1 /**************************************************************
2  *
3  * Licensed to the Apache Software Foundation (ASF) under one
4  * or more contributor license agreements.  See the NOTICE file
5  * distributed with this work for additional information
6  * regarding copyright ownership.  The ASF licenses this file
7  * to you under the Apache License, Version 2.0 (the
8  * "License"); you may not use this file except in compliance
9  * with the License.  You may obtain a copy of the License at
10  *
11  *   http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing,
14  * software distributed under the License is distributed on an
15  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16  * KIND, either express or implied.  See the License for the
17  * specific language governing permissions and limitations
18  * under the License.
19  *
20  *************************************************************/
21 
22 
23 
24 // MARKER(update_precomp.py): autogen include statement, do not remove
25 #include "precompiled_xmlsecurity.hxx"
26 
27 #include <xsecctl.hxx>
28 #include "xsecparser.hxx"
29 #include <tools/debug.hxx>
30 
31 #include <com/sun/star/xml/crypto/sax/XKeyCollector.hpp>
32 #include <com/sun/star/xml/crypto/sax/ElementMarkPriority.hpp>
33 #include <com/sun/star/xml/crypto/sax/XReferenceResolvedBroadcaster.hpp>
34 #include <com/sun/star/xml/crypto/sax/XReferenceCollector.hpp>
35 #include <com/sun/star/xml/crypto/sax/XSignatureVerifyResultBroadcaster.hpp>
36 #include <com/sun/star/xml/sax/SAXParseException.hpp>
37 
38 // FIXME: copied from main/sal/rtl/source/strimp.c
rtl_ImplIsWhitespace(sal_Unicode c)39 static sal_Bool rtl_ImplIsWhitespace( sal_Unicode c )
40 {
41 	/* Space or Control character? */
42 	if ( (c <= 32) && c )
43 		return sal_True;
44 
45 	/* Only in the General Punctuation area Space or Control characters are included? */
46 	if ( (c < 0x2000) || (c > 0x206F) )
47 		return sal_False;
48 
49 	if ( ((c >= 0x2000) && (c <= 0x200B)) ||	/* All Spaces			*/
50 		 (c == 0x2028) ||						/* LINE SEPARATOR		*/
51 		 (c == 0x2029) )						/* PARAGRAPH SEPARATOR	*/
52 		return sal_True;
53 
54 	return sal_False;
55 }
56 
57 namespace cssu = com::sun::star::uno;
58 namespace cssl = com::sun::star::lang;
59 namespace cssxc = com::sun::star::xml::crypto;
60 namespace cssxs = com::sun::star::xml::sax;
61 
62 /* xml security framework components */
63 #define SIGNATUREVERIFIER_COMPONENT "com.sun.star.xml.crypto.sax.SignatureVerifier"
64 
65 /* protected: for signature verify */
prepareSignatureToRead(sal_Int32 nSecurityId)66 cssu::Reference< cssxc::sax::XReferenceResolvedListener > XSecController::prepareSignatureToRead(
67 	sal_Int32 nSecurityId)
68 {
69 	if ( m_nStatusOfSecurityComponents != INITIALIZED )
70 	{
71 		return NULL;
72 	}
73 
74 	sal_Int32 nIdOfSignatureElementCollector;
75 	cssu::Reference< cssxc::sax::XReferenceResolvedListener > xReferenceResolvedListener;
76 
77 	nIdOfSignatureElementCollector =
78 		m_xSAXEventKeeper->addSecurityElementCollector( cssxc::sax::ElementMarkPriority_BEFOREMODIFY, sal_False);
79 
80 	m_xSAXEventKeeper->setSecurityId(nIdOfSignatureElementCollector, nSecurityId);
81 
82         /*
83          * create a SignatureVerifier
84          */
85 	cssu::Reference< cssl::XMultiComponentFactory > xMCF( mxCtx->getServiceManager() );
86 	xReferenceResolvedListener = cssu::Reference< cssxc::sax::XReferenceResolvedListener >(
87 		xMCF->createInstanceWithContext(
88 			rtl::OUString::createFromAscii( SIGNATUREVERIFIER_COMPONENT ), mxCtx),
89 		cssu::UNO_QUERY);
90 
91 	cssu::Reference<cssl::XInitialization> xInitialization(xReferenceResolvedListener, cssu::UNO_QUERY);
92 
93 	cssu::Sequence<cssu::Any> args(5);
94 	args[0] = cssu::makeAny(rtl::OUString::valueOf(nSecurityId));
95 	args[1] = cssu::makeAny(m_xSAXEventKeeper);
96 	args[2] = cssu::makeAny(rtl::OUString::valueOf(nIdOfSignatureElementCollector));
97 	args[3] = cssu::makeAny(m_xSecurityContext);
98 	args[4] = cssu::makeAny(m_xXMLSignature);
99 	xInitialization->initialize(args);
100 
101 	cssu::Reference< cssxc::sax::XSignatureVerifyResultBroadcaster >
102 		signatureVerifyResultBroadcaster(xReferenceResolvedListener, cssu::UNO_QUERY);
103 
104 	signatureVerifyResultBroadcaster->addSignatureVerifyResultListener( this );
105 
106 	cssu::Reference<cssxc::sax::XReferenceResolvedBroadcaster> xReferenceResolvedBroadcaster
107 		(m_xSAXEventKeeper,
108 		cssu::UNO_QUERY);
109 
110 	xReferenceResolvedBroadcaster->addReferenceResolvedListener(
111 		nIdOfSignatureElementCollector,
112 		xReferenceResolvedListener);
113 
114 	cssu::Reference<cssxc::sax::XKeyCollector> keyCollector (xReferenceResolvedListener, cssu::UNO_QUERY);
115 	keyCollector->setKeyId(0);
116 
117 	return xReferenceResolvedListener;
118 }
119 
addSignature()120 void XSecController::addSignature()
121 {
122 	cssu::Reference< cssxc::sax::XReferenceResolvedListener > xReferenceResolvedListener = NULL;
123 	sal_Int32 nSignatureId = 0;
124 
125 
126 	if (m_bVerifyCurrentSignature)
127 	{
128 		chainOn(true);
129 		xReferenceResolvedListener = prepareSignatureToRead( m_nReservedSignatureId );
130 		m_bVerifyCurrentSignature = false;
131 		nSignatureId = m_nReservedSignatureId;
132 	}
133 
134 	InternalSignatureInformation isi( nSignatureId, xReferenceResolvedListener );
135 	m_vInternalSignatureInformations.push_back( isi );
136 }
137 
addReference(const rtl::OUString & ouUri)138 void XSecController::addReference( const rtl::OUString& ouUri)
139 {
140 	InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1];
141 	isi.addReference(TYPE_SAMEDOCUMENT_REFERENCE,ouUri, -1 );
142 }
143 
addStreamReference(const rtl::OUString & ouUri,bool isBinary)144 void XSecController::addStreamReference(
145 	const rtl::OUString& ouUri,
146 	bool isBinary )
147 {
148         sal_Int32 type = (isBinary?TYPE_BINARYSTREAM_REFERENCE:TYPE_XMLSTREAM_REFERENCE);
149 
150 	InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1];
151 
152 	if ( isi.xReferenceResolvedListener.is() )
153 	{
154 	        /*
155 	         * get the input stream
156 	         */
157         	cssu::Reference< com::sun::star::io::XInputStream > xObjectInputStream
158         		= getObjectInputStream( ouUri );
159 
160 		if ( xObjectInputStream.is() )
161 		{
162 			cssu::Reference<cssxc::XUriBinding> xUriBinding
163 				(isi.xReferenceResolvedListener, cssu::UNO_QUERY);
164 			xUriBinding->setUriBinding(ouUri, xObjectInputStream);
165 		}
166 	}
167 
168 	isi.addReference(type, ouUri, -1);
169 }
170 
setReferenceCount() const171 void XSecController::setReferenceCount() const
172 {
173 	const InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1];
174 
175 	if ( isi.xReferenceResolvedListener.is() )
176 	{
177 		const SignatureReferenceInformations &refInfors = isi.signatureInfor.vSignatureReferenceInfors;
178 
179 		int refNum = refInfors.size();
180 		sal_Int32 referenceCount = 0;
181 
182 		for(int i=0 ; i<refNum; ++i)
183 		{
184 			if (refInfors[i].nType == TYPE_SAMEDOCUMENT_REFERENCE )
185 			/*
186 			 * same-document reference
187 			 */
188 			{
189 				referenceCount++;
190 			}
191 		}
192 
193 		cssu::Reference<cssxc::sax::XReferenceCollector> xReferenceCollector
194 			(isi.xReferenceResolvedListener, cssu::UNO_QUERY);
195 		xReferenceCollector->setReferenceCount( referenceCount );
196 	}
197 }
198 
setIfEmpty(rtl::OUString & variable,const rtl::OUString & value)199 void XSecController::setIfEmpty(rtl::OUString &variable, const rtl::OUString &value) {
200     if (variable.getLength() == 0) {
201         variable = value;
202     } else if (variable != value) {
203         throw cssu::RuntimeException(rtl::OUString::createFromAscii("Value already set. Tampering?"), *this);
204     }
205 }
206 
setX509IssuerName(rtl::OUString & ouX509IssuerName)207 void XSecController::setX509IssuerName( rtl::OUString& ouX509IssuerName )
208 {
209 	InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1];
210 	setIfEmpty(isi.signatureInfor.ouX509IssuerName, ouX509IssuerName);
211 }
212 
setX509SerialNumber(rtl::OUString & ouX509SerialNumber)213 void XSecController::setX509SerialNumber( rtl::OUString& ouX509SerialNumber )
214 {
215 	InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1];
216 	setIfEmpty(isi.signatureInfor.ouX509SerialNumber, ouX509SerialNumber);
217 }
218 
setX509Certificate(rtl::OUString & ouX509Certificate)219 void XSecController::setX509Certificate( rtl::OUString& ouX509Certificate )
220 {
221 	InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1];
222     if (isi.signatureInfor.ouX509Certificate.getLength()) {
223         // We allow to re-set the same certificate only.
224         // Whitespace may change.
225         const sal_Int32 l1 = isi.signatureInfor.ouX509Certificate.getLength();
226         const sal_Int32 l2 = ouX509Certificate.getLength();
227         const sal_Unicode *s1 = isi.signatureInfor.ouX509Certificate.getStr();
228         const sal_Unicode *s2 = ouX509Certificate.getStr();
229         sal_Int32 i1 = 0, i2 = 0;
230         while ((i1 < l1) && (i2 < l2)) {
231             const sal_Unicode &c1 = s1[i1];
232             const sal_Unicode &c2 = s2[i2];
233             if (rtl_ImplIsWhitespace(c1)) {
234                 ++i1;
235                 continue;
236             }
237             if (rtl_ImplIsWhitespace(c2)) {
238                 ++i2;
239                 continue;
240             }
241             if (c1 != c2) {
242                 throw cssu::RuntimeException(rtl::OUString::createFromAscii("Value already set. Tampering?"), *this);
243             }
244             ++i1;
245             ++i2;
246         }
247         // We could still have whitespace at the end of both strings
248         while ((i1 < l1) && rtl_ImplIsWhitespace(s1[l1])) {
249             ++i1;
250         }
251         while ((i2 < l2) && rtl_ImplIsWhitespace(s2[l2])) {
252             ++i2;
253         }
254         if ((i1 != l1) || (i2 != l2)) {
255             throw cssu::RuntimeException(rtl::OUString::createFromAscii("Value already set. Tampering?"), *this);
256         }
257     }
258     isi.signatureInfor.ouX509Certificate = ouX509Certificate;
259 }
260 
setSignatureValue(rtl::OUString & ouSignatureValue)261 void XSecController::setSignatureValue( rtl::OUString& ouSignatureValue )
262 {
263 	InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1];
264 	isi.signatureInfor.ouSignatureValue = ouSignatureValue;
265 }
266 
setDigestValue(rtl::OUString & ouDigestValue)267 void XSecController::setDigestValue( rtl::OUString& ouDigestValue )
268 {
269 	SignatureInformation &si = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1].signatureInfor;
270 	SignatureReferenceInformation &reference = si.vSignatureReferenceInfors[si.vSignatureReferenceInfors.size()-1];
271 	reference.ouDigestValue = ouDigestValue;
272 }
273 
setDate(rtl::OUString & ouDate)274 void XSecController::setDate( rtl::OUString& ouDate )
275 {
276 	InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1];
277 	convertDateTime( isi.signatureInfor.stDateTime, ouDate );
278 	setIfEmpty(isi.signatureInfor.ouDateTime, ouDate);
279 }
280 
281 /*
282 void XSecController::setTime( rtl::OUString& ouTime )
283 {
284 	InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1];
285 	isi.signatureInfor.ouTime = ouTime;
286 }
287 */
288 
setId(rtl::OUString & ouId)289 void XSecController::setId( rtl::OUString& ouId )
290 {
291 	InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1];
292 	isi.signatureInfor.ouSignatureId = ouId;
293 }
294 
setPropertyId(rtl::OUString & ouPropertyId)295 void XSecController::setPropertyId( rtl::OUString& ouPropertyId )
296 {
297 	InternalSignatureInformation &isi = m_vInternalSignatureInformations[m_vInternalSignatureInformations.size()-1];
298 	isi.signatureInfor.ouPropertyId = ouPropertyId;
299 }
300 
301 /* public: for signature verify */
collectToVerify(const rtl::OUString & referenceId)302 void XSecController::collectToVerify( const rtl::OUString& referenceId )
303 {
304 	/* DBG_ASSERT( m_xSAXEventKeeper.is(), "the SAXEventKeeper is NULL" ); */
305 
306 	if ( m_nStatusOfSecurityComponents == INITIALIZED )
307 	/*
308 	 * if all security components are ready, verify the signature.
309 	 */
310 	{
311 		bool bJustChainingOn = false;
312 		cssu::Reference< cssxs::XDocumentHandler > xHandler = NULL;
313 
314 		int i,j;
315 		int sigNum = m_vInternalSignatureInformations.size();
316 
317 		for (i=0; i<sigNum; ++i)
318 		{
319 			InternalSignatureInformation& isi = m_vInternalSignatureInformations[i];
320 			SignatureReferenceInformations& vReferenceInfors = isi.signatureInfor.vSignatureReferenceInfors;
321 			int refNum = vReferenceInfors.size();
322 
323 			for (j=0; j<refNum; ++j)
324 			{
325 				SignatureReferenceInformation &refInfor = vReferenceInfors[j];
326 
327 				if (refInfor.ouURI == referenceId)
328 				{
329 					if (chainOn(false))
330 					{
331 						bJustChainingOn = true;
332 						xHandler = m_xSAXEventKeeper->setNextHandler(NULL);
333 					}
334 
335 					sal_Int32 nKeeperId = m_xSAXEventKeeper->addSecurityElementCollector(
336 						cssxc::sax::ElementMarkPriority_BEFOREMODIFY, sal_False );
337 
338 					cssu::Reference<cssxc::sax::XReferenceResolvedBroadcaster> xReferenceResolvedBroadcaster
339 						(m_xSAXEventKeeper,
340 						cssu::UNO_QUERY );
341 
342 					cssu::Reference<cssxc::sax::XReferenceCollector> xReferenceCollector
343 						( isi.xReferenceResolvedListener, cssu::UNO_QUERY );
344 
345 					m_xSAXEventKeeper->setSecurityId(nKeeperId, isi.signatureInfor.nSecurityId);
346 					xReferenceResolvedBroadcaster->addReferenceResolvedListener( nKeeperId, isi.xReferenceResolvedListener);
347 					xReferenceCollector->setReferenceId( nKeeperId );
348 
349 					isi.vKeeperIds[j] = nKeeperId;
350 					break;
351 				}
352 			}
353 		}
354 
355 		if ( bJustChainingOn )
356 		{
357 			cssu::Reference< cssxs::XDocumentHandler > xSEKHandler(m_xSAXEventKeeper, cssu::UNO_QUERY);
358 			if (m_xElementStackKeeper.is())
359 			{
360 				m_xElementStackKeeper->retrieve(xSEKHandler, sal_True);
361 			}
362 			m_xSAXEventKeeper->setNextHandler(xHandler);
363 		}
364 	}
365 }
366 
addSignature(sal_Int32 nSignatureId)367 void XSecController::addSignature( sal_Int32 nSignatureId )
368 {
369 	DBG_ASSERT( m_pXSecParser != NULL, "No XSecParser initialized" );
370 
371 	m_nReservedSignatureId = nSignatureId;
372 	m_bVerifyCurrentSignature = true;
373 }
374 
createSignatureReader()375 cssu::Reference< cssxs::XDocumentHandler > XSecController::createSignatureReader()
376 {
377 	m_pXSecParser = new XSecParser( this, NULL );
378 	cssu::Reference< cssl::XInitialization > xInitialization = m_pXSecParser;
379 
380 	setSAXChainConnector(xInitialization, NULL, NULL);
381 
382 	return m_pXSecParser;
383 }
384 
releaseSignatureReader()385 void XSecController::releaseSignatureReader()
386 {
387 	clearSAXChainConnector( );
388 	m_pXSecParser = NULL;
389 }
390 
391