106b3ce53SAndrew Rist /************************************************************** 2cdf0e10cSrcweir * 306b3ce53SAndrew Rist * Licensed to the Apache Software Foundation (ASF) under one 406b3ce53SAndrew Rist * or more contributor license agreements. See the NOTICE file 506b3ce53SAndrew Rist * distributed with this work for additional information 606b3ce53SAndrew Rist * regarding copyright ownership. The ASF licenses this file 706b3ce53SAndrew Rist * to you under the Apache License, Version 2.0 (the 806b3ce53SAndrew Rist * "License"); you may not use this file except in compliance 906b3ce53SAndrew Rist * with the License. You may obtain a copy of the License at 10cdf0e10cSrcweir * 1106b3ce53SAndrew Rist * http://www.apache.org/licenses/LICENSE-2.0 12cdf0e10cSrcweir * 1306b3ce53SAndrew Rist * Unless required by applicable law or agreed to in writing, 1406b3ce53SAndrew Rist * software distributed under the License is distributed on an 1506b3ce53SAndrew Rist * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 1606b3ce53SAndrew Rist * KIND, either express or implied. See the License for the 1706b3ce53SAndrew Rist * specific language governing permissions and limitations 1806b3ce53SAndrew Rist * under the License. 19cdf0e10cSrcweir * 2006b3ce53SAndrew Rist *************************************************************/ 2106b3ce53SAndrew Rist 2206b3ce53SAndrew Rist 23cdf0e10cSrcweir 24cdf0e10cSrcweir // MARKER(update_precomp.py): autogen include statement, do not remove 25cdf0e10cSrcweir #include "precompiled_xmlsecurity.hxx" 26cdf0e10cSrcweir 27cdf0e10cSrcweir #include <stdio.h> 28cdf0e10cSrcweir #include "helper.hxx" 29cdf0e10cSrcweir 30cdf0e10cSrcweir #include "libxml/tree.h" 31cdf0e10cSrcweir #include "libxml/parser.h" 32cdf0e10cSrcweir #ifndef XMLSEC_NO_XSLT 33cdf0e10cSrcweir #include "libxslt/xslt.h" 34cdf0e10cSrcweir #endif 35cdf0e10cSrcweir 36cdf0e10cSrcweir #include "securityenvironment_nssimpl.hxx" 37cdf0e10cSrcweir #include "xmlelementwrapper_xmlsecimpl.hxx" 38cdf0e10cSrcweir 39cdf0e10cSrcweir #include "nspr.h" 40cdf0e10cSrcweir #include "prtypes.h" 41cdf0e10cSrcweir 42cdf0e10cSrcweir #include "pk11func.h" 43cdf0e10cSrcweir #include "cert.h" 44cdf0e10cSrcweir #include "cryptohi.h" 45cdf0e10cSrcweir #include "certdb.h" 46cdf0e10cSrcweir #include "nss.h" 47cdf0e10cSrcweir 48cdf0e10cSrcweir #include "xmlsec/strings.h" 49cdf0e10cSrcweir #include "xmlsec/xmltree.h" 50cdf0e10cSrcweir 51cdf0e10cSrcweir #include <rtl/ustring.hxx> 52cdf0e10cSrcweir #include <cppuhelper/servicefactory.hxx> 53cdf0e10cSrcweir 54cdf0e10cSrcweir #include <com/sun/star/lang/XComponent.hpp> 55cdf0e10cSrcweir #include <com/sun/star/beans/PropertyValue.hpp> 56cdf0e10cSrcweir #include <com/sun/star/xml/wrapper/XXMLElementWrapper.hpp> 57cdf0e10cSrcweir #include <com/sun/star/xml/wrapper/XXMLDocumentWrapper.hpp> 58cdf0e10cSrcweir #include <com/sun/star/xml/crypto/XXMLSignature.hpp> 59cdf0e10cSrcweir #include <com/sun/star/xml/crypto/XXMLSignatureTemplate.hpp> 60cdf0e10cSrcweir #include <com/sun/star/xml/crypto/XXMLSecurityContext.hpp> 61cdf0e10cSrcweir #include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp> 62cdf0e10cSrcweir 63cdf0e10cSrcweir using namespace ::rtl ; 64cdf0e10cSrcweir using namespace ::cppu ; 65cdf0e10cSrcweir using namespace ::com::sun::star::uno ; 66cdf0e10cSrcweir using namespace ::com::sun::star::io ; 67cdf0e10cSrcweir using namespace ::com::sun::star::ucb ; 68cdf0e10cSrcweir using namespace ::com::sun::star::beans ; 69cdf0e10cSrcweir using namespace ::com::sun::star::document ; 70cdf0e10cSrcweir using namespace ::com::sun::star::lang ; 71cdf0e10cSrcweir using namespace ::com::sun::star::registry ; 72cdf0e10cSrcweir using namespace ::com::sun::star::xml::wrapper ; 73cdf0e10cSrcweir using namespace ::com::sun::star::xml::crypto ; 74cdf0e10cSrcweir 75cdf0e10cSrcweir 76cdf0e10cSrcweir int SAL_CALL main( int argc, char **argv ) 77cdf0e10cSrcweir { 78cdf0e10cSrcweir CERTCertDBHandle* certHandle = NULL ; 79cdf0e10cSrcweir PK11SlotInfo* slot = NULL ; 80cdf0e10cSrcweir xmlDocPtr doc = NULL ; 81cdf0e10cSrcweir xmlNodePtr tplNode ; 82cdf0e10cSrcweir xmlNodePtr tarNode ; 83cdf0e10cSrcweir xmlAttrPtr idAttr ; 84cdf0e10cSrcweir xmlChar* idValue ; 85cdf0e10cSrcweir xmlAttrPtr uriAttr ; 86cdf0e10cSrcweir xmlChar* uriValue ; 87cdf0e10cSrcweir OUString* uri = NULL ; 88cdf0e10cSrcweir Reference< XUriBinding > xUriBinding ; 89cdf0e10cSrcweir 90cdf0e10cSrcweir if( argc != 4 ) { 91cdf0e10cSrcweir fprintf( stderr, "Usage: %s < CertDir > <file_url> <rdb file>\n" , argv[0] ) ; 92cdf0e10cSrcweir return 1 ; 93cdf0e10cSrcweir } 94cdf0e10cSrcweir 95cdf0e10cSrcweir //Init libxml and libxslt libraries 96cdf0e10cSrcweir xmlInitParser(); 97cdf0e10cSrcweir LIBXML_TEST_VERSION 98cdf0e10cSrcweir xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS; 99cdf0e10cSrcweir xmlSubstituteEntitiesDefault(1); 100cdf0e10cSrcweir 101cdf0e10cSrcweir #ifndef XMLSEC_NO_XSLT 102cdf0e10cSrcweir xmlIndentTreeOutput = 1; 103cdf0e10cSrcweir #endif // XMLSEC_NO_XSLT 104cdf0e10cSrcweir 105cdf0e10cSrcweir 106cdf0e10cSrcweir //Initialize NSPR and NSS 107cdf0e10cSrcweir PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1 ) ; 108cdf0e10cSrcweir PK11_SetPasswordFunc( PriPK11PasswordFunc ) ; 109cdf0e10cSrcweir if( NSS_Init( argv[1] ) != SECSuccess ) { 110509df7cbSJohn Bampton fprintf( stderr , "### cannot initialize NSS!\n" ) ; 111cdf0e10cSrcweir return 1 ; 112cdf0e10cSrcweir } 113cdf0e10cSrcweir 114cdf0e10cSrcweir certHandle = CERT_GetDefaultCertDB() ; 115cdf0e10cSrcweir slot = PK11_GetInternalKeySlot() ; 116cdf0e10cSrcweir 117cdf0e10cSrcweir //Load XML document 118cdf0e10cSrcweir doc = xmlParseFile( argv[2] ) ; 119cdf0e10cSrcweir if( doc == NULL || xmlDocGetRootElement( doc ) == NULL ) { 120cdf0e10cSrcweir fprintf( stderr , "### Cannot load template xml document!\n" ) ; 121cdf0e10cSrcweir goto done ; 122cdf0e10cSrcweir } 123cdf0e10cSrcweir 124cdf0e10cSrcweir //Find the signature template 125cdf0e10cSrcweir tplNode = xmlSecFindNode( xmlDocGetRootElement( doc ), xmlSecNodeSignature, xmlSecDSigNs ) ; 126cdf0e10cSrcweir if( tplNode == NULL ) { 127cdf0e10cSrcweir fprintf( stderr , "### Cannot find the signature template!\n" ) ; 128cdf0e10cSrcweir goto done ; 129cdf0e10cSrcweir } 130cdf0e10cSrcweir 131cdf0e10cSrcweir //Find the element with ID attribute 132cdf0e10cSrcweir tarNode = xmlSecFindNode( xmlDocGetRootElement( doc ), ( xmlChar* )"document", ( xmlChar* )"http://openoffice.org/2000/office" ) ; 133cdf0e10cSrcweir if( tarNode == NULL ) { 134cdf0e10cSrcweir tarNode = xmlSecFindNode( xmlDocGetRootElement( doc ), ( xmlChar* )"document", NULL ) ; 135cdf0e10cSrcweir } 136cdf0e10cSrcweir 137*611f99e7SJohn Bampton //Find the "id" attribute in the element 138cdf0e10cSrcweir if( tarNode != NULL ) { 139cdf0e10cSrcweir if( ( idAttr = xmlHasProp( tarNode, ( xmlChar* )"id" ) ) != NULL ) { 140cdf0e10cSrcweir //NULL 141cdf0e10cSrcweir } else if( ( idAttr = xmlHasProp( tarNode, ( xmlChar* )"Id" ) ) != NULL ) { 142cdf0e10cSrcweir //NULL 143cdf0e10cSrcweir } else { 144cdf0e10cSrcweir idAttr = NULL ; 145cdf0e10cSrcweir } 146cdf0e10cSrcweir } 147cdf0e10cSrcweir 148cdf0e10cSrcweir //Add ID to DOM 149cdf0e10cSrcweir if( idAttr != NULL ) { 150cdf0e10cSrcweir idValue = xmlNodeListGetString( tarNode->doc, idAttr->children, 1 ) ; 151cdf0e10cSrcweir if( idValue == NULL ) { 152cdf0e10cSrcweir fprintf( stderr , "### the ID value is NULL!\n" ) ; 153cdf0e10cSrcweir goto done ; 154cdf0e10cSrcweir } 155cdf0e10cSrcweir 156cdf0e10cSrcweir if( xmlAddID( NULL, doc, idValue, idAttr ) == NULL ) { 157cdf0e10cSrcweir fprintf( stderr , "### Can not add the ID value!\n" ) ; 158cdf0e10cSrcweir goto done ; 159cdf0e10cSrcweir } 160cdf0e10cSrcweir } 161cdf0e10cSrcweir 162cdf0e10cSrcweir //Reference handler 163cdf0e10cSrcweir //Find the signature reference 164cdf0e10cSrcweir tarNode = xmlSecFindNode( tplNode, xmlSecNodeReference, xmlSecDSigNs ) ; 165cdf0e10cSrcweir if( tarNode == NULL ) { 166cdf0e10cSrcweir fprintf( stderr , "### Cannot find the signature reference!\n" ) ; 167cdf0e10cSrcweir goto done ; 168cdf0e10cSrcweir } 169cdf0e10cSrcweir 170*611f99e7SJohn Bampton //Find the "URI" attribute in the reference 171cdf0e10cSrcweir uriAttr = xmlHasProp( tarNode, ( xmlChar* )"URI" ) ; 172cdf0e10cSrcweir if( tarNode == NULL ) { 173cdf0e10cSrcweir fprintf( stderr , "### Cannot find URI of the reference!\n" ) ; 174cdf0e10cSrcweir goto done ; 175cdf0e10cSrcweir } 176cdf0e10cSrcweir 177*611f99e7SJohn Bampton //Get the "URI" attribute value 178cdf0e10cSrcweir uriValue = xmlNodeListGetString( tarNode->doc, uriAttr->children, 1 ) ; 179cdf0e10cSrcweir if( uriValue == NULL ) { 180cdf0e10cSrcweir fprintf( stderr , "### the URI value is NULL!\n" ) ; 181cdf0e10cSrcweir goto done ; 182cdf0e10cSrcweir } 183cdf0e10cSrcweir 184cdf0e10cSrcweir if( strchr( ( const char* )uriValue, '/' ) != NULL && strchr( ( const char* )uriValue, '#' ) == NULL ) { 185cdf0e10cSrcweir fprintf( stdout , "### Find a stream URI [%s]\n", uriValue ) ; 186cdf0e10cSrcweir // uri = new ::rtl::OUString( ( const sal_Unicode* )uriValue ) ; 187cdf0e10cSrcweir uri = new ::rtl::OUString( ( const sal_Char* )uriValue, xmlStrlen( uriValue ), RTL_TEXTENCODING_ASCII_US ) ; 188cdf0e10cSrcweir } 189cdf0e10cSrcweir 190cdf0e10cSrcweir if( uri != NULL ) { 191cdf0e10cSrcweir fprintf( stdout , "### Find the URI [%s]\n", OUStringToOString( *uri , RTL_TEXTENCODING_ASCII_US ).getStr() ) ; 192cdf0e10cSrcweir Reference< XInputStream > xStream = createStreamFromFile( *uri ) ; 193cdf0e10cSrcweir if( !xStream.is() ) { 194cdf0e10cSrcweir fprintf( stderr , "### Can not get the URI stream!\n" ) ; 195cdf0e10cSrcweir goto done ; 196cdf0e10cSrcweir } 197cdf0e10cSrcweir 198cdf0e10cSrcweir xUriBinding = new OUriBinding( *uri, xStream ) ; 199cdf0e10cSrcweir } 200cdf0e10cSrcweir 201cdf0e10cSrcweir 202cdf0e10cSrcweir try { 203cdf0e10cSrcweir Reference< XMultiComponentFactory > xManager = NULL ; 204cdf0e10cSrcweir Reference< XComponentContext > xContext = NULL ; 205cdf0e10cSrcweir 206cdf0e10cSrcweir xManager = serviceManager( xContext , OUString::createFromAscii( "local" ), OUString::createFromAscii( argv[3] ) ) ; 207cdf0e10cSrcweir 208cdf0e10cSrcweir //Create signature template 209cdf0e10cSrcweir Reference< XInterface > element = 210cdf0e10cSrcweir xManager->createInstanceWithContext( OUString::createFromAscii( "com.sun.star.xml.security.bridge.xmlsec.XMLElementWrapper_XmlSecImpl" ) , xContext ) ; 211cdf0e10cSrcweir OSL_ENSURE( element.is() , 212cdf0e10cSrcweir "Verifier - " 213cdf0e10cSrcweir "Cannot get service instance of \"xsec.XMLElementWrapper\"" ) ; 214cdf0e10cSrcweir 215cdf0e10cSrcweir Reference< XXMLElementWrapper > xElement( element , UNO_QUERY ) ; 216cdf0e10cSrcweir OSL_ENSURE( xElement.is() , 217cdf0e10cSrcweir "Verifier - " 218cdf0e10cSrcweir "Cannot get interface of \"XXMLElementWrapper\" from service \"xsec.XMLElementWrapper\"" ) ; 219cdf0e10cSrcweir 220cdf0e10cSrcweir Reference< XUnoTunnel > xEleTunnel( xElement , UNO_QUERY ) ; 221cdf0e10cSrcweir OSL_ENSURE( xEleTunnel.is() , 222cdf0e10cSrcweir "Verifier - " 223cdf0e10cSrcweir "Cannot get interface of \"XUnoTunnel\" from service \"xsec.XMLElement\"" ) ; 224cdf0e10cSrcweir 225cdf0e10cSrcweir XMLElementWrapper_XmlSecImpl* pElement = ( XMLElementWrapper_XmlSecImpl* )xEleTunnel->getSomething( XMLElementWrapper_XmlSecImpl::getUnoTunnelImplementationId() ) ; 226cdf0e10cSrcweir OSL_ENSURE( pElement != NULL , 227cdf0e10cSrcweir "Verifier - " 228cdf0e10cSrcweir "Cannot get implementation of \"xsec.XMLElementWrapper\"" ) ; 229cdf0e10cSrcweir 230cdf0e10cSrcweir //Set signature template 231cdf0e10cSrcweir pElement->setNativeElement( tplNode ) ; 232cdf0e10cSrcweir 233cdf0e10cSrcweir //Build XML Signature template 234cdf0e10cSrcweir Reference< XInterface > signtpl = 235cdf0e10cSrcweir xManager->createInstanceWithContext( OUString::createFromAscii("com.sun.star.xml.crypto.XMLSignatureTemplate"), xContext ) ; 236cdf0e10cSrcweir OSL_ENSURE( signtpl.is() , 237cdf0e10cSrcweir "Verifier - " 238cdf0e10cSrcweir "Cannot get service instance of \"xsec.XMLSignatureTemplate\"" ) ; 239cdf0e10cSrcweir 240cdf0e10cSrcweir Reference< XXMLSignatureTemplate > xTemplate( signtpl , UNO_QUERY ) ; 241cdf0e10cSrcweir OSL_ENSURE( xTemplate.is() , 242cdf0e10cSrcweir "Verifier - " 243cdf0e10cSrcweir "Cannot get interface of \"XXMLSignatureTemplate\" from service \"xsec.XMLSignatureTemplate\"" ) ; 244cdf0e10cSrcweir 245cdf0e10cSrcweir //Import the signature template 246cdf0e10cSrcweir xTemplate->setTemplate( xElement ) ; 247cdf0e10cSrcweir 248cdf0e10cSrcweir //Import the URI/Stream binding 249cdf0e10cSrcweir if( xUriBinding.is() ) 250cdf0e10cSrcweir xTemplate->setBinding( xUriBinding ) ; 251cdf0e10cSrcweir 252cdf0e10cSrcweir //Create security environment 253cdf0e10cSrcweir //Build Security Environment 254cdf0e10cSrcweir Reference< XInterface > xsecenv = 255cdf0e10cSrcweir xManager->createInstanceWithContext( OUString::createFromAscii("com.sun.star.xml.security.bridge.xmlsec.SecurityEnvironment_NssImpl"), xContext ) ; 256cdf0e10cSrcweir OSL_ENSURE( xsecenv.is() , 257cdf0e10cSrcweir "Verifier - " 258cdf0e10cSrcweir "Cannot get service instance of \"xsec.SecurityEnvironment\"" ) ; 259cdf0e10cSrcweir 260cdf0e10cSrcweir Reference< XSecurityEnvironment > xSecEnv( xsecenv , UNO_QUERY ) ; 261cdf0e10cSrcweir OSL_ENSURE( xSecEnv.is() , 262cdf0e10cSrcweir "Verifier - " 263cdf0e10cSrcweir "Cannot get interface of \"XSecurityEnvironment\" from service \"xsec.SecurityEnvironment\"" ) ; 264cdf0e10cSrcweir 265cdf0e10cSrcweir //Setup key slot and certDb 266cdf0e10cSrcweir Reference< XUnoTunnel > xEnvTunnel( xsecenv , UNO_QUERY ) ; 267cdf0e10cSrcweir OSL_ENSURE( xElement.is() , 268cdf0e10cSrcweir "Verifier - " 269cdf0e10cSrcweir "Cannot get interface of \"XUnoTunnel\" from service \"xsec.SecurityEnvironment\"" ) ; 270cdf0e10cSrcweir 271cdf0e10cSrcweir SecurityEnvironment_NssImpl* pSecEnv = ( SecurityEnvironment_NssImpl* )xEnvTunnel->getSomething( SecurityEnvironment_NssImpl::getUnoTunnelId() ) ; 272cdf0e10cSrcweir OSL_ENSURE( pSecEnv != NULL , 273cdf0e10cSrcweir "Verifier - " 274cdf0e10cSrcweir "Cannot get implementation of \"xsec.SecurityEnvironment\"" ) ; 275cdf0e10cSrcweir 276cdf0e10cSrcweir pSecEnv->setCryptoSlot( slot ) ; 277cdf0e10cSrcweir pSecEnv->setCertDb( certHandle ) ; 278cdf0e10cSrcweir 279cdf0e10cSrcweir //Build XML Security Context 280cdf0e10cSrcweir Reference< XInterface > xmlsecctx = 281cdf0e10cSrcweir xManager->createInstanceWithContext( OUString::createFromAscii("com.sun.star.xml.security.bridge.xmlsec.XMLSecurityContext_NssImpl"), xContext ) ; 282cdf0e10cSrcweir OSL_ENSURE( xsecenv.is() , 283cdf0e10cSrcweir "Verifier - " 284cdf0e10cSrcweir "Cannot get service instance of \"xsec.XMLSecurityContext\"" ) ; 285cdf0e10cSrcweir 286cdf0e10cSrcweir Reference< XXMLSecurityContext > xSecCtx( xmlsecctx , UNO_QUERY ) ; 287cdf0e10cSrcweir OSL_ENSURE( xSecCtx.is() , 288cdf0e10cSrcweir "Verifier - " 289cdf0e10cSrcweir "Cannot get interface of \"XXMLSecurityContext\" from service \"xsec.XMLSecurityContext\"" ) ; 290cdf0e10cSrcweir 291cdf0e10cSrcweir xSecCtx->setSecurityEnvironment( xSecEnv ) ; 292cdf0e10cSrcweir 293cdf0e10cSrcweir //Generate XML signature 294cdf0e10cSrcweir Reference< XInterface > xmlsigner = 295cdf0e10cSrcweir xManager->createInstanceWithContext( OUString::createFromAscii("com.sun.star.xml.security.bridge.xmlsec.XMLSignature_NssImpl"), xContext ) ; 296cdf0e10cSrcweir OSL_ENSURE( xmlsigner.is() , 297cdf0e10cSrcweir "Verifier - " 298cdf0e10cSrcweir "Cannot get service instance of \"xsec.XMLSignature\"" ) ; 299cdf0e10cSrcweir 300cdf0e10cSrcweir Reference< XXMLSignature > xSigner( xmlsigner , UNO_QUERY ) ; 301cdf0e10cSrcweir OSL_ENSURE( xSigner.is() , 302cdf0e10cSrcweir "Verifier - " 303cdf0e10cSrcweir "Cannot get interface of \"XXMLSignature\" from service \"xsec.XMLSignature\"" ) ; 304cdf0e10cSrcweir 305cdf0e10cSrcweir 306cdf0e10cSrcweir //perform validation 307cdf0e10cSrcweir sal_Bool valid = xSigner->validate( xTemplate , xSecCtx ) ; 308cdf0e10cSrcweir if( !valid ) { 309cdf0e10cSrcweir printf( "Signature is INVALID!\n" ) ; 310cdf0e10cSrcweir } else { 311cdf0e10cSrcweir printf( "Signature is VALID!\n" ) ; 312cdf0e10cSrcweir } 313cdf0e10cSrcweir } catch( Exception& e ) { 314cdf0e10cSrcweir fprintf( stderr , "Error Message: %s\n" , OUStringToOString( e.Message , RTL_TEXTENCODING_ASCII_US ).getStr() ) ; 315cdf0e10cSrcweir goto done ; 316cdf0e10cSrcweir } 317cdf0e10cSrcweir 318cdf0e10cSrcweir done : 319cdf0e10cSrcweir if( doc != NULL ) 320cdf0e10cSrcweir xmlFreeDoc( doc ) ; 321cdf0e10cSrcweir 322cdf0e10cSrcweir if( slot != NULL ) 323cdf0e10cSrcweir PK11_FreeSlot( slot ) ; 324cdf0e10cSrcweir 325cdf0e10cSrcweir PK11_LogoutAll() ; 326cdf0e10cSrcweir NSS_Shutdown() ; 327cdf0e10cSrcweir 328cdf0e10cSrcweir /* Shutdown libxslt/libxml */ 329cdf0e10cSrcweir #ifndef XMLSEC_NO_XSLT 330cdf0e10cSrcweir xsltCleanupGlobals(); 331cdf0e10cSrcweir #endif /* XMLSEC_NO_XSLT */ 332cdf0e10cSrcweir xmlCleanupParser(); 333cdf0e10cSrcweir 334cdf0e10cSrcweir return 0 ; 335cdf0e10cSrcweir } 336