Line data Source code
1 : /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 : /*
3 : * This file is part of the LibreOffice project.
4 : *
5 : * This Source Code Form is subject to the terms of the Mozilla Public
6 : * License, v. 2.0. If a copy of the MPL was not distributed with this
7 : * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 : *
9 : * This file incorporates work covered by the following license notice:
10 : *
11 : * Licensed to the Apache Software Foundation (ASF) under one or more
12 : * contributor license agreements. See the NOTICE file distributed
13 : * with this work for additional information regarding copyright
14 : * ownership. The ASF licenses this file to you under the Apache
15 : * License, Version 2.0 (the "License"); you may not use this file
16 : * except in compliance with the License. You may obtain a copy of
17 : * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18 : */
19 :
20 : #ifndef INCLUDED_XMLSECURITY_SOURCE_HELPER_XSECCTL_HXX
21 : #define INCLUDED_XMLSECURITY_SOURCE_HELPER_XSECCTL_HXX
22 :
23 : #include <xmlsecurity/sigstruct.hxx>
24 :
25 : #include <com/sun/star/uno/XComponentContext.hpp>
26 : #include <com/sun/star/xml/sax/XParser.hpp>
27 : #include <com/sun/star/lang/XInitialization.hpp>
28 : #include <com/sun/star/xml/sax/XDocumentHandler.hpp>
29 : #include <com/sun/star/xml/sax/XAttributeList.hpp>
30 : #include <com/sun/star/xml/crypto/XXMLSignature.hpp>
31 : #include <com/sun/star/xml/crypto/XSEInitializer.hpp>
32 : #include <com/sun/star/xml/crypto/sax/XSecurityController.hpp>
33 : #include <com/sun/star/xml/crypto/sax/XElementStackKeeper.hpp>
34 : #include <com/sun/star/xml/crypto/sax/XSecuritySAXEventKeeper.hpp>
35 : #include <com/sun/star/xml/crypto/sax/XReferenceResolvedListener.hpp>
36 : #include <com/sun/star/xml/crypto/sax/XSAXEventKeeperStatusChangeListener.hpp>
37 : #include <com/sun/star/xml/crypto/sax/XSignatureCreationResultListener.hpp>
38 : #include <com/sun/star/xml/crypto/sax/XSignatureVerifyResultListener.hpp>
39 : #include <com/sun/star/xml/wrapper/XXMLDocumentWrapper.hpp>
40 : #include <com/sun/star/beans/XFastPropertySet.hpp>
41 : #include <com/sun/star/io/XOutputStream.hpp>
42 : #include <com/sun/star/io/XInputStream.hpp>
43 :
44 : #include <rtl/ustrbuf.hxx>
45 :
46 : #include <cppuhelper/implbase4.hxx>
47 :
48 : #include <vector>
49 :
50 : /*
51 : * all error information
52 : */
53 : #define ERROR_CANNOTCREATEXMLSECURITYCOMPONENT "Can't create XML security components."
54 : #define ERROR_SAXEXCEPTIONDURINGCREATION "A SAX exception is throwed during signature creation."
55 : #define ERROR_IOEXCEPTIONDURINGCREATION "An IO exception is throwed during signature creation."
56 : #define ERROR_EXCEPTIONDURINGCREATION "An exception is throwed during signature creation."
57 :
58 : /*
59 : * all stringS in signature element
60 : */
61 : #define TAG_SIGNATURE "Signature"
62 : #define TAG_SIGNEDINFO "SignedInfo"
63 : #define TAG_CANONICALIZATIONMETHOD "CanonicalizationMethod"
64 : #define TAG_SIGNATUREMETHOD "SignatureMethod"
65 : #define TAG_REFERENCE "Reference"
66 : #define TAG_TRANSFORMS "Transforms"
67 : #define TAG_TRANSFORM "Transform"
68 : #define TAG_DIGESTMETHOD "DigestMethod"
69 : #define TAG_DIGESTVALUE "DigestValue"
70 : #define TAG_SIGNATUREVALUE "SignatureValue"
71 : #define TAG_KEYINFO "KeyInfo"
72 : #define TAG_X509DATA "X509Data"
73 : #define TAG_X509ISSUERSERIAL "X509IssuerSerial"
74 : #define TAG_X509ISSUERNAME "X509IssuerName"
75 : #define TAG_X509SERIALNUMBER "X509SerialNumber"
76 : #define TAG_X509CERTIFICATE "X509Certificate"
77 : #define TAG_OBJECT "Object"
78 : #define TAG_SIGNATUREPROPERTIES "SignatureProperties"
79 : #define TAG_SIGNATUREPROPERTY "SignatureProperty"
80 : #define TAG_TIMESTAMP "timestamp"
81 : #define TAG_DATE "date"
82 : //#define TAG_TIME "time"
83 :
84 : #define ATTR_XMLNS "xmlns"
85 : #define ATTR_ALGORITHM "Algorithm"
86 : #define ATTR_URI "URI"
87 : #define ATTR_ID "Id"
88 : #define ATTR_TARGET "Target"
89 :
90 : #define NSTAG_DC "dc"
91 :
92 : #define NS_XMLDSIG "http://www.w3.org/2000/09/xmldsig#"
93 : //#define NS_DATETIME "http://www.ietf.org/rfcXXXX.txt"
94 : #define NS_DC "http://purl.org/dc/elements/1.1/"
95 :
96 : #define ALGO_C14N "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
97 : #define ALGO_RSASHA1 "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
98 : #define ALGO_XMLDSIGSHA1 "http://www.w3.org/2000/09/xmldsig#sha1"
99 :
100 : #define CHAR_FRAGMENT "#"
101 : #define CHAR_BLANK " "
102 :
103 :
104 : /*
105 : * status of security related components
106 : */
107 : #define UNINITIALIZED 0
108 : #define INITIALIZED 1
109 : #define FAILTOINITIALIZED 2
110 :
111 : class XSecParser;
112 :
113 0 : class InternalSignatureInformation
114 : {
115 : public:
116 : SignatureInformation signatureInfor;
117 :
118 : com::sun::star::uno::Reference<
119 : com::sun::star::xml::crypto::sax::XReferenceResolvedListener >
120 : xReferenceResolvedListener;
121 :
122 : ::std::vector< sal_Int32 > vKeeperIds;
123 :
124 0 : InternalSignatureInformation(
125 : sal_Int32 nId,
126 : com::sun::star::uno::Reference< com::sun::star::xml::crypto::sax::XReferenceResolvedListener >
127 : xListener)
128 0 : :signatureInfor(nId)
129 : {
130 0 : xReferenceResolvedListener = xListener;
131 0 : }
132 :
133 0 : void addReference( sal_Int32 type, const OUString& uri, sal_Int32 keeperId )
134 : {
135 : signatureInfor.vSignatureReferenceInfors.push_back(
136 0 : SignatureReferenceInformation(type, uri));
137 0 : vKeeperIds.push_back( keeperId );
138 0 : }
139 : };
140 :
141 : typedef ::std::vector< InternalSignatureInformation > InternalSignatureInformations;
142 :
143 : class XSecController : public cppu::WeakImplHelper4
144 : <
145 : com::sun::star::xml::crypto::sax::XSecurityController,
146 : //com::sun::star::beans::XFastPropertySet,
147 : com::sun::star::xml::crypto::sax::XSAXEventKeeperStatusChangeListener,
148 : com::sun::star::xml::crypto::sax::XSignatureCreationResultListener,
149 : com::sun::star::xml::crypto::sax::XSignatureVerifyResultListener
150 : >
151 : /****** XSecController.hxx/CLASS XSecController *******************************
152 : *
153 : * NAME
154 : * XSecController -- the xml security framework controller
155 : *
156 : * FUNCTION
157 : * Controls the whole xml security framework to create signatures or to
158 : * verify signatures.
159 : *
160 : * NOTES
161 : * The XFastPropertySet interface is used to transfer common values to
162 : * classes in other module, for instance, the signature id for all
163 : * sessions is transferred to xmloff module through this interface.
164 : *
165 : * AUTHOR
166 : * Michael Mi
167 : * Email: michael.mi@sun.com
168 : ******************************************************************************/
169 : {
170 : friend class XSecParser;
171 :
172 : private:
173 : com::sun::star::uno::Reference< com::sun::star::uno::XComponentContext> mxCtx;
174 :
175 : /*
176 : * used to buffer SAX events
177 : */
178 : com::sun::star::uno::Reference<
179 : com::sun::star::xml::wrapper::XXMLDocumentWrapper > m_xXMLDocumentWrapper;
180 :
181 : /*
182 : * the SAX events keeper
183 : */
184 : com::sun::star::uno::Reference<
185 : com::sun::star::xml::crypto::sax::XSecuritySAXEventKeeper > m_xSAXEventKeeper;
186 :
187 : /*
188 : * the bridge component which creates/verifies signature
189 : */
190 : com::sun::star::uno::Reference<
191 : com::sun::star::xml::crypto::XXMLSignature > m_xXMLSignature;
192 :
193 : /*
194 : * the Security Context
195 : */
196 : com::sun::star::uno::Reference<
197 : com::sun::star::xml::crypto::XXMLSecurityContext > m_xSecurityContext;
198 :
199 : /*
200 : * the security id incrementer, in order to make any security id unique
201 : * to the SAXEventKeeper.
202 : * Because each XSecController has its own SAXEventKeeper, so this variable
203 : * is not necessary to be static.
204 : */
205 : sal_Int32 m_nNextSecurityId;
206 :
207 : /*
208 : * Signature information
209 : */
210 : InternalSignatureInformations m_vInternalSignatureInformations;
211 :
212 : /*
213 : * the previous node on the SAX chain.
214 : * The reason that use a Reference<XInterface> type variable
215 : * is that the previous components are different when exporting
216 : * and importing, and there is no other common interface they
217 : * can provided.
218 : */
219 : com::sun::star::uno::Reference<
220 : com::sun::star::uno::XInterface > m_xPreviousNodeOnSAXChain;
221 : /*
222 : * whether the preivous node can provide an XInitiazlize interface,
223 : * use this variable in order to typecast the XInterface to the
224 : * correct interface type.
225 : */
226 : bool m_bIsPreviousNodeInitializable;
227 :
228 : /*
229 : * the next node on the SAX chain.
230 : * it can always provide an XDocumentHandler interface.
231 : */
232 : com::sun::star::uno::Reference<
233 : com::sun::star::xml::sax::XDocumentHandler > m_xNextNodeOnSAXChain;
234 :
235 : /*
236 : * the ElementStackKeeper is used to reserve the key SAX events.
237 : * when the SAXEventKeeper is chained on the SAX chain, it need
238 : * first get all missed key SAX events in order to make sure the
239 : * DOM tree it buffering has the same structure with the original
240 : * document.
241 : *
242 : * For a given section of a SAX event stream, the key SAX events
243 : * are the minimal SAX event subset of that section, which,
244 : * combining with SAX events outside of this section, has the same
245 : * structure with the original document.
246 : *
247 : * For example, sees the following dom fragment:
248 : * <A>
249 : * <B/>
250 : * <C>
251 : * <D>
252 : * <E/>
253 : * </D>
254 : * </C>
255 : * </A>
256 : *
257 : * If we consider the SAX event section from startElement(<A>) to
258 : * startElement(<D>), then the key SAX events are:
259 : *
260 : * startElement(<A>), startElement(<C>), startElement(<D>)
261 : *
262 : * The startElement(<B>) and endElement(<B>) is ignored, because
263 : * they are unimportant for the tree structure in this section.
264 : *
265 : * If we consider the SAX event section from startElement(<D>) to
266 : * endElement(<A>), the key SAX events are:
267 : *
268 : * startElement(<D>), endElement(<D>), endElement(<C>),
269 : * endElement(<A>).
270 : */
271 : com::sun::star::uno::Reference<
272 : com::sun::star::xml::crypto::sax::XElementStackKeeper > m_xElementStackKeeper;
273 :
274 : /*
275 : * a flag representing whether the SAXEventKeeper is now on the
276 : * SAX chain.
277 : */
278 : bool m_bIsSAXEventKeeperConnected;
279 :
280 : /*
281 : * a flag representing whether it is collecting some element,
282 : * which means that the SAXEventKeeper can't be chained off the
283 : * SAX chain.
284 : */
285 : bool m_bIsCollectingElement;
286 :
287 : /*
288 : * a flag representing whether the SAX event stream is blocking,
289 : * which also means that the SAXEventKeeper can't be chained off
290 : * the SAX chain.
291 : */
292 : bool m_bIsBlocking;
293 :
294 : /*
295 : * a flag representing the current status of security related
296 : * components.
297 : */
298 : sal_Int32 m_nStatusOfSecurityComponents;
299 :
300 : /*
301 : * a flag representing whether the SAXEventKeeper need to be
302 : * on the SAX chain all the time.
303 : * This flag is used to the situation when creating signature.
304 : */
305 : bool m_bIsSAXEventKeeperSticky;
306 :
307 : /*
308 : * fast property vector
309 : */
310 : std::vector< sal_Int32 > m_vFastPropertyIndexs;
311 : std::vector< com::sun::star::uno::Any > m_vFastPropertyValues;
312 :
313 : /*
314 : * error message pointer
315 : */
316 : const char *m_pErrorMessage;
317 :
318 : /*
319 : * the XSecParser which is used to parse the signature stream
320 : */
321 : XSecParser *m_pXSecParser;
322 :
323 : /*
324 : * the caller assigned signature id for the next signature in the
325 : * signature stream
326 : */
327 : sal_Int32 m_nReservedSignatureId;
328 :
329 : /*
330 : * representing whether to verify the current signature
331 : */
332 : bool m_bVerifyCurrentSignature;
333 : public:
334 : /*
335 : * An xUriBinding is provided to map Uris to XInputStream interfaces.
336 : */
337 : com::sun::star::uno::Reference<
338 : com::sun::star::xml::crypto::XUriBinding > m_xUriBinding;
339 :
340 : private:
341 :
342 : /*
343 : * Common methods
344 : */
345 : void createXSecComponent( );
346 : int findSignatureInfor( sal_Int32 nSecurityId ) const;
347 : bool chainOn( bool bRetrievingLastEvent );
348 : void chainOff();
349 : void checkChainingStatus();
350 : void initializeSAXChain();
351 :
352 : com::sun::star::uno::Reference<
353 : com::sun::star::io::XInputStream > getObjectInputStream( const OUString& objectURL );
354 :
355 : //sal_Int32 getFastPropertyIndex(sal_Int32 nHandle) const;
356 :
357 : /*
358 : * For signature generation
359 : */
360 : static OUString createId();
361 : com::sun::star::uno::Reference<
362 : com::sun::star::xml::crypto::sax::XReferenceResolvedListener > prepareSignatureToWrite(
363 : InternalSignatureInformation& signatureInfo );
364 :
365 : /*
366 : * For signature verification
367 : */
368 : void addSignature();
369 : void addReference( const OUString& ouUri);
370 : void addStreamReference(
371 : const OUString& ouUri,
372 : bool isBinary );
373 : void setReferenceCount() const;
374 :
375 : void setX509IssuerName( OUString& ouX509IssuerName );
376 : void setX509SerialNumber( OUString& ouX509SerialNumber );
377 : void setX509Certificate( OUString& ouX509Certificate );
378 : void setSignatureValue( OUString& ouSignatureValue );
379 : void setDigestValue( OUString& ouDigestValue );
380 :
381 : void setDate( OUString& ouDate );
382 :
383 : void setId( OUString& ouId );
384 : void setPropertyId( OUString& ouPropertyId );
385 :
386 : com::sun::star::uno::Reference<
387 : com::sun::star::xml::crypto::sax::XReferenceResolvedListener > prepareSignatureToRead(
388 : sal_Int32 nSecurityId );
389 :
390 : public:
391 : explicit XSecController(const com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext>& rxCtx);
392 : virtual ~XSecController();
393 :
394 : sal_Int32 getNewSecurityId( );
395 :
396 : void startMission( const com::sun::star::uno::Reference<
397 : com::sun::star::xml::crypto::XUriBinding >& xUriBinding,
398 : const com::sun::star::uno::Reference<
399 : com::sun::star::xml::crypto::XXMLSecurityContext >& xSecurityContext );
400 :
401 : void setSAXChainConnector(
402 : const com::sun::star::uno::Reference<
403 : com::sun::star::lang::XInitialization >& xInitialization,
404 : const com::sun::star::uno::Reference<
405 : com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler,
406 : const com::sun::star::uno::Reference<
407 : com::sun::star::xml::crypto::sax::XElementStackKeeper >& xElementStackKeeper);
408 :
409 : void clearSAXChainConnector();
410 : void endMission();
411 :
412 : SignatureInformation getSignatureInformation( sal_Int32 nSecurityId ) const;
413 : SignatureInformations getSignatureInformations() const;
414 :
415 : static void exportSignature(
416 : const com::sun::star::uno::Reference<
417 : com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler,
418 : const SignatureInformation& signatureInfo );
419 :
420 :
421 : /*
422 : * For signature generation
423 : */
424 : void signAStream( sal_Int32 securityId, const OUString& uri, const OUString& objectURL, bool isBinary);
425 :
426 :
427 : /** sets data that describes the certificate.
428 :
429 : It is absolutely necessary that the parameter ouX509IssuerName is set. It contains
430 : the base64 encoded certificate, which is DER encoded. The XMLSec needs it to find
431 : the private key. Although issuer name and certificate should be sufficient to identify
432 : the certificate the implementation in XMLSec is broken, both for Windows and mozilla.
433 : The reason is that they use functions to find the certificate which take as parameter
434 : the DER encoded ASN.1 issuer name. The issuer name is a DName, where most attributes
435 : are of type DirectoryName, which is a choice of 5 string types. This information is
436 : not contained in the issuer string and while it is converted to the ASN.1 name the
437 : conversion function must assume a particular type, which is often wrong. For example,
438 : the Windows function CertStrToName will use a T.61 string if the string does not contain
439 : special characters. So if the certificate uses simple characters but encodes the
440 : issuer attributes in Utf8, then CertStrToName will use T.61. The resulting DER encoded
441 : ASN.1 name now contains different bytes which indicate the string type. The functions
442 : for finding the certificate apparently use memcmp - hence they fail to find the
443 : certificate.
444 : */
445 : void setX509Certificate(
446 : sal_Int32 nSecurityId,
447 : const OUString& ouX509IssuerName,
448 : const OUString& ouX509SerialNumber,
449 : const OUString& ouX509Cert);
450 : // see the other setX509Certifcate function
451 : void setX509Certificate(
452 : sal_Int32 nSecurityId,
453 : const sal_Int32 nSecurityEnvironmentIndex,
454 : const OUString& ouX509IssuerName,
455 : const OUString& ouX509SerialNumber,
456 : const OUString& ouX509Cert);
457 :
458 : void setDate(
459 : sal_Int32 nSecurityId,
460 : const ::com::sun::star::util::DateTime& rDateTime );
461 :
462 :
463 : bool WriteSignature(
464 : const com::sun::star::uno::Reference<
465 : com::sun::star::xml::sax::XDocumentHandler >& xDocumentHandler );
466 :
467 : /*
468 : * For signature verification
469 : */
470 : void collectToVerify( const OUString& referenceId );
471 : void addSignature( sal_Int32 nSignatureId );
472 : com::sun::star::uno::Reference< com::sun::star::xml::sax::XDocumentHandler > createSignatureReader();
473 : void releaseSignatureReader();
474 :
475 : public:
476 : /* Interface methods */
477 :
478 : /*
479 : * XSecurityController
480 : *
481 : * no method in XSecurityController interface
482 : */
483 :
484 : /*
485 : * XFastPropertySet
486 : */
487 :
488 : /*
489 : * XSAXEventKeeperStatusChangeListener
490 : */
491 : virtual void SAL_CALL blockingStatusChanged( sal_Bool isBlocking )
492 : throw (com::sun::star::uno::RuntimeException, std::exception) SAL_OVERRIDE;
493 : virtual void SAL_CALL collectionStatusChanged(
494 : sal_Bool isInsideCollectedElement )
495 : throw (com::sun::star::uno::RuntimeException, std::exception) SAL_OVERRIDE;
496 : virtual void SAL_CALL bufferStatusChanged( sal_Bool isBufferEmpty )
497 : throw (com::sun::star::uno::RuntimeException, std::exception) SAL_OVERRIDE;
498 :
499 : /*
500 : * XSignatureCreationResultListener
501 : */
502 : virtual void SAL_CALL signatureCreated( sal_Int32 securityId, com::sun::star::xml::crypto::SecurityOperationStatus nResult )
503 : throw (com::sun::star::uno::RuntimeException, std::exception) SAL_OVERRIDE;
504 :
505 : /*
506 : * XSignatureVerifyResultListener
507 : */
508 : virtual void SAL_CALL signatureVerified( sal_Int32 securityId, com::sun::star::xml::crypto::SecurityOperationStatus nResult )
509 : throw (com::sun::star::uno::RuntimeException, std::exception) SAL_OVERRIDE;
510 : };
511 :
512 : #endif
513 :
514 : /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|
