Line data Source code
1 : /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 : /*
3 : * This file is part of the LibreOffice project.
4 : *
5 : * This Source Code Form is subject to the terms of the Mozilla Public
6 : * License, v. 2.0. If a copy of the MPL was not distributed with this
7 : * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 : *
9 : * This file incorporates work covered by the following license notice:
10 : *
11 : * Licensed to the Apache Software Foundation (ASF) under one or more
12 : * contributor license agreements. See the NOTICE file distributed
13 : * with this work for additional information regarding copyright
14 : * ownership. The ASF licenses this file to you under the Apache
15 : * License, Version 2.0 (the "License"); you may not use this file
16 : * except in compliance with the License. You may obtain a copy of
17 : * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18 : */
19 :
20 : #ifndef _XSEC_CTL_HXX
21 : #define _XSEC_CTL_HXX
22 :
23 : #include <xmlsecurity/sigstruct.hxx>
24 :
25 : #include <com/sun/star/uno/XComponentContext.hpp>
26 : #include <com/sun/star/xml/sax/XParser.hpp>
27 : #include <com/sun/star/lang/XInitialization.hpp>
28 : #include <com/sun/star/xml/sax/XDocumentHandler.hpp>
29 : #include <com/sun/star/xml/sax/XAttributeList.hpp>
30 : #include <com/sun/star/xml/crypto/XXMLSignature.hpp>
31 : #include <com/sun/star/xml/crypto/XSEInitializer.hpp>
32 : #include <com/sun/star/xml/crypto/sax/XSecurityController.hpp>
33 : #include <com/sun/star/xml/crypto/sax/XElementStackKeeper.hpp>
34 : #include <com/sun/star/xml/crypto/sax/XSecuritySAXEventKeeper.hpp>
35 : #include <com/sun/star/xml/crypto/sax/XReferenceResolvedListener.hpp>
36 : #include <com/sun/star/xml/crypto/sax/XSAXEventKeeperStatusChangeListener.hpp>
37 : #include <com/sun/star/xml/crypto/sax/XSignatureCreationResultListener.hpp>
38 : #include <com/sun/star/xml/crypto/sax/XSignatureVerifyResultListener.hpp>
39 : #include <com/sun/star/xml/wrapper/XXMLDocumentWrapper.hpp>
40 : #include <com/sun/star/beans/XFastPropertySet.hpp>
41 : #include <com/sun/star/io/XOutputStream.hpp>
42 : #include <com/sun/star/io/XInputStream.hpp>
43 :
44 : #include <rtl/ustrbuf.hxx>
45 :
46 : #include <cppuhelper/implbase4.hxx>
47 :
48 : #include <vector>
49 :
50 : /*
51 : * all error information
52 : */
53 : #define ERROR_CANNOTCREATEXMLSECURITYCOMPONENT "Can't create XML security components."
54 : #define ERROR_SAXEXCEPTIONDURINGCREATION "A SAX exception is throwed during signature creation."
55 : #define ERROR_IOEXCEPTIONDURINGCREATION "An IO exception is throwed during signature creation."
56 : #define ERROR_EXCEPTIONDURINGCREATION "An exception is throwed during signature creation."
57 :
58 : /*
59 : * all stringS in signature element
60 : */
61 : #define TAG_SIGNATURE "Signature"
62 : #define TAG_SIGNEDINFO "SignedInfo"
63 : #define TAG_CANONICALIZATIONMETHOD "CanonicalizationMethod"
64 : #define TAG_SIGNATUREMETHOD "SignatureMethod"
65 : #define TAG_REFERENCE "Reference"
66 : #define TAG_TRANSFORMS "Transforms"
67 : #define TAG_TRANSFORM "Transform"
68 : #define TAG_DIGESTMETHOD "DigestMethod"
69 : #define TAG_DIGESTVALUE "DigestValue"
70 : #define TAG_SIGNATUREVALUE "SignatureValue"
71 : #define TAG_KEYINFO "KeyInfo"
72 : #define TAG_X509DATA "X509Data"
73 : #define TAG_X509ISSUERSERIAL "X509IssuerSerial"
74 : #define TAG_X509ISSUERNAME "X509IssuerName"
75 : #define TAG_X509SERIALNUMBER "X509SerialNumber"
76 : #define TAG_X509CERTIFICATE "X509Certificate"
77 : #define TAG_OBJECT "Object"
78 : #define TAG_SIGNATUREPROPERTIES "SignatureProperties"
79 : #define TAG_SIGNATUREPROPERTY "SignatureProperty"
80 : #define TAG_TIMESTAMP "timestamp"
81 : #define TAG_DATE "date"
82 : //#define TAG_TIME "time"
83 :
84 : #define ATTR_XMLNS "xmlns"
85 : #define ATTR_ALGORITHM "Algorithm"
86 : #define ATTR_URI "URI"
87 : #define ATTR_ID "Id"
88 : #define ATTR_TARGET "Target"
89 :
90 : #define NSTAG_DC "dc"
91 :
92 : #define NS_XMLDSIG "http://www.w3.org/2000/09/xmldsig#"
93 : //#define NS_DATETIME "http://www.ietf.org/rfcXXXX.txt"
94 : #define NS_DC "http://purl.org/dc/elements/1.1/"
95 :
96 : #define ALGO_C14N "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
97 : #define ALGO_RSASHA1 "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
98 : #define ALGO_XMLDSIGSHA1 "http://www.w3.org/2000/09/xmldsig#sha1"
99 :
100 : #define CHAR_FRAGMENT "#"
101 : #define CHAR_BLANK " "
102 :
103 :
104 : /*
105 : * status of security related components
106 : */
107 : #define UNINITIALIZED 0
108 : #define INITIALIZED 1
109 : #define FAILTOINITIALIZED 2
110 :
111 : // forward declaration
112 : class XSecParser;
113 :
114 0 : class InternalSignatureInformation
115 : {
116 : public:
117 : SignatureInformation signatureInfor;
118 :
119 : com::sun::star::uno::Reference<
120 : com::sun::star::xml::crypto::sax::XReferenceResolvedListener >
121 : xReferenceResolvedListener;
122 :
123 : ::std::vector< sal_Int32 > vKeeperIds;
124 :
125 0 : InternalSignatureInformation(
126 : sal_Int32 nId,
127 : com::sun::star::uno::Reference< com::sun::star::xml::crypto::sax::XReferenceResolvedListener >
128 : xListener)
129 0 : :signatureInfor(nId)
130 : {
131 0 : xReferenceResolvedListener = xListener;
132 0 : }
133 :
134 0 : void addReference( sal_Int32 type, const OUString& uri, sal_Int32 keeperId )
135 : {
136 : signatureInfor.vSignatureReferenceInfors.push_back(
137 0 : SignatureReferenceInformation(type, uri));
138 0 : vKeeperIds.push_back( keeperId );
139 0 : }
140 : };
141 :
142 : typedef ::std::vector< InternalSignatureInformation > InternalSignatureInformations;
143 :
144 : class XSecController : public cppu::WeakImplHelper4
145 : <
146 : com::sun::star::xml::crypto::sax::XSecurityController,
147 : //com::sun::star::beans::XFastPropertySet,
148 : com::sun::star::xml::crypto::sax::XSAXEventKeeperStatusChangeListener,
149 : com::sun::star::xml::crypto::sax::XSignatureCreationResultListener,
150 : com::sun::star::xml::crypto::sax::XSignatureVerifyResultListener
151 : >
152 : /****** XSecController.hxx/CLASS XSecController *******************************
153 : *
154 : * NAME
155 : * XSecController -- the xml security framework controller
156 : *
157 : * FUNCTION
158 : * Controlls the whole xml security framework to create signatures or to
159 : * verify signatures.
160 : *
161 : * NOTES
162 : * The XFastPropertySet interface is used to transfer common values to
163 : * classes in other module, for instance, the signature id for all
164 : * sessions is transferred to xmloff module through this interface.
165 : *
166 : * AUTHOR
167 : * Michael Mi
168 : * Email: michael.mi@sun.com
169 : ******************************************************************************/
170 : {
171 : friend class XSecParser;
172 :
173 : private:
174 : com::sun::star::uno::Reference< com::sun::star::uno::XComponentContext> mxCtx;
175 :
176 : /*
177 : * used to buffer SAX events
178 : */
179 : com::sun::star::uno::Reference<
180 : com::sun::star::xml::wrapper::XXMLDocumentWrapper > m_xXMLDocumentWrapper;
181 :
182 : /*
183 : * the SAX events keeper
184 : */
185 : com::sun::star::uno::Reference<
186 : com::sun::star::xml::crypto::sax::XSecuritySAXEventKeeper > m_xSAXEventKeeper;
187 :
188 : /*
189 : * the bridge component which creates/verifies signature
190 : */
191 : com::sun::star::uno::Reference<
192 : com::sun::star::xml::crypto::XXMLSignature > m_xXMLSignature;
193 :
194 : /*
195 : * the Security Context
196 : */
197 : com::sun::star::uno::Reference<
198 : com::sun::star::xml::crypto::XXMLSecurityContext > m_xSecurityContext;
199 :
200 : /*
201 : * the security id incrementer, in order to make any security id unique
202 : * to the SAXEventKeeper.
203 : * Because each XSecController has its own SAXEventKeeper, so this variable
204 : * is not necessary to be static.
205 : */
206 : sal_Int32 m_nNextSecurityId;
207 :
208 : /*
209 : * Signature information
210 : */
211 : InternalSignatureInformations m_vInternalSignatureInformations;
212 :
213 : /*
214 : * the previous node on the SAX chain.
215 : * The reason that use a Reference<XInterface> type variable
216 : * is that the previous components are different when exporting
217 : * and importing, and there is no other common interface they
218 : * can provided.
219 : */
220 : com::sun::star::uno::Reference<
221 : com::sun::star::uno::XInterface > m_xPreviousNodeOnSAXChain;
222 : /*
223 : * whether the preivous node can provide an XInitiazlize interface,
224 : * use this variable in order to typecast the XInterface to the
225 : * correct interface type.
226 : */
227 : bool m_bIsPreviousNodeInitializable;
228 :
229 : /*
230 : * the next node on the SAX chain.
231 : * it can always provide an XDocumentHandler interface.
232 : */
233 : com::sun::star::uno::Reference<
234 : com::sun::star::xml::sax::XDocumentHandler > m_xNextNodeOnSAXChain;
235 :
236 : /*
237 : * the ElementStackKeeper is used to reserve the key SAX events.
238 : * when the SAXEventKeeper is chained on the SAX chain, it need
239 : * first get all missed key SAX events in order to make sure the
240 : * DOM tree it buffering has the same structure with the original
241 : * document.
242 : *
243 : * For a given section of a SAX event stream, the key SAX events
244 : * are the minimal SAX event subset of that section, which,
245 : * combining with SAX events outside of this section, has the same
246 : * structure with the original document.
247 : *
248 : * For example, sees the following dom fragment:
249 : * <A>
250 : * <B/>
251 : * <C>
252 : * <D>
253 : * <E/>
254 : * </D>
255 : * </C>
256 : * </A>
257 : *
258 : * If we consider the SAX event section from startElement(<A>) to
259 : * startElement(<D>), then the key SAX events are:
260 : *
261 : * startElement(<A>), startElement(<C>), startElement(<D>)
262 : *
263 : * The startElement(<B>) and endElement(<B>) is ignored, because
264 : * they are unimportant for the tree structure in this section.
265 : *
266 : * If we consider the SAX event section from startElement(<D>) to
267 : * endElement(<A>), the key SAX events are:
268 : *
269 : * startElement(<D>), endElement(<D>), endElement(<C>),
270 : * endElement(<A>).
271 : */
272 : com::sun::star::uno::Reference<
273 : com::sun::star::xml::crypto::sax::XElementStackKeeper > m_xElementStackKeeper;
274 :
275 : /*
276 : * a flag representing whether the SAXEventKeeper is now on the
277 : * SAX chain.
278 : */
279 : bool m_bIsSAXEventKeeperConnected;
280 :
281 : /*
282 : * a flag representing whether it is collecting some element,
283 : * which means that the SAXEventKeeper can't be chained off the
284 : * SAX chain.
285 : */
286 : bool m_bIsCollectingElement;
287 :
288 : /*
289 : * a flag representing whether the SAX event stream is blocking,
290 : * which also means that the SAXEventKeeper can't be chained off
291 : * the SAX chain.
292 : */
293 : bool m_bIsBlocking;
294 :
295 : /*
296 : * a flag representing the current status of security related
297 : * components.
298 : */
299 : sal_Int32 m_nStatusOfSecurityComponents;
300 :
301 : /*
302 : * a flag representing whether the SAXEventKeeper need to be
303 : * on the SAX chain all the time.
304 : * This flag is used to the situation when creating signature.
305 : */
306 : bool m_bIsSAXEventKeeperSticky;
307 :
308 : /*
309 : * fast property vector
310 : */
311 : std::vector< sal_Int32 > m_vFastPropertyIndexs;
312 : std::vector< com::sun::star::uno::Any > m_vFastPropertyValues;
313 :
314 : /*
315 : * error message pointer
316 : */
317 : const char *m_pErrorMessage;
318 :
319 : /*
320 : * the XSecParser which is used to parse the signature stream
321 : */
322 : XSecParser *m_pXSecParser;
323 :
324 : /*
325 : * the caller assigned signature id for the next signature in the
326 : * signature stream
327 : */
328 : sal_Int32 m_nReservedSignatureId;
329 :
330 : /*
331 : * representing whether to verify the current signature
332 : */
333 : bool m_bVerifyCurrentSignature;
334 : public:
335 : /*
336 : * An xUriBinding is provided to map Uris to XInputStream interfaces.
337 : */
338 : com::sun::star::uno::Reference<
339 : com::sun::star::xml::crypto::XUriBinding > m_xUriBinding;
340 :
341 : private:
342 :
343 : /*
344 : * Common methods
345 : */
346 : void createXSecComponent( );
347 : int findSignatureInfor( sal_Int32 nSecurityId ) const;
348 : bool chainOn( bool bRetrievingLastEvent );
349 : void chainOff();
350 : void checkChainingStatus();
351 : void initializeSAXChain();
352 :
353 : com::sun::star::uno::Reference<
354 : com::sun::star::io::XInputStream > getObjectInputStream( const OUString& objectURL );
355 :
356 : //sal_Int32 getFastPropertyIndex(sal_Int32 nHandle) const;
357 :
358 : /*
359 : * For signature generation
360 : */
361 : OUString createId();
362 : com::sun::star::uno::Reference<
363 : com::sun::star::xml::crypto::sax::XReferenceResolvedListener > prepareSignatureToWrite(
364 : InternalSignatureInformation& signatureInfo );
365 :
366 : /*
367 : * For signature verification
368 : */
369 : void addSignature();
370 : void addReference( const OUString& ouUri);
371 : void addStreamReference(
372 : const OUString& ouUri,
373 : bool isBinary );
374 : void setReferenceCount() const;
375 :
376 : void setX509IssuerName( OUString& ouX509IssuerName );
377 : void setX509SerialNumber( OUString& ouX509SerialNumber );
378 : void setX509Certificate( OUString& ouX509Certificate );
379 : void setSignatureValue( OUString& ouSignatureValue );
380 : void setDigestValue( OUString& ouDigestValue );
381 :
382 : void setDate( OUString& ouDate );
383 :
384 : void setId( OUString& ouId );
385 : void setPropertyId( OUString& ouPropertyId );
386 :
387 : com::sun::star::uno::Reference<
388 : com::sun::star::xml::crypto::sax::XReferenceResolvedListener > prepareSignatureToRead(
389 : sal_Int32 nSecurityId );
390 :
391 : public:
392 : XSecController(const com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext>& rxCtx);
393 : virtual ~XSecController();
394 :
395 : sal_Int32 getNewSecurityId( );
396 :
397 : void startMission( const com::sun::star::uno::Reference<
398 : com::sun::star::xml::crypto::XUriBinding >& xUriBinding,
399 : const com::sun::star::uno::Reference<
400 : com::sun::star::xml::crypto::XXMLSecurityContext >& xSecurityContext );
401 :
402 : void setSAXChainConnector(
403 : const com::sun::star::uno::Reference<
404 : com::sun::star::lang::XInitialization >& xInitialization,
405 : const com::sun::star::uno::Reference<
406 : com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler,
407 : const com::sun::star::uno::Reference<
408 : com::sun::star::xml::crypto::sax::XElementStackKeeper >& xElementStackKeeper);
409 :
410 : void clearSAXChainConnector();
411 : void endMission();
412 :
413 : SignatureInformation getSignatureInformation( sal_Int32 nSecurityId ) const;
414 : SignatureInformations getSignatureInformations() const;
415 :
416 : void exportSignature(
417 : const com::sun::star::uno::Reference<
418 : com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler,
419 : const SignatureInformation& signatureInfo );
420 :
421 :
422 : /*
423 : * For signature generation
424 : */
425 : void signAStream( sal_Int32 securityId, const OUString& uri, const OUString& objectURL, sal_Bool isBinary);
426 :
427 :
428 : /** sets data that describes the certificate.
429 :
430 : It is absolutely necessary that the parameter ouX509IssuerName is set. It contains
431 : the base64 encoded certificate, which is DER encoded. The XMLSec needs it to find
432 : the private key. Although issuer name and certificate should be sufficient to identify
433 : the certificate the implementation in XMLSec is broken, both for Windows and mozilla.
434 : The reason is that they use functions to find the certificate which take as parameter
435 : the DER encoded ASN.1 issuer name. The issuer name is a DName, where most attributes
436 : are of type DirectoryName, which is a choice of 5 string types. This information is
437 : not contained in the issuer string and while it is converted to the ASN.1 name the
438 : conversion function must assume a particular type, which is often wrong. For example,
439 : the Windows function CertStrToName will use a T.61 string if the string does not contain
440 : special characters. So if the certificate uses simple characters but encodes the
441 : issuer attributes in Utf8, then CertStrToName will use T.61. The resulting DER encoded
442 : ASN.1 name now contains different bytes which indicate the string type. The functions
443 : for finding the certificate apparently use memcmp - hence they fail to find the
444 : certificate.
445 : */
446 : void setX509Certificate(
447 : sal_Int32 nSecurityId,
448 : const OUString& ouX509IssuerName,
449 : const OUString& ouX509SerialNumber,
450 : const OUString& ouX509Cert);
451 : // see the other setX509Certifcate function
452 : void setX509Certificate(
453 : sal_Int32 nSecurityId,
454 : const sal_Int32 nSecurityEnvironmentIndex,
455 : const OUString& ouX509IssuerName,
456 : const OUString& ouX509SerialNumber,
457 : const OUString& ouX509Cert);
458 :
459 : void setDate(
460 : sal_Int32 nSecurityId,
461 : const ::com::sun::star::util::DateTime& rDateTime );
462 :
463 :
464 : bool WriteSignature(
465 : const com::sun::star::uno::Reference<
466 : com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler );
467 :
468 : /*
469 : * For signature verification
470 : */
471 : void collectToVerify( const OUString& referenceId );
472 : void addSignature( sal_Int32 nSignatureId );
473 : com::sun::star::uno::Reference< com::sun::star::xml::sax::XDocumentHandler > createSignatureReader();
474 : void releaseSignatureReader();
475 :
476 : public:
477 : /* Interface methods */
478 :
479 : /*
480 : * XSecurityController
481 : *
482 : * no method in XSecurityController interface
483 : */
484 :
485 : /*
486 : * XFastPropertySet
487 : */
488 :
489 : /*
490 : * XSAXEventKeeperStatusChangeListener
491 : */
492 : virtual void SAL_CALL blockingStatusChanged( sal_Bool isBlocking )
493 : throw (com::sun::star::uno::RuntimeException, std::exception) SAL_OVERRIDE;
494 : virtual void SAL_CALL collectionStatusChanged(
495 : sal_Bool isInsideCollectedElement )
496 : throw (com::sun::star::uno::RuntimeException, std::exception) SAL_OVERRIDE;
497 : virtual void SAL_CALL bufferStatusChanged( sal_Bool isBufferEmpty )
498 : throw (com::sun::star::uno::RuntimeException, std::exception) SAL_OVERRIDE;
499 :
500 : /*
501 : * XSignatureCreationResultListener
502 : */
503 : virtual void SAL_CALL signatureCreated( sal_Int32 securityId, com::sun::star::xml::crypto::SecurityOperationStatus nResult )
504 : throw (com::sun::star::uno::RuntimeException, std::exception) SAL_OVERRIDE;
505 :
506 : /*
507 : * XSignatureVerifyResultListener
508 : */
509 : virtual void SAL_CALL signatureVerified( sal_Int32 securityId, com::sun::star::xml::crypto::SecurityOperationStatus nResult )
510 : throw (com::sun::star::uno::RuntimeException, std::exception) SAL_OVERRIDE;
511 : };
512 :
513 : #endif
514 :
515 :
516 : /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|
