106b3ce53SAndrew Rist /************************************************************** 2cdf0e10cSrcweir * 306b3ce53SAndrew Rist * Licensed to the Apache Software Foundation (ASF) under one 406b3ce53SAndrew Rist * or more contributor license agreements. See the NOTICE file 506b3ce53SAndrew Rist * distributed with this work for additional information 606b3ce53SAndrew Rist * regarding copyright ownership. The ASF licenses this file 706b3ce53SAndrew Rist * to you under the Apache License, Version 2.0 (the 806b3ce53SAndrew Rist * "License"); you may not use this file except in compliance 906b3ce53SAndrew Rist * with the License. You may obtain a copy of the License at 10cdf0e10cSrcweir * 1106b3ce53SAndrew Rist * http://www.apache.org/licenses/LICENSE-2.0 12cdf0e10cSrcweir * 1306b3ce53SAndrew Rist * Unless required by applicable law or agreed to in writing, 1406b3ce53SAndrew Rist * software distributed under the License is distributed on an 1506b3ce53SAndrew Rist * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 1606b3ce53SAndrew Rist * KIND, either express or implied. See the License for the 1706b3ce53SAndrew Rist * specific language governing permissions and limitations 1806b3ce53SAndrew Rist * under the License. 19cdf0e10cSrcweir * 2006b3ce53SAndrew Rist *************************************************************/ 2106b3ce53SAndrew Rist 2206b3ce53SAndrew Rist 23cdf0e10cSrcweir 24cdf0e10cSrcweir // MARKER(update_precomp.py): autogen include statement, do not remove 25cdf0e10cSrcweir 26cdf0e10cSrcweir #include "precompiled_xmlsecurity.hxx" 27cdf0e10cSrcweir 28cdf0e10cSrcweir #include <documentdigitalsignatures.hxx> 29cdf0e10cSrcweir #include <xmlsecurity/digitalsignaturesdialog.hxx> 30cdf0e10cSrcweir #include <xmlsecurity/certificateviewer.hxx> 31cdf0e10cSrcweir #include <xmlsecurity/macrosecurity.hxx> 32cdf0e10cSrcweir #include <xmlsecurity/biginteger.hxx> 33cdf0e10cSrcweir #include <xmlsecurity/global.hrc> 34cdf0e10cSrcweir 35cdf0e10cSrcweir #include <xmloff/xmluconv.hxx> 36cdf0e10cSrcweir 37cdf0e10cSrcweir #include <../dialogs/resourcemanager.hxx> 38cdf0e10cSrcweir #include <com/sun/star/embed/XStorage.hpp> 39cdf0e10cSrcweir #include <com/sun/star/embed/XTransactedObject.hpp> 40cdf0e10cSrcweir #include <com/sun/star/embed/ElementModes.hpp> 41cdf0e10cSrcweir #include <com/sun/star/ucb/XContent.hpp> 42cdf0e10cSrcweir #include <com/sun/star/ucb/XContentProvider.hpp> 43cdf0e10cSrcweir #include <com/sun/star/ucb/XContentIdentifierFactory.hpp> 44cdf0e10cSrcweir #include <com/sun/star/ucb/XCommandEnvironment.hpp> 45cdf0e10cSrcweir #include <com/sun/star/ucb/XCommandProcessor.hpp> 46cdf0e10cSrcweir #include <com/sun/star/ucb/Command.hpp> 47cdf0e10cSrcweir #include <tools/urlobj.hxx> 48cdf0e10cSrcweir #include <vcl/msgbox.hxx> 49cdf0e10cSrcweir #include <unotools/securityoptions.hxx> 50cdf0e10cSrcweir #include <com/sun/star/security/CertificateValidity.hpp> 51cdf0e10cSrcweir #include <com/sun/star/security/SerialNumberAdapter.hpp> 52cdf0e10cSrcweir #include <ucbhelper/contentbroker.hxx> 53cdf0e10cSrcweir #include <unotools/ucbhelper.hxx> 54cdf0e10cSrcweir #include <comphelper/componentcontext.hxx> 55cdf0e10cSrcweir #include "comphelper/documentconstants.hxx" 56cdf0e10cSrcweir 57cdf0e10cSrcweir #include "com/sun/star/lang/IllegalArgumentException.hpp" 58cdf0e10cSrcweir 59cdf0e10cSrcweir #include <stdio.h> 60cdf0e10cSrcweir 61cdf0e10cSrcweir 62cdf0e10cSrcweir using namespace ::com::sun::star; 63cdf0e10cSrcweir using namespace ::com::sun::star::uno; 64cdf0e10cSrcweir namespace css = ::com::sun::star; 65cdf0e10cSrcweir 66cdf0e10cSrcweir #define OUSTR(x) ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM(x) ) 67cdf0e10cSrcweir 68cdf0e10cSrcweir DocumentDigitalSignatures::DocumentDigitalSignatures( const Reference< XComponentContext >& rxCtx ): 69cdf0e10cSrcweir mxCtx(rxCtx), 70cdf0e10cSrcweir m_sODFVersion(ODFVER_012_TEXT), 71cdf0e10cSrcweir m_nArgumentsCount(0), 72cdf0e10cSrcweir m_bHasDocumentSignature(false) 73cdf0e10cSrcweir { 74cdf0e10cSrcweir } 75cdf0e10cSrcweir 76cdf0e10cSrcweir void DocumentDigitalSignatures::initialize( const Sequence< Any >& aArguments) 77cdf0e10cSrcweir throw (css::uno::Exception, css::uno::RuntimeException) 78cdf0e10cSrcweir { 79cdf0e10cSrcweir if (aArguments.getLength() == 0 || aArguments.getLength() > 2) 80cdf0e10cSrcweir throw css::lang::IllegalArgumentException( 81cdf0e10cSrcweir OUSTR("DocumentDigitalSignatures::initialize requires one or two arguments"), 82cdf0e10cSrcweir Reference<XInterface>(static_cast<XInitialization*>(this), UNO_QUERY), 0); 83cdf0e10cSrcweir 84cdf0e10cSrcweir m_nArgumentsCount = aArguments.getLength(); 85cdf0e10cSrcweir 86cdf0e10cSrcweir if (!(aArguments[0] >>= m_sODFVersion)) 87cdf0e10cSrcweir throw css::lang::IllegalArgumentException( 88cdf0e10cSrcweir OUSTR("DocumentDigitalSignatures::initialize: the first arguments must be a string"), 89cdf0e10cSrcweir Reference<XInterface>(static_cast<XInitialization*>(this), UNO_QUERY), 0); 90cdf0e10cSrcweir 91cdf0e10cSrcweir if (aArguments.getLength() == 2 92cdf0e10cSrcweir && !(aArguments[1] >>= m_bHasDocumentSignature)) 93cdf0e10cSrcweir throw css::lang::IllegalArgumentException( 94cdf0e10cSrcweir OUSTR("DocumentDigitalSignatures::initialize: the second arguments must be a bool"), 95cdf0e10cSrcweir Reference<XInterface>(static_cast<XInitialization*>(this), UNO_QUERY), 1); 96cdf0e10cSrcweir 97cdf0e10cSrcweir //the Version is supported as of ODF1.2, so for and 1.1 document or older we will receive the 98cdf0e10cSrcweir //an empty string. In this case we set it to ODFVER_010_TEXT. Then we can later check easily 99cdf0e10cSrcweir //if initialize was called. Only then m_sODFVersion.getLength() is greater than 0 100cdf0e10cSrcweir if (m_sODFVersion.getLength() == 0) 101cdf0e10cSrcweir m_sODFVersion = ODFVER_010_TEXT; 102cdf0e10cSrcweir } 103cdf0e10cSrcweir 104cdf0e10cSrcweir sal_Bool DocumentDigitalSignatures::signDocumentContent( 105cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, 106cdf0e10cSrcweir const Reference< css::io::XStream >& xSignStream) 107cdf0e10cSrcweir throw (RuntimeException) 108cdf0e10cSrcweir { 109cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(), "DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2"); 110cdf0e10cSrcweir return ImplViewSignatures( rxStorage, xSignStream, SignatureModeDocumentContent, false ); 111cdf0e10cSrcweir } 112cdf0e10cSrcweir 113cdf0e10cSrcweir Sequence< css::security::DocumentSignatureInformation > 114cdf0e10cSrcweir DocumentDigitalSignatures::verifyDocumentContentSignatures( 115cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, 116cdf0e10cSrcweir const Reference< css::io::XInputStream >& xSignInStream ) throw (RuntimeException) 117cdf0e10cSrcweir { 118cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2"); 119cdf0e10cSrcweir return ImplVerifySignatures( rxStorage, xSignInStream, SignatureModeDocumentContent ); 120cdf0e10cSrcweir } 121cdf0e10cSrcweir 122cdf0e10cSrcweir void DocumentDigitalSignatures::showDocumentContentSignatures( 123cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, 124cdf0e10cSrcweir const Reference< css::io::XInputStream >& xSignInStream ) throw (RuntimeException) 125cdf0e10cSrcweir { 126cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2"); 127cdf0e10cSrcweir ImplViewSignatures( rxStorage, xSignInStream, SignatureModeDocumentContent, true ); 128cdf0e10cSrcweir } 129cdf0e10cSrcweir 130cdf0e10cSrcweir ::rtl::OUString DocumentDigitalSignatures::getDocumentContentSignatureDefaultStreamName() 131cdf0e10cSrcweir throw (css::uno::RuntimeException) 132cdf0e10cSrcweir { 133cdf0e10cSrcweir return DocumentSignatureHelper::GetDocumentContentSignatureDefaultStreamName(); 134cdf0e10cSrcweir } 135cdf0e10cSrcweir 136cdf0e10cSrcweir sal_Bool DocumentDigitalSignatures::signScriptingContent( 137cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, 138cdf0e10cSrcweir const Reference< css::io::XStream >& xSignStream ) throw (RuntimeException) 139cdf0e10cSrcweir { 140cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2"); 141cdf0e10cSrcweir OSL_ENSURE(m_nArgumentsCount == 2, "DocumentDigitalSignatures: Service was not initialized properly"); 142cdf0e10cSrcweir return ImplViewSignatures( rxStorage, xSignStream, SignatureModeMacros, false ); 143cdf0e10cSrcweir } 144cdf0e10cSrcweir 145cdf0e10cSrcweir Sequence< css::security::DocumentSignatureInformation > 146cdf0e10cSrcweir DocumentDigitalSignatures::verifyScriptingContentSignatures( 147cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, 148cdf0e10cSrcweir const Reference< css::io::XInputStream >& xSignInStream ) throw (RuntimeException) 149cdf0e10cSrcweir { 150cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2"); 151cdf0e10cSrcweir return ImplVerifySignatures( rxStorage, xSignInStream, SignatureModeMacros ); 152cdf0e10cSrcweir } 153cdf0e10cSrcweir 154cdf0e10cSrcweir void DocumentDigitalSignatures::showScriptingContentSignatures( 155cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, 156cdf0e10cSrcweir const Reference< css::io::XInputStream >& xSignInStream ) throw (RuntimeException) 157cdf0e10cSrcweir { 158cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2"); 159cdf0e10cSrcweir ImplViewSignatures( rxStorage, xSignInStream, SignatureModeMacros, true ); 160cdf0e10cSrcweir } 161cdf0e10cSrcweir 162cdf0e10cSrcweir ::rtl::OUString DocumentDigitalSignatures::getScriptingContentSignatureDefaultStreamName() 163cdf0e10cSrcweir throw (css::uno::RuntimeException) 164cdf0e10cSrcweir { 165cdf0e10cSrcweir return DocumentSignatureHelper::GetScriptingContentSignatureDefaultStreamName(); 166cdf0e10cSrcweir } 167cdf0e10cSrcweir 168cdf0e10cSrcweir 169cdf0e10cSrcweir sal_Bool DocumentDigitalSignatures::signPackage( 170cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, 171cdf0e10cSrcweir const Reference< css::io::XStream >& xSignStream ) throw (RuntimeException) 172cdf0e10cSrcweir { 173cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2"); 174cdf0e10cSrcweir return ImplViewSignatures( rxStorage, xSignStream, SignatureModePackage, false ); 175cdf0e10cSrcweir } 176cdf0e10cSrcweir 177cdf0e10cSrcweir Sequence< css::security::DocumentSignatureInformation > 178cdf0e10cSrcweir DocumentDigitalSignatures::verifyPackageSignatures( 179cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, 180cdf0e10cSrcweir const Reference< css::io::XInputStream >& xSignInStream ) throw (RuntimeException) 181cdf0e10cSrcweir { 182cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2"); 183cdf0e10cSrcweir return ImplVerifySignatures( rxStorage, xSignInStream, SignatureModePackage ); 184cdf0e10cSrcweir } 185cdf0e10cSrcweir 186cdf0e10cSrcweir void DocumentDigitalSignatures::showPackageSignatures( 187cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, 188cdf0e10cSrcweir const Reference< css::io::XInputStream >& xSignInStream ) throw (RuntimeException) 189cdf0e10cSrcweir { 190cdf0e10cSrcweir OSL_ENSURE(m_sODFVersion.getLength(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2"); 191cdf0e10cSrcweir ImplViewSignatures( rxStorage, xSignInStream, SignatureModePackage, true ); 192cdf0e10cSrcweir } 193cdf0e10cSrcweir 194cdf0e10cSrcweir ::rtl::OUString DocumentDigitalSignatures::getPackageSignatureDefaultStreamName( ) 195cdf0e10cSrcweir throw (::com::sun::star::uno::RuntimeException) 196cdf0e10cSrcweir { 197cdf0e10cSrcweir return DocumentSignatureHelper::GetPackageSignatureDefaultStreamName(); 198cdf0e10cSrcweir } 199cdf0e10cSrcweir 200cdf0e10cSrcweir 201cdf0e10cSrcweir sal_Bool DocumentDigitalSignatures::ImplViewSignatures( 202cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, 203cdf0e10cSrcweir const Reference< css::io::XInputStream >& xSignStream, 204cdf0e10cSrcweir DocumentSignatureMode eMode, bool bReadOnly ) throw (RuntimeException) 205cdf0e10cSrcweir { 206cdf0e10cSrcweir Reference< io::XStream > xStream; 207cdf0e10cSrcweir if ( xSignStream.is() ) 208cdf0e10cSrcweir xStream = Reference< io::XStream >( xSignStream, UNO_QUERY ); 209cdf0e10cSrcweir return ImplViewSignatures( rxStorage, xStream, eMode, bReadOnly ); 210cdf0e10cSrcweir } 211cdf0e10cSrcweir 212cdf0e10cSrcweir sal_Bool DocumentDigitalSignatures::ImplViewSignatures( 213cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, const Reference< css::io::XStream >& xSignStream, 214cdf0e10cSrcweir DocumentSignatureMode eMode, bool bReadOnly ) throw (RuntimeException) 215cdf0e10cSrcweir { 216cdf0e10cSrcweir sal_Bool bChanges = sal_False; 217cdf0e10cSrcweir DigitalSignaturesDialog aSignaturesDialog( 218cdf0e10cSrcweir NULL, mxCtx, eMode, bReadOnly, m_sODFVersion, m_bHasDocumentSignature); 219cdf0e10cSrcweir bool bInit = aSignaturesDialog.Init(); 220cdf0e10cSrcweir DBG_ASSERT( bInit, "Error initializing security context!" ); 221cdf0e10cSrcweir if ( bInit ) 222cdf0e10cSrcweir { 223cdf0e10cSrcweir aSignaturesDialog.SetStorage( rxStorage ); 224cdf0e10cSrcweir aSignaturesDialog.SetSignatureStream( xSignStream ); 225cdf0e10cSrcweir if ( aSignaturesDialog.Execute() ) 226cdf0e10cSrcweir { 227cdf0e10cSrcweir if ( aSignaturesDialog.SignaturesChanged() ) 228cdf0e10cSrcweir { 229cdf0e10cSrcweir bChanges = sal_True; 230cdf0e10cSrcweir // If we have a storage and no stream, we are responsible for commit 231cdf0e10cSrcweir if ( rxStorage.is() && !xSignStream.is() ) 232cdf0e10cSrcweir { 233cdf0e10cSrcweir uno::Reference< embed::XTransactedObject > xTrans( rxStorage, uno::UNO_QUERY ); 234cdf0e10cSrcweir xTrans->commit(); 235cdf0e10cSrcweir } 236cdf0e10cSrcweir } 237cdf0e10cSrcweir } 238cdf0e10cSrcweir } 239cdf0e10cSrcweir else 240cdf0e10cSrcweir { 241cdf0e10cSrcweir WarningBox aBox( NULL, XMLSEC_RES( RID_XMLSECWB_NO_MOZILLA_PROFILE ) ); 242cdf0e10cSrcweir aBox.Execute(); 243cdf0e10cSrcweir } 244cdf0e10cSrcweir 245cdf0e10cSrcweir return bChanges; 246cdf0e10cSrcweir } 247cdf0e10cSrcweir 248cdf0e10cSrcweir Sequence< css::security::DocumentSignatureInformation > 249cdf0e10cSrcweir DocumentDigitalSignatures::ImplVerifySignatures( 250cdf0e10cSrcweir const Reference< css::embed::XStorage >& rxStorage, 251cdf0e10cSrcweir const Reference< css::io::XInputStream >& xSignStream, DocumentSignatureMode eMode ) throw (RuntimeException) 252cdf0e10cSrcweir { 253cdf0e10cSrcweir if (!rxStorage.is()) 254cdf0e10cSrcweir { 255cdf0e10cSrcweir DBG_ASSERT(0, "Error, no XStorage provided"); 256cdf0e10cSrcweir return Sequence<css::security::DocumentSignatureInformation>(); 257cdf0e10cSrcweir } 258cdf0e10cSrcweir // First check for the InputStream, to avoid unnecessary initialization of the security environemnt... 259cdf0e10cSrcweir SignatureStreamHelper aStreamHelper; 260cdf0e10cSrcweir Reference< io::XInputStream > xInputStream = xSignStream; 261cdf0e10cSrcweir 262cdf0e10cSrcweir if ( !xInputStream.is() ) 263cdf0e10cSrcweir { 264cdf0e10cSrcweir aStreamHelper = DocumentSignatureHelper::OpenSignatureStream( rxStorage, embed::ElementModes::READ, eMode ); 265cdf0e10cSrcweir if ( aStreamHelper.xSignatureStream.is() ) 266cdf0e10cSrcweir xInputStream = Reference< io::XInputStream >( aStreamHelper.xSignatureStream, UNO_QUERY ); 267cdf0e10cSrcweir } 268cdf0e10cSrcweir 269cdf0e10cSrcweir if ( !xInputStream.is() ) 270cdf0e10cSrcweir return Sequence< ::com::sun::star::security::DocumentSignatureInformation >(0); 271cdf0e10cSrcweir 272cdf0e10cSrcweir 273cdf0e10cSrcweir XMLSignatureHelper aSignatureHelper( mxCtx ); 274cdf0e10cSrcweir 275cdf0e10cSrcweir bool bInit = aSignatureHelper.Init(); 276cdf0e10cSrcweir 277cdf0e10cSrcweir DBG_ASSERT( bInit, "Error initializing security context!" ); 278cdf0e10cSrcweir 279cdf0e10cSrcweir if ( !bInit ) 280cdf0e10cSrcweir return Sequence< ::com::sun::star::security::DocumentSignatureInformation >(0); 281cdf0e10cSrcweir 282cdf0e10cSrcweir aSignatureHelper.SetStorage(rxStorage, m_sODFVersion); 283cdf0e10cSrcweir 284cdf0e10cSrcweir aSignatureHelper.StartMission(); 285cdf0e10cSrcweir 286cdf0e10cSrcweir aSignatureHelper.ReadAndVerifySignature( xInputStream ); 287cdf0e10cSrcweir 288cdf0e10cSrcweir aSignatureHelper.EndMission(); 289cdf0e10cSrcweir 290cdf0e10cSrcweir Reference< ::com::sun::star::xml::crypto::XSecurityEnvironment > xSecEnv = aSignatureHelper.GetSecurityEnvironment(); 291cdf0e10cSrcweir 292cdf0e10cSrcweir SignatureInformations aSignInfos = aSignatureHelper.GetSignatureInformations(); 293cdf0e10cSrcweir int nInfos = aSignInfos.size(); 294cdf0e10cSrcweir Sequence< css::security::DocumentSignatureInformation > aInfos(nInfos); 295cdf0e10cSrcweir css::security::DocumentSignatureInformation* arInfos = aInfos.getArray(); 296cdf0e10cSrcweir 297cdf0e10cSrcweir if ( nInfos ) 298cdf0e10cSrcweir { 299cdf0e10cSrcweir Reference<security::XSerialNumberAdapter> xSerialNumberAdapter = 300cdf0e10cSrcweir ::com::sun::star::security::SerialNumberAdapter::create(mxCtx); 301cdf0e10cSrcweir 302cdf0e10cSrcweir for( int n = 0; n < nInfos; ++n ) 303cdf0e10cSrcweir { 304cdf0e10cSrcweir DocumentSignatureAlgorithm mode = DocumentSignatureHelper::getDocumentAlgorithm( 305cdf0e10cSrcweir m_sODFVersion, aSignInfos[n]); 306cdf0e10cSrcweir const std::vector< rtl::OUString > aElementsToBeVerified = 307cdf0e10cSrcweir DocumentSignatureHelper::CreateElementList( 308cdf0e10cSrcweir rxStorage, ::rtl::OUString(), eMode, mode); 309cdf0e10cSrcweir 310cdf0e10cSrcweir const SignatureInformation& rInfo = aSignInfos[n]; 311cdf0e10cSrcweir css::security::DocumentSignatureInformation& rSigInfo = arInfos[n]; 312cdf0e10cSrcweir 313cdf0e10cSrcweir if (rInfo.ouX509Certificate.getLength()) 314cdf0e10cSrcweir rSigInfo.Signer = xSecEnv->createCertificateFromAscii( rInfo.ouX509Certificate ) ; 315cdf0e10cSrcweir if (!rSigInfo.Signer.is()) 316cdf0e10cSrcweir rSigInfo.Signer = xSecEnv->getCertificate( rInfo.ouX509IssuerName, xSerialNumberAdapter->toSequence( rInfo.ouX509SerialNumber ) ); 317cdf0e10cSrcweir 318cdf0e10cSrcweir // --> PB 2004-12-14 #i38744# time support again 319cdf0e10cSrcweir Date aDate( rInfo.stDateTime.Day, rInfo.stDateTime.Month, rInfo.stDateTime.Year ); 320cdf0e10cSrcweir Time aTime( rInfo.stDateTime.Hours, rInfo.stDateTime.Minutes, 321cdf0e10cSrcweir rInfo.stDateTime.Seconds, rInfo.stDateTime.HundredthSeconds ); 322cdf0e10cSrcweir rSigInfo.SignatureDate = aDate.GetDate(); 323cdf0e10cSrcweir rSigInfo.SignatureTime = aTime.GetTime(); 324cdf0e10cSrcweir 325cdf0e10cSrcweir // Verify certificate 326cdf0e10cSrcweir //We have patched our version of libxmlsec, so that it does not verify the certificates. This has two 327cdf0e10cSrcweir //reasons. First we want two separate status for signature and certificate. Second libxmlsec calls 328*6532831cSJohn Bampton //CERT_VerifyCertificate (solaris, linux) falsely, so that it always regards the certificate as valid. 329cdf0e10cSrcweir //On Window the checking of the certificate path is buggy. It does name matching (issuer, subject name) 330cdf0e10cSrcweir //to find the parent certificate. It does not take into account that there can be several certificates 331cdf0e10cSrcweir //with the same subject name. 332cdf0e10cSrcweir if (rSigInfo.Signer.is()) 333cdf0e10cSrcweir { 334cdf0e10cSrcweir try { 335cdf0e10cSrcweir rSigInfo.CertificateStatus = xSecEnv->verifyCertificate(rSigInfo.Signer, 336cdf0e10cSrcweir Sequence<Reference<css::security::XCertificate> >()); 337cdf0e10cSrcweir } catch (SecurityException& ) { 338cdf0e10cSrcweir OSL_ENSURE(0, "Verification of certificate failed"); 339cdf0e10cSrcweir rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID; 340cdf0e10cSrcweir } 341cdf0e10cSrcweir } 342cdf0e10cSrcweir else 343cdf0e10cSrcweir { 344*6532831cSJohn Bampton //We should always be able to get the certificates because it is contained in the document, 345cdf0e10cSrcweir //unless the document is damaged so that signature xml file could not be parsed. 346cdf0e10cSrcweir rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID; 347cdf0e10cSrcweir } 348cdf0e10cSrcweir 349cdf0e10cSrcweir rSigInfo.SignatureIsValid = ( rInfo.nStatus == ::com::sun::star::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED ); 350cdf0e10cSrcweir 351cdf0e10cSrcweir 352cdf0e10cSrcweir if ( rSigInfo.SignatureIsValid ) 353cdf0e10cSrcweir { 354cdf0e10cSrcweir rSigInfo.SignatureIsValid = 355cdf0e10cSrcweir DocumentSignatureHelper::checkIfAllFilesAreSigned( 356cdf0e10cSrcweir aElementsToBeVerified, rInfo, mode); 357cdf0e10cSrcweir } 358cdf0e10cSrcweir if (eMode == SignatureModeDocumentContent) 359cdf0e10cSrcweir rSigInfo.PartialDocumentSignature = 360cdf0e10cSrcweir ! DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos[n]); 361cdf0e10cSrcweir 362cdf0e10cSrcweir } 363cdf0e10cSrcweir } 364cdf0e10cSrcweir return aInfos; 365cdf0e10cSrcweir 366cdf0e10cSrcweir } 367cdf0e10cSrcweir 368cdf0e10cSrcweir void DocumentDigitalSignatures::manageTrustedSources( ) throw (RuntimeException) 369cdf0e10cSrcweir { 370cdf0e10cSrcweir // MT: i45295 371cdf0e10cSrcweir // SecEnv is only needed to display certificate information from trusted sources. 372cdf0e10cSrcweir // Macro Security also has some options where no security environment is needed, so raise dialog anyway. 373cdf0e10cSrcweir // Later I should change the code so the Dialog creates the SecEnv on demand... 374cdf0e10cSrcweir 375cdf0e10cSrcweir Reference< dcss::xml::crypto::XSecurityEnvironment > xSecEnv; 376cdf0e10cSrcweir 377cdf0e10cSrcweir XMLSignatureHelper aSignatureHelper( mxCtx ); 378cdf0e10cSrcweir if ( aSignatureHelper.Init() ) 379cdf0e10cSrcweir xSecEnv = aSignatureHelper.GetSecurityEnvironment(); 380cdf0e10cSrcweir 381cdf0e10cSrcweir MacroSecurity aDlg( NULL, mxCtx, xSecEnv ); 382cdf0e10cSrcweir aDlg.Execute(); 383cdf0e10cSrcweir } 384cdf0e10cSrcweir 385cdf0e10cSrcweir void DocumentDigitalSignatures::showCertificate( 386cdf0e10cSrcweir const Reference< css::security::XCertificate >& _Certificate ) throw (RuntimeException) 387cdf0e10cSrcweir { 388cdf0e10cSrcweir XMLSignatureHelper aSignatureHelper( mxCtx ); 389cdf0e10cSrcweir 390cdf0e10cSrcweir bool bInit = aSignatureHelper.Init(); 391cdf0e10cSrcweir 392cdf0e10cSrcweir DBG_ASSERT( bInit, "Error initializing security context!" ); 393cdf0e10cSrcweir 394cdf0e10cSrcweir if ( bInit ) 395cdf0e10cSrcweir { 396cdf0e10cSrcweir CertificateViewer aViewer( NULL, aSignatureHelper.GetSecurityEnvironment(), _Certificate, sal_False ); 397cdf0e10cSrcweir aViewer.Execute(); 398cdf0e10cSrcweir } 399cdf0e10cSrcweir 400cdf0e10cSrcweir } 401cdf0e10cSrcweir 402cdf0e10cSrcweir ::sal_Bool DocumentDigitalSignatures::isAuthorTrusted( 403cdf0e10cSrcweir const Reference< css::security::XCertificate >& Author ) throw (RuntimeException) 404cdf0e10cSrcweir { 405cdf0e10cSrcweir sal_Bool bFound = sal_False; 406cdf0e10cSrcweir 407cdf0e10cSrcweir Reference<security::XSerialNumberAdapter> xSerialNumberAdapter = 408cdf0e10cSrcweir ::com::sun::star::security::SerialNumberAdapter::create(mxCtx); 409cdf0e10cSrcweir 410cdf0e10cSrcweir ::rtl::OUString sSerialNum = xSerialNumberAdapter->toString( Author->getSerialNumber() ); 411cdf0e10cSrcweir 412cdf0e10cSrcweir Sequence< SvtSecurityOptions::Certificate > aTrustedAuthors = SvtSecurityOptions().GetTrustedAuthors(); 413cdf0e10cSrcweir const SvtSecurityOptions::Certificate* pAuthors = aTrustedAuthors.getConstArray(); 414cdf0e10cSrcweir const SvtSecurityOptions::Certificate* pAuthorsEnd = pAuthors + aTrustedAuthors.getLength(); 415cdf0e10cSrcweir for ( ; pAuthors != pAuthorsEnd; ++pAuthors ) 416cdf0e10cSrcweir { 417cdf0e10cSrcweir SvtSecurityOptions::Certificate aAuthor = *pAuthors; 418cdf0e10cSrcweir if ( ( aAuthor[0] == Author->getIssuerName() ) && ( aAuthor[1] == sSerialNum ) ) 419cdf0e10cSrcweir { 420cdf0e10cSrcweir bFound = sal_True; 421cdf0e10cSrcweir break; 422cdf0e10cSrcweir } 423cdf0e10cSrcweir } 424cdf0e10cSrcweir 425cdf0e10cSrcweir return bFound; 426cdf0e10cSrcweir } 427cdf0e10cSrcweir 428cdf0e10cSrcweir ::sal_Bool DocumentDigitalSignatures::isLocationTrusted( const ::rtl::OUString& Location ) throw (RuntimeException) 429cdf0e10cSrcweir { 430cdf0e10cSrcweir sal_Bool bFound = sal_False; 431cdf0e10cSrcweir INetURLObject aLocObj( Location ); 432cdf0e10cSrcweir INetURLObject aLocObjLowCase( Location.toAsciiLowerCase() ); // will be used for case insensitive comparing 433cdf0e10cSrcweir 434cdf0e10cSrcweir ::com::sun::star::uno::Reference< ::com::sun::star::ucb::XContentProvider > xContentProvider; 435cdf0e10cSrcweir ::ucbhelper::ContentBroker* pBroker = NULL; 436cdf0e10cSrcweir 437cdf0e10cSrcweir //warning free code 438cdf0e10cSrcweir //if ( aLocObj.GetProtocol() == INET_PROT_FILE && ( pBroker = ::ucbhelper::ContentBroker::get() ) ) 439cdf0e10cSrcweir // xContentProvider = pBroker->getContentProviderInterface(); 440cdf0e10cSrcweir if ( aLocObj.GetProtocol() == INET_PROT_FILE) 441cdf0e10cSrcweir { 442cdf0e10cSrcweir pBroker = ::ucbhelper::ContentBroker::get(); 443cdf0e10cSrcweir if (pBroker) 444cdf0e10cSrcweir xContentProvider = pBroker->getContentProviderInterface(); 445cdf0e10cSrcweir } 446cdf0e10cSrcweir 447cdf0e10cSrcweir Sequence< ::rtl::OUString > aSecURLs = SvtSecurityOptions().GetSecureURLs(); 448cdf0e10cSrcweir const ::rtl::OUString* pSecURLs = aSecURLs.getConstArray(); 449cdf0e10cSrcweir const ::rtl::OUString* pSecURLsEnd = pSecURLs + aSecURLs.getLength(); 450cdf0e10cSrcweir for ( ; pSecURLs != pSecURLsEnd && !bFound; ++pSecURLs ) 451cdf0e10cSrcweir bFound = ::utl::UCBContentHelper::IsSubPath( *pSecURLs, Location, xContentProvider ); 452cdf0e10cSrcweir 453cdf0e10cSrcweir return bFound; 454cdf0e10cSrcweir } 455cdf0e10cSrcweir 456cdf0e10cSrcweir void DocumentDigitalSignatures::addAuthorToTrustedSources( 457cdf0e10cSrcweir const Reference< css::security::XCertificate >& Author ) throw (RuntimeException) 458cdf0e10cSrcweir { 459cdf0e10cSrcweir SvtSecurityOptions aSecOpts; 460cdf0e10cSrcweir 461cdf0e10cSrcweir Reference<security::XSerialNumberAdapter> xSerialNumberAdapter = 462cdf0e10cSrcweir ::com::sun::star::security::SerialNumberAdapter::create(mxCtx); 463cdf0e10cSrcweir 464cdf0e10cSrcweir SvtSecurityOptions::Certificate aNewCert( 3 ); 465cdf0e10cSrcweir aNewCert[ 0 ] = Author->getIssuerName(); 466cdf0e10cSrcweir aNewCert[ 1 ] = xSerialNumberAdapter->toString( Author->getSerialNumber() ); 467cdf0e10cSrcweir 468cdf0e10cSrcweir rtl::OUStringBuffer aStrBuffer; 469cdf0e10cSrcweir SvXMLUnitConverter::encodeBase64(aStrBuffer, Author->getEncoded()); 470cdf0e10cSrcweir aNewCert[ 2 ] = aStrBuffer.makeStringAndClear(); 471cdf0e10cSrcweir 472cdf0e10cSrcweir 473cdf0e10cSrcweir Sequence< SvtSecurityOptions::Certificate > aTrustedAuthors = aSecOpts.GetTrustedAuthors(); 474cdf0e10cSrcweir sal_Int32 nCnt = aTrustedAuthors.getLength(); 475cdf0e10cSrcweir aTrustedAuthors.realloc( nCnt + 1 ); 476cdf0e10cSrcweir aTrustedAuthors[ nCnt ] = aNewCert; 477cdf0e10cSrcweir 478cdf0e10cSrcweir aSecOpts.SetTrustedAuthors( aTrustedAuthors ); 479cdf0e10cSrcweir } 480cdf0e10cSrcweir 481cdf0e10cSrcweir void DocumentDigitalSignatures::addLocationToTrustedSources( const ::rtl::OUString& Location ) throw (RuntimeException) 482cdf0e10cSrcweir { 483cdf0e10cSrcweir SvtSecurityOptions aSecOpt; 484cdf0e10cSrcweir 485cdf0e10cSrcweir Sequence< ::rtl::OUString > aSecURLs = aSecOpt.GetSecureURLs(); 486cdf0e10cSrcweir sal_Int32 nCnt = aSecURLs.getLength(); 487cdf0e10cSrcweir aSecURLs.realloc( nCnt + 1 ); 488cdf0e10cSrcweir aSecURLs[ nCnt ] = Location; 489cdf0e10cSrcweir 490cdf0e10cSrcweir aSecOpt.SetSecureURLs( aSecURLs ); 491cdf0e10cSrcweir } 492cdf0e10cSrcweir 493cdf0e10cSrcweir rtl::OUString DocumentDigitalSignatures::GetImplementationName() throw (RuntimeException) 494cdf0e10cSrcweir { 495cdf0e10cSrcweir return rtl::OUString ( RTL_CONSTASCII_USTRINGPARAM ( "com.sun.star.security.DocumentDigitalSignatures" ) ); 496cdf0e10cSrcweir } 497cdf0e10cSrcweir 498cdf0e10cSrcweir Sequence< rtl::OUString > DocumentDigitalSignatures::GetSupportedServiceNames() throw (cssu::RuntimeException) 499cdf0e10cSrcweir { 500cdf0e10cSrcweir Sequence < rtl::OUString > aRet(1); 501cdf0e10cSrcweir rtl::OUString* pArray = aRet.getArray(); 502cdf0e10cSrcweir pArray[0] = rtl::OUString( RTL_CONSTASCII_USTRINGPARAM ( "com.sun.star.security.DocumentDigitalSignatures" ) ); 503cdf0e10cSrcweir return aRet; 504cdf0e10cSrcweir } 505cdf0e10cSrcweir 506cdf0e10cSrcweir 507cdf0e10cSrcweir Reference< XInterface > DocumentDigitalSignatures_CreateInstance( 508cdf0e10cSrcweir const Reference< XComponentContext >& rCtx) throw ( Exception ) 509cdf0e10cSrcweir { 510cdf0e10cSrcweir return (cppu::OWeakObject*) new DocumentDigitalSignatures( rCtx ); 511cdf0e10cSrcweir } 512