAlgorithm eAlgorithmID); + void switchGpgSignature(); + bool haveReferenceForId(std::u16string_view rId) const; + void addReference( + const OUString& ouUri, + sal_Int32 nDigestID, + const OUString& ouType ); + void addStreamReference( + const OUString& ouUri, + bool isBinary, + sal_Int32 nDigestID ); + void setReferenceCount() const; + + void setX509Data( + std::vector> & rX509IssuerSerials, + std::vector const& rX509Certificates); + void setX509CertDigest( + OUString const& rCertDigest, sal_Int32 const nReferenceDigestID, + std::u16string_view const& rX509IssuerName, std::u16string_view const& rX509SerialNumber); + + void setSignatureValue( OUString const & ouSignatureValue ); + void setDigestValue( sal_Int32 nDigestID, OUString const & ouDigestValue ); + void setGpgKeyID( OUString const & ouKeyID ); + void setGpgCertificate( OUString const & ouGpgCert ); + void setGpgOwner( OUString const & ouGpgOwner ); + + void setDate(OUString const& rId, OUString const& ouDate); + void setDescription(OUString const& rId, OUString const& rDescription); + void setValidSignatureImage(std::u16string_view rValidSigImg); + void setInvalidSignatureImage(std::u16string_view rInvalidSigImg); + void setSignatureLineId(const OUString& rSignatureLineId); + +public: + void setSignatureBytes(const css::uno::Sequence& rBytes); + +private: + void setId( OUString const & ouId ); + + css::uno::Reference< css::xml::crypto::sax::XReferenceResolvedListener > prepareSignatureToRead( + sal_Int32 nSecurityId ); + +public: + explicit XSecController(const css::uno::Reference& rxCtx); + virtual ~XSecController() override; + + sal_Int32 getNewSecurityId( ); + + void startMission(const rtl::Reference& xUriBinding, const css::uno::Reference& xSecurityContext); + + void setSAXChainConnector(const css::uno::Reference< css::lang::XInitialization >& xInitialization); + + void clearSAXChainConnector(); + void endMission(); + + SignatureInformation getSignatureInformation( sal_Int32 nSecurityId ) const; + SignatureInformations getSignatureInformations() const; + /// only verify can figure out which X509Data is the signing certificate + void UpdateSignatureInformation(sal_Int32 nSecurityId, + std::vector && rDatas); + + static void exportSignature( + const css::uno::Reference< css::xml::sax::XDocumentHandler >& xDocumentHandler, + const SignatureInformation& signatureInfo, + bool bXAdESCompliantIfODF ); + + + /* + * For signature generation + */ + void signAStream( sal_Int32 securityId, const OUString& uri, bool isBinary, bool bXAdESCompliantIfODF); + + + /** sets data that describes the certificate. + + It is absolutely necessary that the parameter ouX509IssuerName is set. It contains + the base64 encoded certificate, which is DER encoded. The XMLSec needs it to find + the private key. Although issuer name and certificate should be sufficient to identify + the certificate the implementation in XMLSec is broken, both for Windows and mozilla. + The reason is that they use functions to find the certificate which take as parameter + the DER encoded ASN.1 issuer name. The issuer name is a DName, where most attributes + are of type DirectoryName, which is a choice of 5 string types. This information is + not contained in the issuer string and while it is converted to the ASN.1 name the + conversion function must assume a particular type, which is often wrong. For example, + the Windows function CertStrToName will use a T.61 string if the string does not contain + special characters. So if the certificate uses simple characters but encodes the + issuer attributes in Utf8, then CertStrToName will use T.61. The resulting DER encoded + ASN.1 name now contains different bytes which indicate the string type. The functions + for finding the certificate apparently use memcmp - hence they fail to find the + certificate. + */ + void setX509Certificate( + sal_Int32 nSecurityId, + const OUString& ouX509IssuerName, + const OUString& ouX509SerialNumber, + const OUString& ouX509Cert, + const OUString& ouX509CertDigest, + svl::crypto::SignatureMethodAlgorithm eAlgorithmID); + + void addEncapsulatedX509Certificate(const OUString& rEncapsulatedX509Certificate); + + void setGpgCertificate( + sal_Int32 nSecurityId, + const OUString& ouCertDigest, + const OUString& ouCert, + const OUString& ouOwner); + + void setDate( + sal_Int32 nSecurityId, + const css::util::DateTime& rDateTime ); + void setDescription(sal_Int32 nSecurityId, const OUString& rDescription); + void setSignatureLineId(sal_Int32 nSecurityId, const OUString& rSignatureLineId); + void + setSignatureLineValidGraphic(sal_Int32 nSecurityId, + const css::uno::Reference& xValidGraphic); + void setSignatureLineInvalidGraphic( + sal_Int32 nSecurityId, const css::uno::Reference& xInvalidGraphic); + + bool WriteSignature( + const css::uno::Reference< css::xml::sax::XDocumentHandler >& xDocumentHandler, + bool bXAdESCompliantIfODF); + + /* + * For signature verification + */ + void collectToVerify( std::u16string_view referenceId ); + void addSignature( sal_Int32 nSignatureId ); + css::uno::Reference< css::xml::sax::XDocumentHandler > const & createSignatureReader(XMLSignatureHelper& rXMLSignatureHelper, sal_Int32 nType = 0); + void releaseSignatureReader(); + +public: + /* Interface methods */ + + /* + * XSAXEventKeeperStatusChangeListener + */ + virtual void SAL_CALL blockingStatusChanged( sal_Bool isBlocking ) override; + virtual void SAL_CALL collectionStatusChanged( + sal_Bool isInsideCollectedElement ) override; + virtual void SAL_CALL bufferStatusChanged( sal_Bool isBufferEmpty ) override; + + /* + * XSignatureCreationResultListener + */ + virtual void SAL_CALL signatureCreated( sal_Int32 securityId, css::xml::crypto::SecurityOperationStatus nResult ) override; + + /* + * XSignatureVerifyResultListener + */ + virtual void SAL_CALL signatureVerified( sal_Int32 securityId, css::xml::crypto::SecurityOperationStatus nResult ) override; + + /// Writes XML elements inside a single OOXML signature's element. + bool WriteOOXMLSignature(const css::uno::Reference& xRootStorage, const css::uno::Reference& xDocumentHandler); + /// Exports an OOXML signature, called by WriteOOXMLSignature(). + void exportOOXMLSignature(const css::uno::Reference& xRootStorage, const css::uno::Reference& xDocumentHandler, const SignatureInformation& rInformation); +}; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/inc/xsecxmlsecdllapi.h b/xmlsecurity/inc/xsecxmlsecdllapi.h new file mode 100644 index 000000000..36f8ad52a --- /dev/null +++ b/xmlsecurity/inc/xsecxmlsecdllapi.h @@ -0,0 +1,20 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#pragma once + +#include + +#if defined(XSECXMLSEC_DLLIMPLEMENTATION) +#define XSECXMLSEC_DLLPUBLIC SAL_DLLPUBLIC_EXPORT +#else +#define XSECXMLSEC_DLLPUBLIC SAL_DLLPUBLIC_IMPORT +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ -- cgit v1.2.3