1 /************************************************************************* 2 * 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * Copyright 2000, 2010 Oracle and/or its affiliates. 6 * 7 * OpenOffice.org - a multi-platform office productivity suite 8 * 9 * This file is part of OpenOffice.org. 10 * 11 * OpenOffice.org is free software: you can redistribute it and/or modify 12 * it under the terms of the GNU Lesser General Public License version 3 13 * only, as published by the Free Software Foundation. 14 * 15 * OpenOffice.org is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 * GNU Lesser General Public License version 3 for more details 19 * (a copy is included in the LICENSE file that accompanied this code). 20 * 21 * You should have received a copy of the GNU Lesser General Public License 22 * version 3 along with OpenOffice.org. If not, see 23 * <http://www.openoffice.org/license.html> 24 * for a copy of the LGPLv3 License. 25 * 26 ************************************************************************/ 27 28 #ifndef _XMLSECURITY_XMLSIGNATUREHELPER_HXX 29 #define _XMLSECURITY_XMLSIGNATUREHELPER_HXX 30 31 #ifndef _STLP_VECTOR 32 #include <vector> 33 #endif 34 35 #include <tools/link.hxx> 36 37 #include <rtl/ustring.hxx> 38 39 #include <xmlsecurity/sigstruct.hxx> 40 41 #include <com/sun/star/uno/XComponentContext.hpp> 42 #include <com/sun/star/xml/sax/XDocumentHandler.hpp> 43 #include <com/sun/star/xml/crypto/XUriBinding.hpp> 44 #include <com/sun/star/xml/crypto/XSEInitializer.hpp> 45 #include <com/sun/star/xml/crypto/sax/XSecurityController.hpp> 46 #include <com/sun/star/xml/crypto/sax/XSignatureCreationResultListener.hpp> 47 #include <com/sun/star/xml/crypto/sax/XSignatureVerifyResultListener.hpp> 48 49 class XSecController; 50 class Date; 51 class Time; 52 53 namespace com { 54 namespace sun { 55 namespace star { 56 namespace io { 57 class XOutputStream; 58 class XInputStream; } 59 namespace embed { 60 class XStorage; } 61 }}} 62 63 struct XMLSignatureCreationResult 64 { 65 sal_Int32 nSecurityId; 66 com::sun::star::xml::crypto::SecurityOperationStatus nSignatureCreationResult; 67 68 XMLSignatureCreationResult( sal_Int32 nId, com::sun::star::xml::crypto::SecurityOperationStatus nResult ) 69 { 70 nSecurityId = nId; 71 nSignatureCreationResult = nResult; 72 } 73 }; 74 75 struct XMLSignatureVerifyResult 76 { 77 sal_Int32 nSecurityId; 78 com::sun::star::xml::crypto::SecurityOperationStatus nSignatureVerifyResult; 79 80 XMLSignatureVerifyResult( sal_Int32 nId, com::sun::star::xml::crypto::SecurityOperationStatus nResult ) 81 { 82 nSecurityId = nId; 83 nSignatureVerifyResult = nResult; 84 } 85 }; 86 87 typedef ::std::vector<XMLSignatureCreationResult> XMLSignatureCreationResults; 88 typedef ::std::vector<XMLSignatureVerifyResult> XMLSignatureVerifyResults; 89 90 91 92 /********************************************************** 93 XMLSignatureHelper 94 95 Helper class for the XML Security framework 96 97 Functions: 98 1. help to create a security context; 99 2. help to listen signature creation result; 100 3. help to listen signature verify result; 101 4. help to indicate which signature to verify. 102 103 **********************************************************/ 104 105 class XMLSignatureHelper 106 { 107 private: 108 ::com::sun::star::uno::Reference< com::sun::star::uno::XComponentContext > mxCtx; 109 ::com::sun::star::uno::Reference< com::sun::star::xml::crypto::sax::XSecurityController > mxSecurityController; 110 ::com::sun::star::uno::Reference< com::sun::star::xml::crypto::XUriBinding > mxUriBinding; 111 112 ::com::sun::star::uno::Reference< com::sun::star::xml::crypto::XSEInitializer > mxSEInitializer; 113 ::com::sun::star::uno::Reference< com::sun::star::xml::crypto::XXMLSecurityContext > mxSecurityContext; 114 115 XMLSignatureCreationResults maCreationResults; 116 XMLSignatureVerifyResults maVerifyResults; 117 XSecController* mpXSecController; 118 bool mbError; 119 bool mbODFPre1_2; 120 Link maStartVerifySignatureHdl; 121 122 private: 123 void ImplCreateSEInitializer(); 124 DECL_LINK( SignatureCreationResultListener, XMLSignatureCreationResult*); 125 DECL_LINK( SignatureVerifyResultListener, XMLSignatureVerifyResult* ); 126 DECL_LINK( StartVerifySignatureElement, const com::sun::star::uno::Reference< com::sun::star::xml::sax::XAttributeList >* ); 127 128 // Not allowed: 129 XMLSignatureHelper(const XMLSignatureHelper&); 130 131 public: 132 XMLSignatureHelper(const com::sun::star::uno::Reference< com::sun::star::uno::XComponentContext >& mrCtx ); 133 ~XMLSignatureHelper(); 134 135 // Initialize the security context with default crypto token. 136 // Returns true for success. 137 bool Init(); 138 139 // Set UriBinding to create input streams to open files. 140 // Default implementation is capable to open files from disk. 141 void SetUriBinding( com::sun::star::uno::Reference< com::sun::star::xml::crypto::XUriBinding >& rxUriBinding ); 142 com::sun::star::uno::Reference< com::sun::star::xml::crypto::XUriBinding > GetUriBinding() const; 143 144 // Set the storage which should be used by the default UriBinding 145 // Must be set before StatrtMission(). 146 //sODFVersion indicates the ODF version 147 void SetStorage( const com::sun::star::uno::Reference < com::sun::star::embed::XStorage >& rxStorage, ::rtl::OUString sODFVersion ); 148 149 // Argument for the Link is a uno::Reference< xml::sax::XAttributeList >* 150 // Return 1 to verify, 0 to skip. 151 // Default handler will verify all. 152 void SetStartVerifySignatureHdl( const Link& rLink ); 153 154 // Get the security environment 155 ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XSecurityEnvironment > GetSecurityEnvironment(); 156 ::com::sun::star::uno::Reference< ::com::sun::star::xml::crypto::XSecurityEnvironment > GetSecurityEnvironmentByIndex(sal_Int32 nId); 157 sal_Int32 GetSecurityEnvironmentNumber(); 158 159 // After signing/veryfieng, get information about signatures 160 SignatureInformation GetSignatureInformation( sal_Int32 nSecurityId ) const; 161 SignatureInformations GetSignatureInformations() const; 162 163 // See XSecController for documentation 164 void StartMission(); 165 void EndMission(); 166 sal_Int32 GetNewSecurityId(); 167 /** sets data that describes the certificate. 168 169 It is absolutely necessary that the parameter ouX509IssuerName is set. It contains 170 the base64 encoded certificate, which is DER encoded. The XMLSec needs it to find 171 the private key. Although issuer name and certificate should be sufficient to identify 172 the certificate the implementation in XMLSec is broken, both for Windows and mozilla. 173 The reason is that they use functions to find the certificate which take as parameter 174 the DER encoded ASN.1 issuer name. The issuer name is a DName, where most attributes 175 are of type DirectoryName, which is a choice of 5 string types. This information is 176 not contained in the issuer string and while it is converted to the ASN.1 name the 177 conversion function must assume a particular type, which is often wrong. For example, 178 the Windows function CertStrToName will use a T.61 string if the string does not contain 179 special characters. So if the certificate uses simple characters but encodes the 180 issuer attributes in Utf8, then CertStrToName will use T.61. The resulting DER encoded 181 ASN.1 name now contains different bytes which indicate the string type. The functions 182 for finding the certificate apparently use memcmp - hence they fail to find the 183 certificate. 184 */ 185 void SetX509Certificate(sal_Int32 nSecurityId, const rtl::OUString& ouX509IssuerName, 186 const rtl::OUString& ouX509SerialNumber, const rtl::OUString& ouX509Cert); 187 188 void SetX509Certificate(sal_Int32 nSecurityId, sal_Int32 nSecurityEnvironmentIndex, 189 const rtl::OUString& ouX509IssuerName, const rtl::OUString& ouX509SerialNumber, 190 const rtl::OUString& ouX509Cert); 191 void SetDateTime( sal_Int32 nSecurityId, const Date& rDate, const Time& rTime ); 192 193 void AddForSigning( sal_Int32 securityId, const rtl::OUString& uri, const rtl::OUString& objectURL, sal_Bool bBinary ); 194 bool CreateAndWriteSignature( const com::sun::star::uno::Reference< com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler ); 195 bool CreateAndWriteSignature( const com::sun::star::uno::Reference< com::sun::star::io::XOutputStream >& xOutputStream ); 196 bool ReadAndVerifySignature( const com::sun::star::uno::Reference< com::sun::star::io::XInputStream >& xInputStream ); 197 198 // MT: ??? I think only for adding/removing, not for new signatures... 199 // MM: Yes, but if you want to insert a new signature into an existing signature file, those function 200 // will be very usefull, see Mission 3 in the new "multisigdemo" program :-) 201 ::com::sun::star::uno::Reference< ::com::sun::star::xml::sax::XDocumentHandler> CreateDocumentHandlerWithHeader( const com::sun::star::uno::Reference< com::sun::star::io::XOutputStream >& xOutputStream ); 202 void CloseDocumentHandler( const ::com::sun::star::uno::Reference< com::sun::star::xml::sax::XDocumentHandler>& xDocumentHandler ); 203 void ExportSignature( const com::sun::star::uno::Reference< com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler, const SignatureInformation& signatureInfo ); 204 }; 205 206 #endif // _XMLSECURITY_XMLSIGNATUREHELPER_HXX 207