Line data Source code
1 : /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 : /*
3 : * This file is part of the LibreOffice project.
4 : *
5 : * This Source Code Form is subject to the terms of the Mozilla Public
6 : * License, v. 2.0. If a copy of the MPL was not distributed with this
7 : * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 : *
9 : * This file incorporates work covered by the following license notice:
10 : *
11 : * Licensed to the Apache Software Foundation (ASF) under one or more
12 : * contributor license agreements. See the NOTICE file distributed
13 : * with this work for additional information regarding copyright
14 : * ownership. The ASF licenses this file to you under the Apache
15 : * License, Version 2.0 (the "License"); you may not use this file
16 : * except in compliance with the License. You may obtain a copy of
17 : * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18 : */
19 :
20 : #ifndef _XSEC_CTL_HXX
21 : #define _XSEC_CTL_HXX
22 :
23 : #include <xmlsecurity/sigstruct.hxx>
24 :
25 : #include <com/sun/star/uno/XComponentContext.hpp>
26 : #include <com/sun/star/xml/sax/XParser.hpp>
27 : #include <com/sun/star/lang/XInitialization.hpp>
28 : #include <com/sun/star/xml/sax/XDocumentHandler.hpp>
29 : #include <com/sun/star/xml/sax/XAttributeList.hpp>
30 : #include <com/sun/star/xml/crypto/XXMLSignature.hpp>
31 : #include <com/sun/star/xml/crypto/XSEInitializer.hpp>
32 : #include <com/sun/star/xml/crypto/sax/XSecurityController.hpp>
33 : #include <com/sun/star/xml/crypto/sax/XElementStackKeeper.hpp>
34 : #include <com/sun/star/xml/crypto/sax/XSecuritySAXEventKeeper.hpp>
35 : #include <com/sun/star/xml/crypto/sax/XReferenceResolvedListener.hpp>
36 : #include <com/sun/star/xml/crypto/sax/XSAXEventKeeperStatusChangeListener.hpp>
37 : #include <com/sun/star/xml/crypto/sax/XSignatureCreationResultListener.hpp>
38 : #include <com/sun/star/xml/crypto/sax/XSignatureVerifyResultListener.hpp>
39 : #include <com/sun/star/xml/wrapper/XXMLDocumentWrapper.hpp>
40 : #include <com/sun/star/beans/XFastPropertySet.hpp>
41 : #include <com/sun/star/io/XOutputStream.hpp>
42 : #include <com/sun/star/io/XInputStream.hpp>
43 :
44 : #include <rtl/ustrbuf.hxx>
45 :
46 : #include <cppuhelper/implbase4.hxx>
47 :
48 : #include <vector>
49 :
50 : /*
51 : * all error information
52 : */
53 : #define ERROR_CANNOTCREATEXMLSECURITYCOMPONENT "Can't create XML security components."
54 : #define ERROR_SAXEXCEPTIONDURINGCREATION "A SAX exception is throwed during signature creation."
55 : #define ERROR_IOEXCEPTIONDURINGCREATION "An IO exception is throwed during signature creation."
56 : #define ERROR_EXCEPTIONDURINGCREATION "An exception is throwed during signature creation."
57 :
58 : /*
59 : * all stringS in signature element
60 : */
61 : #define TAG_SIGNATURE "Signature"
62 : #define TAG_SIGNEDINFO "SignedInfo"
63 : #define TAG_CANONICALIZATIONMETHOD "CanonicalizationMethod"
64 : #define TAG_SIGNATUREMETHOD "SignatureMethod"
65 : #define TAG_REFERENCE "Reference"
66 : #define TAG_TRANSFORMS "Transforms"
67 : #define TAG_TRANSFORM "Transform"
68 : #define TAG_DIGESTMETHOD "DigestMethod"
69 : #define TAG_DIGESTVALUE "DigestValue"
70 : #define TAG_SIGNATUREVALUE "SignatureValue"
71 : #define TAG_KEYINFO "KeyInfo"
72 : #define TAG_X509DATA "X509Data"
73 : #define TAG_X509ISSUERSERIAL "X509IssuerSerial"
74 : #define TAG_X509ISSUERNAME "X509IssuerName"
75 : #define TAG_X509SERIALNUMBER "X509SerialNumber"
76 : #define TAG_X509CERTIFICATE "X509Certificate"
77 : #define TAG_OBJECT "Object"
78 : #define TAG_SIGNATUREPROPERTIES "SignatureProperties"
79 : #define TAG_SIGNATUREPROPERTY "SignatureProperty"
80 : #define TAG_TIMESTAMP "timestamp"
81 : #define TAG_DATE "date"
82 : //#define TAG_TIME "time"
83 :
84 : #define ATTR_XMLNS "xmlns"
85 : #define ATTR_ALGORITHM "Algorithm"
86 : #define ATTR_URI "URI"
87 : #define ATTR_ID "Id"
88 : #define ATTR_TARGET "Target"
89 :
90 : #define NSTAG_DC "dc"
91 :
92 : #define NS_XMLDSIG "http://www.w3.org/2000/09/xmldsig#"
93 : //#define NS_DATETIME "http://www.ietf.org/rfcXXXX.txt"
94 : #define NS_DC "http://purl.org/dc/elements/1.1/"
95 :
96 : #define ALGO_C14N "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
97 : #define ALGO_RSASHA1 "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
98 : #define ALGO_XMLDSIGSHA1 "http://www.w3.org/2000/09/xmldsig#sha1"
99 :
100 : #define CHAR_FRAGMENT "#"
101 : #define CHAR_BLANK " "
102 :
103 :
104 : /*
105 : * status of security related components
106 : */
107 : #define UNINITIALIZED 0
108 : #define INITIALIZED 1
109 : #define FAILTOINITIALIZED 2
110 :
111 : #define RTL_ASCII_USTRINGPARAM( asciiStr ) asciiStr, strlen( asciiStr ), RTL_TEXTENCODING_ASCII_US
112 :
113 : // forward declaration
114 : class XSecParser;
115 :
116 0 : class InternalSignatureInformation
117 : {
118 : public:
119 : SignatureInformation signatureInfor;
120 :
121 : com::sun::star::uno::Reference<
122 : com::sun::star::xml::crypto::sax::XReferenceResolvedListener >
123 : xReferenceResolvedListener;
124 :
125 : ::std::vector< sal_Int32 > vKeeperIds;
126 :
127 0 : InternalSignatureInformation(
128 : sal_Int32 nId,
129 : com::sun::star::uno::Reference< com::sun::star::xml::crypto::sax::XReferenceResolvedListener >
130 : xListener)
131 0 : :signatureInfor(nId)
132 : {
133 0 : xReferenceResolvedListener = xListener;
134 0 : }
135 :
136 0 : void addReference( sal_Int32 type, rtl::OUString uri, sal_Int32 keeperId )
137 : {
138 : signatureInfor.vSignatureReferenceInfors.push_back(
139 0 : SignatureReferenceInformation(type, uri));
140 0 : vKeeperIds.push_back( keeperId );
141 0 : }
142 : };
143 :
144 : typedef ::std::vector< InternalSignatureInformation > InternalSignatureInformations;
145 :
146 : class XSecController : public cppu::WeakImplHelper4
147 : <
148 : com::sun::star::xml::crypto::sax::XSecurityController,
149 : //com::sun::star::beans::XFastPropertySet,
150 : com::sun::star::xml::crypto::sax::XSAXEventKeeperStatusChangeListener,
151 : com::sun::star::xml::crypto::sax::XSignatureCreationResultListener,
152 : com::sun::star::xml::crypto::sax::XSignatureVerifyResultListener
153 : >
154 : /****** XSecController.hxx/CLASS XSecController *******************************
155 : *
156 : * NAME
157 : * XSecController -- the xml security framework controller
158 : *
159 : * FUNCTION
160 : * Controlls the whole xml security framework to create signatures or to
161 : * verify signatures.
162 : *
163 : * NOTES
164 : * The XFastPropertySet interface is used to transfer common values to
165 : * classes in other module, for instance, the signature id for all
166 : * sessions is transferred to xmloff module through this interface.
167 : *
168 : * AUTHOR
169 : * Michael Mi
170 : * Email: michael.mi@sun.com
171 : ******************************************************************************/
172 : {
173 : friend class XSecParser;
174 :
175 : private:
176 : com::sun::star::uno::Reference< com::sun::star::uno::XComponentContext> mxCtx;
177 :
178 : /*
179 : * used to buffer SAX events
180 : */
181 : com::sun::star::uno::Reference<
182 : com::sun::star::xml::wrapper::XXMLDocumentWrapper > m_xXMLDocumentWrapper;
183 :
184 : /*
185 : * the SAX events keeper
186 : */
187 : com::sun::star::uno::Reference<
188 : com::sun::star::xml::crypto::sax::XSecuritySAXEventKeeper > m_xSAXEventKeeper;
189 :
190 : /*
191 : * the bridge component which creates/verifies signature
192 : */
193 : com::sun::star::uno::Reference<
194 : com::sun::star::xml::crypto::XXMLSignature > m_xXMLSignature;
195 :
196 : /*
197 : * the Security Context
198 : */
199 : com::sun::star::uno::Reference<
200 : com::sun::star::xml::crypto::XXMLSecurityContext > m_xSecurityContext;
201 :
202 : /*
203 : * the security id incrementer, in order to make any security id unique
204 : * to the SAXEventKeeper.
205 : * Because each XSecController has its own SAXEventKeeper, so this variable
206 : * is not necessary to be static.
207 : */
208 : sal_Int32 m_nNextSecurityId;
209 :
210 : /*
211 : * Signature information
212 : */
213 : InternalSignatureInformations m_vInternalSignatureInformations;
214 :
215 : /*
216 : * the previous node on the SAX chain.
217 : * The reason that use a Reference<XInterface> type variable
218 : * is that the previous components are different when exporting
219 : * and importing, and there is no other common interface they
220 : * can provided.
221 : */
222 : com::sun::star::uno::Reference<
223 : com::sun::star::uno::XInterface > m_xPreviousNodeOnSAXChain;
224 : /*
225 : * whether the preivous node can provide an XInitiazlize interface,
226 : * use this variable in order to typecast the XInterface to the
227 : * correct interface type.
228 : */
229 : bool m_bIsPreviousNodeInitializable;
230 :
231 : /*
232 : * the next node on the SAX chain.
233 : * it can always provide an XDocumentHandler interface.
234 : */
235 : com::sun::star::uno::Reference<
236 : com::sun::star::xml::sax::XDocumentHandler > m_xNextNodeOnSAXChain;
237 :
238 : /*
239 : * the ElementStackKeeper is used to reserve the key SAX events.
240 : * when the SAXEventKeeper is chained on the SAX chain, it need
241 : * first get all missed key SAX events in order to make sure the
242 : * DOM tree it buffering has the same structure with the original
243 : * document.
244 : *
245 : * For a given section of a SAX event stream, the key SAX events
246 : * are the minimal SAX event subset of that section, which,
247 : * combining with SAX events outside of this section, has the same
248 : * structure with the original document.
249 : *
250 : * For example, sees the following dom fragment:
251 : * <A>
252 : * <B/>
253 : * <C>
254 : * <D>
255 : * <E/>
256 : * </D>
257 : * </C>
258 : * </A>
259 : *
260 : * If we consider the SAX event section from startElement(<A>) to
261 : * startElement(<D>), then the key SAX events are:
262 : *
263 : * startElement(<A>), startElement(<C>), startElement(<D>)
264 : *
265 : * The startElement(<B>) and endElement(<B>) is ignored, because
266 : * they are unimportant for the tree structure in this section.
267 : *
268 : * If we consider the SAX event section from startElement(<D>) to
269 : * endElement(<A>), the key SAX events are:
270 : *
271 : * startElement(<D>), endElement(<D>), endElement(<C>),
272 : * endElement(<A>).
273 : */
274 : com::sun::star::uno::Reference<
275 : com::sun::star::xml::crypto::sax::XElementStackKeeper > m_xElementStackKeeper;
276 :
277 : /*
278 : * a flag representing whether the SAXEventKeeper is now on the
279 : * SAX chain.
280 : */
281 : bool m_bIsSAXEventKeeperConnected;
282 :
283 : /*
284 : * a flag representing whether it is collecting some element,
285 : * which means that the SAXEventKeeper can't be chained off the
286 : * SAX chain.
287 : */
288 : bool m_bIsCollectingElement;
289 :
290 : /*
291 : * a flag representing whether the SAX event stream is blocking,
292 : * which also means that the SAXEventKeeper can't be chained off
293 : * the SAX chain.
294 : */
295 : bool m_bIsBlocking;
296 :
297 : /*
298 : * a flag representing the current status of security related
299 : * components.
300 : */
301 : sal_Int32 m_nStatusOfSecurityComponents;
302 :
303 : /*
304 : * a flag representing whether the SAXEventKeeper need to be
305 : * on the SAX chain all the time.
306 : * This flag is used to the situation when creating signature.
307 : */
308 : bool m_bIsSAXEventKeeperSticky;
309 :
310 : /*
311 : * fast property vector
312 : */
313 : std::vector< sal_Int32 > m_vFastPropertyIndexs;
314 : std::vector< com::sun::star::uno::Any > m_vFastPropertyValues;
315 :
316 : /*
317 : * error message pointer
318 : */
319 : const char *m_pErrorMessage;
320 :
321 : /*
322 : * the XSecParser which is used to parse the signature stream
323 : */
324 : XSecParser *m_pXSecParser;
325 :
326 : /*
327 : * the caller assigned signature id for the next signature in the
328 : * signature stream
329 : */
330 : sal_Int32 m_nReservedSignatureId;
331 :
332 : /*
333 : * representing whether to verify the current signature
334 : */
335 : bool m_bVerifyCurrentSignature;
336 : public:
337 : /*
338 : * An xUriBinding is provided to map Uris to XInputStream interfaces.
339 : */
340 : com::sun::star::uno::Reference<
341 : com::sun::star::xml::crypto::XUriBinding > m_xUriBinding;
342 :
343 : private:
344 :
345 : /*
346 : * Common methods
347 : */
348 : sal_Bool convertNumber( sal_Int32& rValue, const rtl::OUString& rString, sal_Int32 nMin, sal_Int32 nMax );
349 : void convertDateTime( ::rtl::OUStringBuffer& rBuffer, const com::sun::star::util::DateTime& rDateTime );
350 : sal_Bool convertDateTime( com::sun::star::util::DateTime& rDateTime, const ::rtl::OUString& rString );
351 :
352 : void createXSecComponent( );
353 : int findSignatureInfor( sal_Int32 nSecurityId ) const;
354 : bool chainOn( bool bRetrievingLastEvent );
355 : void chainOff();
356 : void checkChainingStatus();
357 : void initializeSAXChain();
358 :
359 : com::sun::star::uno::Reference<
360 : com::sun::star::io::XInputStream > getObjectInputStream( const rtl::OUString& objectURL );
361 :
362 : //sal_Int32 getFastPropertyIndex(sal_Int32 nHandle) const;
363 :
364 : /*
365 : * For signature generation
366 : */
367 : rtl::OUString createId();
368 : com::sun::star::uno::Reference<
369 : com::sun::star::xml::crypto::sax::XReferenceResolvedListener > prepareSignatureToWrite(
370 : InternalSignatureInformation& signatureInfo );
371 :
372 : /*
373 : * For signature verification
374 : */
375 : void addSignature();
376 : void addReference( const rtl::OUString& ouUri);
377 : void addStreamReference(
378 : const rtl::OUString& ouUri,
379 : bool isBinary );
380 : void setReferenceCount() const;
381 :
382 : void setX509IssuerName( rtl::OUString& ouX509IssuerName );
383 : void setX509SerialNumber( rtl::OUString& ouX509SerialNumber );
384 : void setX509Certificate( rtl::OUString& ouX509Certificate );
385 : void setSignatureValue( rtl::OUString& ouSignatureValue );
386 : void setDigestValue( rtl::OUString& ouDigestValue );
387 :
388 : void setDate( rtl::OUString& ouDate );
389 :
390 : void setId( rtl::OUString& ouId );
391 : void setPropertyId( rtl::OUString& ouPropertyId );
392 :
393 : com::sun::star::uno::Reference<
394 : com::sun::star::xml::crypto::sax::XReferenceResolvedListener > prepareSignatureToRead(
395 : sal_Int32 nSecurityId );
396 :
397 : public:
398 : XSecController(const com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext>& rxCtx);
399 : ~XSecController();
400 :
401 : sal_Int32 getNewSecurityId( );
402 :
403 : void startMission( const com::sun::star::uno::Reference<
404 : com::sun::star::xml::crypto::XUriBinding >& xUriBinding,
405 : const com::sun::star::uno::Reference<
406 : com::sun::star::xml::crypto::XXMLSecurityContext >& xSecurityContext );
407 :
408 : void setSAXChainConnector(
409 : const com::sun::star::uno::Reference<
410 : com::sun::star::lang::XInitialization >& xInitialization,
411 : const com::sun::star::uno::Reference<
412 : com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler,
413 : const com::sun::star::uno::Reference<
414 : com::sun::star::xml::crypto::sax::XElementStackKeeper >& xElementStackKeeper);
415 :
416 : void clearSAXChainConnector();
417 : void endMission();
418 :
419 : SignatureInformation getSignatureInformation( sal_Int32 nSecurityId ) const;
420 : SignatureInformations getSignatureInformations() const;
421 :
422 : void exportSignature(
423 : const com::sun::star::uno::Reference<
424 : com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler,
425 : const SignatureInformation& signatureInfo );
426 :
427 :
428 : /*
429 : * For signature generation
430 : */
431 : void signAStream( sal_Int32 securityId, const rtl::OUString& uri, const rtl::OUString& objectURL, sal_Bool isBinary);
432 :
433 :
434 : /** sets data that describes the certificate.
435 :
436 : It is absolutely necessary that the parameter ouX509IssuerName is set. It contains
437 : the base64 encoded certificate, which is DER encoded. The XMLSec needs it to find
438 : the private key. Although issuer name and certificate should be sufficient to identify
439 : the certificate the implementation in XMLSec is broken, both for Windows and mozilla.
440 : The reason is that they use functions to find the certificate which take as parameter
441 : the DER encoded ASN.1 issuer name. The issuer name is a DName, where most attributes
442 : are of type DirectoryName, which is a choice of 5 string types. This information is
443 : not contained in the issuer string and while it is converted to the ASN.1 name the
444 : conversion function must assume a particular type, which is often wrong. For example,
445 : the Windows function CertStrToName will use a T.61 string if the string does not contain
446 : special characters. So if the certificate uses simple characters but encodes the
447 : issuer attributes in Utf8, then CertStrToName will use T.61. The resulting DER encoded
448 : ASN.1 name now contains different bytes which indicate the string type. The functions
449 : for finding the certificate apparently use memcmp - hence they fail to find the
450 : certificate.
451 : */
452 : void setX509Certificate(
453 : sal_Int32 nSecurityId,
454 : const rtl::OUString& ouX509IssuerName,
455 : const rtl::OUString& ouX509SerialNumber,
456 : const rtl::OUString& ouX509Cert);
457 : // see the other setX509Certifcate function
458 : void setX509Certificate(
459 : sal_Int32 nSecurityId,
460 : const sal_Int32 nSecurityEnvironmentIndex,
461 : const rtl::OUString& ouX509IssuerName,
462 : const rtl::OUString& ouX509SerialNumber,
463 : const rtl::OUString& ouX509Cert);
464 :
465 : void setDate(
466 : sal_Int32 nSecurityId,
467 : const ::com::sun::star::util::DateTime& rDateTime );
468 :
469 :
470 : bool WriteSignature(
471 : const com::sun::star::uno::Reference<
472 : com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler );
473 :
474 : /*
475 : * For signature verification
476 : */
477 : void collectToVerify( const rtl::OUString& referenceId );
478 : void addSignature( sal_Int32 nSignatureId );
479 : com::sun::star::uno::Reference< com::sun::star::xml::sax::XDocumentHandler > createSignatureReader();
480 : void releaseSignatureReader();
481 :
482 : public:
483 : /* Interface methods */
484 :
485 : /*
486 : * XSecurityController
487 : *
488 : * no method in XSecurityController interface
489 : */
490 :
491 : /*
492 : * XFastPropertySet
493 : */
494 :
495 : /*
496 : * XSAXEventKeeperStatusChangeListener
497 : */
498 : virtual void SAL_CALL blockingStatusChanged( sal_Bool isBlocking )
499 : throw (com::sun::star::uno::RuntimeException);
500 : virtual void SAL_CALL collectionStatusChanged(
501 : sal_Bool isInsideCollectedElement )
502 : throw (com::sun::star::uno::RuntimeException);
503 : virtual void SAL_CALL bufferStatusChanged( sal_Bool isBufferEmpty )
504 : throw (com::sun::star::uno::RuntimeException);
505 :
506 : /*
507 : * XSignatureCreationResultListener
508 : */
509 : virtual void SAL_CALL signatureCreated( sal_Int32 securityId, com::sun::star::xml::crypto::SecurityOperationStatus nResult )
510 : throw (com::sun::star::uno::RuntimeException);
511 :
512 : /*
513 : * XSignatureVerifyResultListener
514 : */
515 : virtual void SAL_CALL signatureVerified( sal_Int32 securityId, com::sun::star::xml::crypto::SecurityOperationStatus nResult )
516 : throw (com::sun::star::uno::RuntimeException);
517 : };
518 :
519 : #endif
520 :
521 :
522 : /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|
