2016-10-13 10:37:02 +02:00
|
|
|
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
|
|
|
|
/*
|
|
|
|
|
* This file is part of the LibreOffice project.
|
|
|
|
|
*
|
|
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <pdfsignaturehelper.hxx>
|
|
|
|
|
|
|
|
|
|
#include <memory>
|
|
|
|
|
|
2016-10-24 14:41:18 +02:00
|
|
|
#include <com/sun/star/io/XTruncate.hpp>
|
2018-10-20 12:00:50 +02:00
|
|
|
#include <com/sun/star/io/XStream.hpp>
|
2016-10-17 08:12:17 +02:00
|
|
|
#include <com/sun/star/security/CertificateValidity.hpp>
|
2017-02-06 17:08:38 +01:00
|
|
|
#include <com/sun/star/uno/SecurityException.hpp>
|
2018-05-17 21:06:10 +02:00
|
|
|
#include <com/sun/star/security/DocumentSignatureInformation.hpp>
|
|
|
|
|
#include <com/sun/star/xml/crypto/XSecurityEnvironment.hpp>
|
2020-06-16 12:04:09 +02:00
|
|
|
#include <com/sun/star/drawing/XShapes.hpp>
|
|
|
|
|
#include <com/sun/star/frame/XModel.hpp>
|
|
|
|
|
#include <com/sun/star/frame/XStorable.hpp>
|
|
|
|
|
#include <com/sun/star/beans/XPropertySet.hpp>
|
2020-06-25 10:58:25 +02:00
|
|
|
#include <com/sun/star/drawing/XDrawView.hpp>
|
2016-10-13 13:13:44 +02:00
|
|
|
|
2020-06-16 12:04:09 +02:00
|
|
|
#include <comphelper/propertysequence.hxx>
|
|
|
|
|
#include <sal/log.hxx>
|
2022-08-17 17:09:09 +02:00
|
|
|
#include <comphelper/diagnose_ex.hxx>
|
2020-06-16 12:04:09 +02:00
|
|
|
#include <unotools/mediadescriptor.hxx>
|
|
|
|
|
#include <unotools/streamwrap.hxx>
|
2016-10-13 10:37:02 +02:00
|
|
|
#include <unotools/ucbstreamhelper.hxx>
|
2018-01-03 21:06:56 +01:00
|
|
|
#include <vcl/filter/pdfdocument.hxx>
|
2020-09-24 21:06:46 +02:00
|
|
|
#include <vcl/checksum.hxx>
|
|
|
|
|
#include <svl/cryptosign.hxx>
|
|
|
|
|
#include <vcl/filter/PDFiumLibrary.hxx>
|
2025-01-16 08:58:27 +01:00
|
|
|
#include <sfx2/viewsh.hxx>
|
2016-10-13 10:37:02 +02:00
|
|
|
|
|
|
|
|
using namespace ::com::sun::star;
|
|
|
|
|
|
2020-06-16 12:04:09 +02:00
|
|
|
namespace
|
|
|
|
|
{
|
2020-06-25 10:58:25 +02:00
|
|
|
/// Gets the current page of the current view from xModel and puts it to the 1-based rPage.
|
|
|
|
|
bool GetSignatureLinePage(const uno::Reference<frame::XModel>& xModel, sal_Int32& rPage)
|
|
|
|
|
{
|
|
|
|
|
uno::Reference<drawing::XDrawView> xController(xModel->getCurrentController(), uno::UNO_QUERY);
|
|
|
|
|
if (!xController.is())
|
|
|
|
|
{
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
uno::Reference<beans::XPropertySet> xPage(xController->getCurrentPage(), uno::UNO_QUERY);
|
|
|
|
|
if (!xPage.is())
|
|
|
|
|
{
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-15 13:12:42 +02:00
|
|
|
return xPage->getPropertyValue(u"Number"_ustr) >>= rPage;
|
2020-06-25 10:58:25 +02:00
|
|
|
}
|
|
|
|
|
|
2020-06-16 12:04:09 +02:00
|
|
|
/// If the currently selected shape is a Draw signature line, export that to PDF.
|
2020-06-25 14:32:11 +02:00
|
|
|
void GetSignatureLineShape(const uno::Reference<frame::XModel>& xModel, sal_Int32& rPage,
|
|
|
|
|
std::vector<sal_Int8>& rSignatureLineShape)
|
2020-06-16 12:04:09 +02:00
|
|
|
{
|
|
|
|
|
if (!xModel.is())
|
|
|
|
|
{
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-25 10:58:25 +02:00
|
|
|
if (!GetSignatureLinePage(xModel, rPage))
|
|
|
|
|
{
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2025-01-16 08:58:27 +01:00
|
|
|
SfxViewShell* pViewShell = SfxViewShell::Get(xModel->getCurrentController());
|
|
|
|
|
if (!pViewShell || !pViewShell->GetSignPDFCertificate().Is())
|
2020-06-16 12:04:09 +02:00
|
|
|
{
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2025-01-16 08:58:27 +01:00
|
|
|
uno::Reference<drawing::XShapes> xShapes(xModel->getCurrentSelection(), uno::UNO_QUERY);
|
|
|
|
|
if (!xShapes.is() || xShapes->getCount() < 1)
|
2020-06-16 12:04:09 +02:00
|
|
|
{
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// We know that we add a signature line shape to an existing PDF at this point.
|
|
|
|
|
|
|
|
|
|
uno::Reference<frame::XStorable> xStorable(xModel, uno::UNO_QUERY);
|
|
|
|
|
if (!xStorable.is())
|
|
|
|
|
{
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Export just the signature line.
|
|
|
|
|
utl::MediaDescriptor aMediaDescriptor;
|
2024-05-15 13:12:42 +02:00
|
|
|
aMediaDescriptor[u"FilterName"_ustr] <<= u"draw_pdf_Export"_ustr;
|
2020-06-16 12:04:09 +02:00
|
|
|
SvMemoryStream aStream;
|
|
|
|
|
uno::Reference<io::XOutputStream> xStream(new utl::OStreamWrapper(aStream));
|
2024-05-15 13:12:42 +02:00
|
|
|
aMediaDescriptor[u"OutputStream"_ustr] <<= xStream;
|
2020-06-16 12:04:09 +02:00
|
|
|
uno::Sequence<beans::PropertyValue> aFilterData(
|
|
|
|
|
comphelper::InitPropertySequence({ { "Selection", uno::Any(xShapes) } }));
|
2024-05-15 13:12:42 +02:00
|
|
|
aMediaDescriptor[u"FilterData"_ustr] <<= aFilterData;
|
|
|
|
|
xStorable->storeToURL(u"private:stream"_ustr, aMediaDescriptor.getAsConstPropertyValueList());
|
2020-06-16 12:04:09 +02:00
|
|
|
xStream->flush();
|
|
|
|
|
|
|
|
|
|
aStream.Seek(0);
|
|
|
|
|
rSignatureLineShape = std::vector<sal_Int8>(aStream.GetSize());
|
|
|
|
|
aStream.ReadBytes(rSignatureLineShape.data(), rSignatureLineShape.size());
|
|
|
|
|
}
|
2020-09-24 21:06:46 +02:00
|
|
|
|
2020-11-12 21:09:03 +01:00
|
|
|
/// Represents a parsed signature.
|
|
|
|
|
struct Signature
|
|
|
|
|
{
|
2020-11-19 21:02:41 +01:00
|
|
|
std::unique_ptr<vcl::pdf::PDFiumSignature> m_pSignature;
|
2020-11-12 21:09:03 +01:00
|
|
|
/// Offset+length pairs.
|
|
|
|
|
std::vector<std::pair<size_t, size_t>> m_aByteRanges;
|
|
|
|
|
};
|
|
|
|
|
|
2020-09-24 21:06:46 +02:00
|
|
|
/// Turns an array of floats into offset + length pairs.
|
2021-08-18 18:31:05 +02:00
|
|
|
void GetByteRangesFromPDF(const std::unique_ptr<vcl::pdf::PDFiumSignature>& pSignature,
|
2020-09-24 21:06:46 +02:00
|
|
|
std::vector<std::pair<size_t, size_t>>& rByteRanges)
|
|
|
|
|
{
|
2020-11-24 21:03:59 +01:00
|
|
|
std::vector<int> aByteRange = pSignature->getByteRange();
|
|
|
|
|
if (aByteRange.empty())
|
2020-09-24 21:06:46 +02:00
|
|
|
{
|
2020-11-12 21:09:03 +01:00
|
|
|
SAL_WARN("xmlsecurity.helper", "GetByteRangesFromPDF: no byte ranges");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
size_t nByteRangeOffset = 0;
|
|
|
|
|
for (size_t i = 0; i < aByteRange.size(); ++i)
|
|
|
|
|
{
|
2020-09-24 21:06:46 +02:00
|
|
|
if (i % 2 == 0)
|
|
|
|
|
{
|
2020-11-12 21:09:03 +01:00
|
|
|
nByteRangeOffset = aByteRange[i];
|
2020-09-24 21:06:46 +02:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-12 21:09:03 +01:00
|
|
|
size_t nLength = aByteRange[i];
|
|
|
|
|
rByteRanges.emplace_back(nByteRangeOffset, nLength);
|
|
|
|
|
}
|
2020-09-24 21:06:46 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Determines the last position that is covered by a signature.
|
2020-11-12 21:09:03 +01:00
|
|
|
bool GetEOFOfSignature(const Signature& rSignature, size_t& rEOF)
|
2020-09-24 21:06:46 +02:00
|
|
|
{
|
2020-11-12 21:09:03 +01:00
|
|
|
if (rSignature.m_aByteRanges.size() < 2)
|
2020-09-24 21:06:46 +02:00
|
|
|
{
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-12 21:09:03 +01:00
|
|
|
rEOF = rSignature.m_aByteRanges[1].first + rSignature.m_aByteRanges[1].second;
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get the value of the "modification detection and prevention" permission:
|
|
|
|
|
* Valid values are 1, 2 and 3: only 3 allows annotations after signing.
|
|
|
|
|
*/
|
|
|
|
|
int GetMDPPerm(const std::vector<Signature>& rSignatures)
|
|
|
|
|
{
|
|
|
|
|
int nRet = 3;
|
|
|
|
|
|
|
|
|
|
if (rSignatures.empty())
|
2020-09-24 21:06:46 +02:00
|
|
|
{
|
2020-11-12 21:09:03 +01:00
|
|
|
return nRet;
|
2020-09-24 21:06:46 +02:00
|
|
|
}
|
|
|
|
|
|
2020-11-12 21:09:03 +01:00
|
|
|
for (const auto& rSignature : rSignatures)
|
2020-09-24 21:06:46 +02:00
|
|
|
{
|
2020-11-24 21:03:59 +01:00
|
|
|
int nPerm = rSignature.m_pSignature->getDocMDPPermission();
|
2020-11-12 21:09:03 +01:00
|
|
|
if (nPerm != 0)
|
|
|
|
|
{
|
|
|
|
|
return nPerm;
|
|
|
|
|
}
|
2020-09-24 21:06:46 +02:00
|
|
|
}
|
|
|
|
|
|
2020-11-12 21:09:03 +01:00
|
|
|
return nRet;
|
2020-09-24 21:06:46 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Checks if there are unsigned incremental updates between the signatures or after the last one.
|
2020-11-12 21:09:03 +01:00
|
|
|
bool IsCompleteSignature(SvStream& rStream, const Signature& rSignature,
|
|
|
|
|
const std::set<unsigned int>& rSignedEOFs,
|
|
|
|
|
const std::vector<unsigned int>& rAllEOFs)
|
2020-09-24 21:06:46 +02:00
|
|
|
{
|
|
|
|
|
size_t nSignatureEOF = 0;
|
2020-11-12 21:09:03 +01:00
|
|
|
if (!GetEOFOfSignature(rSignature, nSignatureEOF))
|
2020-09-24 21:06:46 +02:00
|
|
|
{
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool bFoundOwn = false;
|
|
|
|
|
for (const auto& rEOF : rAllEOFs)
|
|
|
|
|
{
|
|
|
|
|
if (rEOF == nSignatureEOF)
|
|
|
|
|
{
|
|
|
|
|
bFoundOwn = true;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!bFoundOwn)
|
|
|
|
|
{
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-12 21:09:03 +01:00
|
|
|
if (rSignedEOFs.find(rEOF) == rSignedEOFs.end())
|
2020-09-24 21:06:46 +02:00
|
|
|
{
|
|
|
|
|
// Unsigned incremental update found.
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Make sure we find the incremental update of the signature itself.
|
|
|
|
|
if (!bFoundOwn)
|
|
|
|
|
{
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// No additional content after the last incremental update.
|
|
|
|
|
rStream.Seek(STREAM_SEEK_TO_END);
|
|
|
|
|
size_t nFileEnd = rStream.Tell();
|
|
|
|
|
return std::find(rAllEOFs.begin(), rAllEOFs.end(), nFileEnd) != rAllEOFs.end();
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-04 21:39:04 +01:00
|
|
|
/**
|
|
|
|
|
* Contains checksums of a PDF page, which is rendered without annotations. It also contains
|
|
|
|
|
* the geometry of a few dangerous annotation types.
|
|
|
|
|
*/
|
|
|
|
|
struct PageChecksum
|
|
|
|
|
{
|
|
|
|
|
BitmapChecksum m_nPageContent;
|
|
|
|
|
std::vector<basegfx::B2DRectangle> m_aAnnotations;
|
|
|
|
|
bool operator==(const PageChecksum& rChecksum) const;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
bool PageChecksum::operator==(const PageChecksum& rChecksum) const
|
|
|
|
|
{
|
|
|
|
|
if (m_nPageContent != rChecksum.m_nPageContent)
|
|
|
|
|
{
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return m_aAnnotations == rChecksum.m_aAnnotations;
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-24 21:06:46 +02:00
|
|
|
/// Collects the checksum of each page of one version of the PDF.
|
2020-11-04 21:39:04 +01:00
|
|
|
void AnalyizeSignatureStream(SvMemoryStream& rStream, std::vector<PageChecksum>& rPageChecksums,
|
2020-10-19 16:50:07 +02:00
|
|
|
int nMDPPerm)
|
2020-09-24 21:06:46 +02:00
|
|
|
{
|
|
|
|
|
auto pPdfium = vcl::pdf::PDFiumLibrary::get();
|
2020-10-20 21:07:23 +02:00
|
|
|
std::unique_ptr<vcl::pdf::PDFiumDocument> pPdfDocument
|
tdf#127236 vcl: fix missing encryption of PDF images during export
Regression from commit 78e25558e86188314b9b72048b8ddca18697cb86
(tdf#106059 PDF export: create a reference XObject for JPG images with
PDF data, 2017-02-23), once a PDF image was inserted to a document, an
encrypted PDF export lost those images.
The reason for this is that we started to preserve PDF images as vector
data with the above commit, but this means we copied over PDF objects
from PDF images to the export result as-is, so encryption was not
performed for them.
Fix this by separating the write of the PDF object headers, stream
content and object footer and then calling
checkAndEnableStreamEncryption() / disableStreamEncryption() for each
object, even if it's not something our PDF export created but comes from
a PDF image.
Note that when existing PDF files are signed, PDF objects are also
copied into a vcl::filter::PDFDocument, but such PDF images are never
encrypted, so it's fine to have stub implementations in
vcl::filter::PDFDocument.
Change-Id: I2f74b9f51cd35b4319221532ca890e197bab9cf3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/137242
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Tested-by: Jenkins
2022-07-20 08:16:57 +02:00
|
|
|
= pPdfium->openDocument(rStream.GetData(), rStream.GetSize(), OString());
|
2020-10-20 21:07:23 +02:00
|
|
|
if (!pPdfDocument)
|
|
|
|
|
{
|
|
|
|
|
return;
|
|
|
|
|
}
|
2020-09-24 21:06:46 +02:00
|
|
|
|
2020-10-20 21:07:23 +02:00
|
|
|
int nPageCount = pPdfDocument->getPageCount();
|
2020-09-24 21:06:46 +02:00
|
|
|
for (int nPage = 0; nPage < nPageCount; ++nPage)
|
|
|
|
|
{
|
2020-10-20 21:07:23 +02:00
|
|
|
std::unique_ptr<vcl::pdf::PDFiumPage> pPdfPage = pPdfDocument->openPage(nPage);
|
2020-09-24 21:06:46 +02:00
|
|
|
if (!pPdfPage)
|
|
|
|
|
{
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-04 21:39:04 +01:00
|
|
|
PageChecksum aPageChecksum;
|
|
|
|
|
aPageChecksum.m_nPageContent = pPdfPage->getChecksum(nMDPPerm);
|
|
|
|
|
for (int i = 0; i < pPdfPage->getAnnotationCount(); ++i)
|
|
|
|
|
{
|
|
|
|
|
std::unique_ptr<vcl::pdf::PDFiumAnnotation> pPdfAnnotation = pPdfPage->getAnnotation(i);
|
2021-10-25 12:04:30 +02:00
|
|
|
if (!pPdfAnnotation)
|
|
|
|
|
{
|
|
|
|
|
SAL_WARN("xmlsecurity.helper", "Cannot get PDFiumAnnotation");
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2020-11-04 21:39:04 +01:00
|
|
|
vcl::pdf::PDFAnnotationSubType eType = pPdfAnnotation->getSubType();
|
|
|
|
|
switch (eType)
|
|
|
|
|
{
|
|
|
|
|
case vcl::pdf::PDFAnnotationSubType::Unknown:
|
|
|
|
|
case vcl::pdf::PDFAnnotationSubType::FreeText:
|
|
|
|
|
case vcl::pdf::PDFAnnotationSubType::Stamp:
|
|
|
|
|
case vcl::pdf::PDFAnnotationSubType::Redact:
|
|
|
|
|
aPageChecksum.m_aAnnotations.push_back(pPdfAnnotation->getRectangle());
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
rPageChecksums.push_back(aPageChecksum);
|
2020-09-24 21:06:46 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Checks if incremental updates after singing performed valid modifications only.
|
2020-10-19 16:50:07 +02:00
|
|
|
* nMDPPerm decides if annotations/commenting is OK, other changes are always not.
|
2020-09-24 21:06:46 +02:00
|
|
|
*/
|
2020-11-12 21:09:03 +01:00
|
|
|
bool IsValidSignature(SvStream& rStream, const Signature& rSignature, int nMDPPerm)
|
2020-09-24 21:06:46 +02:00
|
|
|
{
|
|
|
|
|
size_t nSignatureEOF = 0;
|
2020-11-12 21:09:03 +01:00
|
|
|
if (!GetEOFOfSignature(rSignature, nSignatureEOF))
|
2020-09-24 21:06:46 +02:00
|
|
|
{
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SvMemoryStream aSignatureStream;
|
|
|
|
|
sal_uInt64 nPos = rStream.Tell();
|
|
|
|
|
rStream.Seek(0);
|
|
|
|
|
aSignatureStream.WriteStream(rStream, nSignatureEOF);
|
|
|
|
|
rStream.Seek(nPos);
|
|
|
|
|
aSignatureStream.Seek(0);
|
2020-11-04 21:39:04 +01:00
|
|
|
std::vector<PageChecksum> aSignedPages;
|
2020-10-19 16:50:07 +02:00
|
|
|
AnalyizeSignatureStream(aSignatureStream, aSignedPages, nMDPPerm);
|
2020-09-24 21:06:46 +02:00
|
|
|
|
|
|
|
|
SvMemoryStream aFullStream;
|
|
|
|
|
nPos = rStream.Tell();
|
|
|
|
|
rStream.Seek(0);
|
|
|
|
|
aFullStream.WriteStream(rStream);
|
|
|
|
|
rStream.Seek(nPos);
|
|
|
|
|
aFullStream.Seek(0);
|
2020-11-04 21:39:04 +01:00
|
|
|
std::vector<PageChecksum> aAllPages;
|
2020-10-19 16:50:07 +02:00
|
|
|
AnalyizeSignatureStream(aFullStream, aAllPages, nMDPPerm);
|
2020-09-24 21:06:46 +02:00
|
|
|
|
|
|
|
|
// Fail if any page looks different after signing and at the end. Annotations/commenting doesn't
|
|
|
|
|
// count, though.
|
|
|
|
|
return aSignedPages == aAllPages;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @param rInformation The actual result.
|
|
|
|
|
* @param rDocument the parsed document to see if the signature is partial.
|
|
|
|
|
* @return If we can determinate a result.
|
|
|
|
|
*/
|
2020-11-12 21:09:03 +01:00
|
|
|
bool ValidateSignature(SvStream& rStream, const Signature& rSignature,
|
|
|
|
|
SignatureInformation& rInformation, int nMDPPerm,
|
|
|
|
|
const std::set<unsigned int>& rSignatureEOFs,
|
|
|
|
|
const std::vector<unsigned int>& rTrailerEnds)
|
2020-09-24 21:06:46 +02:00
|
|
|
{
|
2020-11-24 21:03:59 +01:00
|
|
|
std::vector<unsigned char> aContents = rSignature.m_pSignature->getContents();
|
|
|
|
|
if (aContents.empty())
|
2020-09-24 21:06:46 +02:00
|
|
|
{
|
|
|
|
|
SAL_WARN("xmlsecurity.helper", "ValidateSignature: no contents");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2020-11-24 21:03:59 +01:00
|
|
|
|
|
|
|
|
OString aSubFilter = rSignature.m_pSignature->getSubFilter();
|
2020-09-24 21:06:46 +02:00
|
|
|
|
2020-11-12 21:09:03 +01:00
|
|
|
const bool bNonDetached = aSubFilter == "adbe.pkcs7.sha1";
|
|
|
|
|
if (aSubFilter.isEmpty()
|
|
|
|
|
|| (aSubFilter != "adbe.pkcs7.detached" && !bNonDetached
|
|
|
|
|
&& aSubFilter != "ETSI.CAdES.detached"))
|
2020-09-24 21:06:46 +02:00
|
|
|
{
|
2020-11-12 21:09:03 +01:00
|
|
|
if (aSubFilter.isEmpty())
|
2020-09-24 21:06:46 +02:00
|
|
|
SAL_WARN("xmlsecurity.helper", "ValidateSignature: missing sub-filter");
|
|
|
|
|
else
|
2020-11-12 21:09:03 +01:00
|
|
|
SAL_WARN("xmlsecurity.helper",
|
|
|
|
|
"ValidateSignature: unsupported sub-filter: '" << aSubFilter << "'");
|
2020-09-24 21:06:46 +02:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Reason / comment / description is optional.
|
2020-11-25 21:08:32 +01:00
|
|
|
rInformation.ouDescription = rSignature.m_pSignature->getReason();
|
2020-09-24 21:06:46 +02:00
|
|
|
|
|
|
|
|
// Date: used only when the time of signing is not available in the
|
|
|
|
|
// signature.
|
2020-11-25 21:08:32 +01:00
|
|
|
rInformation.stDateTime = rSignature.m_pSignature->getTime();
|
2020-09-24 21:06:46 +02:00
|
|
|
|
|
|
|
|
// Detect if the byte ranges don't cover everything, but the signature itself.
|
2020-11-12 21:09:03 +01:00
|
|
|
if (rSignature.m_aByteRanges.size() < 2)
|
2020-09-24 21:06:46 +02:00
|
|
|
{
|
|
|
|
|
SAL_WARN("xmlsecurity.helper", "ValidateSignature: expected 2 byte ranges");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2020-11-12 21:09:03 +01:00
|
|
|
if (rSignature.m_aByteRanges[0].first != 0)
|
2020-09-24 21:06:46 +02:00
|
|
|
{
|
|
|
|
|
SAL_WARN("xmlsecurity.helper", "ValidateSignature: first range start is not 0");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2020-11-12 21:09:03 +01:00
|
|
|
// Binary vs hex dump and 2 is the leading "<" and the trailing ">" around the hex string.
|
|
|
|
|
size_t nSignatureLength = aContents.size() * 2 + 2;
|
|
|
|
|
if (rSignature.m_aByteRanges[1].first
|
|
|
|
|
!= (rSignature.m_aByteRanges[0].second + nSignatureLength))
|
2020-09-24 21:06:46 +02:00
|
|
|
{
|
|
|
|
|
SAL_WARN("xmlsecurity.helper",
|
|
|
|
|
"ValidateSignature: second range start is not the end of the signature");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2020-11-12 21:09:03 +01:00
|
|
|
rInformation.bPartialDocumentSignature
|
|
|
|
|
= !IsCompleteSignature(rStream, rSignature, rSignatureEOFs, rTrailerEnds);
|
|
|
|
|
if (!IsValidSignature(rStream, rSignature, nMDPPerm))
|
2020-09-24 21:06:46 +02:00
|
|
|
{
|
|
|
|
|
SAL_WARN("xmlsecurity.helper", "ValidateSignature: invalid incremental update detected");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// At this point there is no obviously missing info to validate the
|
|
|
|
|
// signature.
|
2020-11-12 21:09:03 +01:00
|
|
|
return svl::crypto::Signing::Verify(rStream, rSignature.m_aByteRanges, bNonDetached, aContents,
|
2020-09-24 21:06:46 +02:00
|
|
|
rInformation);
|
|
|
|
|
}
|
2020-06-16 12:04:09 +02:00
|
|
|
}
|
|
|
|
|
|
2017-02-01 10:28:56 +01:00
|
|
|
PDFSignatureHelper::PDFSignatureHelper() = default;
|
2016-10-13 13:13:44 +02:00
|
|
|
|
2016-10-13 10:37:02 +02:00
|
|
|
bool PDFSignatureHelper::ReadAndVerifySignature(
|
|
|
|
|
const uno::Reference<io::XInputStream>& xInputStream)
|
|
|
|
|
{
|
|
|
|
|
if (!xInputStream.is())
|
|
|
|
|
{
|
|
|
|
|
SAL_WARN("xmlsecurity.helper", "input stream missing");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
std::unique_ptr<SvStream> pStream(utl::UcbStreamHelper::CreateStream(xInputStream, true));
|
2020-09-22 21:15:19 +02:00
|
|
|
return ReadAndVerifySignatureSvStream(*pStream);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool PDFSignatureHelper::ReadAndVerifySignatureSvStream(SvStream& rStream)
|
|
|
|
|
{
|
2020-11-12 21:09:03 +01:00
|
|
|
auto pPdfium = vcl::pdf::PDFiumLibrary::get();
|
2021-03-09 21:12:10 +01:00
|
|
|
if (!pPdfium)
|
|
|
|
|
{
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-12 21:09:03 +01:00
|
|
|
SvMemoryStream aStream;
|
|
|
|
|
sal_uInt64 nPos = rStream.Tell();
|
|
|
|
|
rStream.Seek(0);
|
|
|
|
|
aStream.WriteStream(rStream);
|
|
|
|
|
rStream.Seek(nPos);
|
|
|
|
|
std::unique_ptr<vcl::pdf::PDFiumDocument> pPdfDocument
|
tdf#127236 vcl: fix missing encryption of PDF images during export
Regression from commit 78e25558e86188314b9b72048b8ddca18697cb86
(tdf#106059 PDF export: create a reference XObject for JPG images with
PDF data, 2017-02-23), once a PDF image was inserted to a document, an
encrypted PDF export lost those images.
The reason for this is that we started to preserve PDF images as vector
data with the above commit, but this means we copied over PDF objects
from PDF images to the export result as-is, so encryption was not
performed for them.
Fix this by separating the write of the PDF object headers, stream
content and object footer and then calling
checkAndEnableStreamEncryption() / disableStreamEncryption() for each
object, even if it's not something our PDF export created but comes from
a PDF image.
Note that when existing PDF files are signed, PDF objects are also
copied into a vcl::filter::PDFDocument, but such PDF images are never
encrypted, so it's fine to have stub implementations in
vcl::filter::PDFDocument.
Change-Id: I2f74b9f51cd35b4319221532ca890e197bab9cf3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/137242
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Tested-by: Jenkins
2022-07-20 08:16:57 +02:00
|
|
|
= pPdfium->openDocument(aStream.GetData(), aStream.GetSize(), OString());
|
2020-11-12 21:09:03 +01:00
|
|
|
if (!pPdfDocument)
|
2016-10-13 10:37:02 +02:00
|
|
|
{
|
|
|
|
|
SAL_WARN("xmlsecurity.helper", "failed to read the document");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-18 21:10:43 +01:00
|
|
|
int nSignatureCount = pPdfDocument->getSignatureCount();
|
2020-11-12 21:09:03 +01:00
|
|
|
if (nSignatureCount <= 0)
|
|
|
|
|
{
|
2016-10-13 10:37:02 +02:00
|
|
|
return true;
|
2020-11-12 21:09:03 +01:00
|
|
|
}
|
|
|
|
|
std::vector<Signature> aSignatures(nSignatureCount);
|
|
|
|
|
for (int i = 0; i < nSignatureCount; ++i)
|
|
|
|
|
{
|
2020-11-19 21:02:41 +01:00
|
|
|
std::unique_ptr<vcl::pdf::PDFiumSignature> pSignature = pPdfDocument->getSignature(i);
|
2020-11-12 21:09:03 +01:00
|
|
|
std::vector<std::pair<size_t, size_t>> aByteRanges;
|
|
|
|
|
GetByteRangesFromPDF(pSignature, aByteRanges);
|
2024-08-02 19:51:40 +01:00
|
|
|
aSignatures[i] = Signature{ std::move(pSignature), std::move(aByteRanges) };
|
2020-11-12 21:09:03 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
std::set<unsigned int> aSignatureEOFs;
|
|
|
|
|
for (const auto& rSignature : aSignatures)
|
|
|
|
|
{
|
|
|
|
|
size_t nEOF = 0;
|
|
|
|
|
if (GetEOFOfSignature(rSignature, nEOF))
|
|
|
|
|
{
|
|
|
|
|
aSignatureEOFs.insert(nEOF);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-18 21:10:43 +01:00
|
|
|
std::vector<unsigned int> aTrailerEnds = pPdfDocument->getTrailerEnds();
|
2016-10-13 10:37:02 +02:00
|
|
|
|
2016-10-20 13:44:03 +02:00
|
|
|
m_aSignatureInfos.clear();
|
|
|
|
|
|
2020-11-12 21:09:03 +01:00
|
|
|
int nMDPPerm = GetMDPPerm(aSignatures);
|
2020-10-19 16:50:07 +02:00
|
|
|
|
2016-10-13 10:37:02 +02:00
|
|
|
for (size_t i = 0; i < aSignatures.size(); ++i)
|
|
|
|
|
{
|
2016-10-13 16:11:02 +02:00
|
|
|
SignatureInformation aInfo(i);
|
2016-10-13 10:37:02 +02:00
|
|
|
|
2020-11-12 21:09:03 +01:00
|
|
|
if (!ValidateSignature(rStream, aSignatures[i], aInfo, nMDPPerm, aSignatureEOFs,
|
|
|
|
|
aTrailerEnds))
|
|
|
|
|
{
|
2016-10-13 10:37:02 +02:00
|
|
|
SAL_WARN("xmlsecurity.helper", "failed to determine digest match");
|
2020-11-12 21:09:03 +01:00
|
|
|
}
|
2016-10-13 10:37:02 +02:00
|
|
|
|
|
|
|
|
m_aSignatureInfos.push_back(aInfo);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-31 21:34:58 +02:00
|
|
|
SignatureInformations const& PDFSignatureHelper::GetSignatureInformations() const
|
2016-10-13 10:37:02 +02:00
|
|
|
{
|
2016-10-13 16:11:02 +02:00
|
|
|
return m_aSignatureInfos;
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-08 14:10:05 +01:00
|
|
|
uno::Sequence<security::DocumentSignatureInformation>
|
|
|
|
|
PDFSignatureHelper::GetDocumentSignatureInformations(
|
|
|
|
|
const uno::Reference<xml::crypto::XSecurityEnvironment>& xSecEnv) const
|
2016-10-13 16:11:02 +02:00
|
|
|
{
|
|
|
|
|
uno::Sequence<security::DocumentSignatureInformation> aRet(m_aSignatureInfos.size());
|
2021-10-29 10:29:41 +03:00
|
|
|
auto aRetRange = asNonConstRange(aRet);
|
2016-10-13 16:11:02 +02:00
|
|
|
|
|
|
|
|
for (size_t i = 0; i < m_aSignatureInfos.size(); ++i)
|
|
|
|
|
{
|
|
|
|
|
const SignatureInformation& rInternal = m_aSignatureInfos[i];
|
2021-10-29 10:29:41 +03:00
|
|
|
security::DocumentSignatureInformation& rExternal = aRetRange[i];
|
2016-10-13 16:11:02 +02:00
|
|
|
rExternal.SignatureIsValid
|
|
|
|
|
= rInternal.nStatus == xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED;
|
2021-02-24 19:18:51 +01:00
|
|
|
if (rInternal.GetSigningCertificate()
|
|
|
|
|
&& !rInternal.GetSigningCertificate()->X509Certificate.isEmpty())
|
2021-02-19 22:04:33 +01:00
|
|
|
{
|
2021-02-24 19:18:51 +01:00
|
|
|
rExternal.Signer = xSecEnv->createCertificateFromAscii(
|
|
|
|
|
rInternal.GetSigningCertificate()->X509Certificate);
|
2021-02-19 22:04:33 +01:00
|
|
|
}
|
2016-12-01 14:26:55 +01:00
|
|
|
rExternal.PartialDocumentSignature = rInternal.bPartialDocumentSignature;
|
2016-10-17 08:12:17 +02:00
|
|
|
|
|
|
|
|
// Verify certificate.
|
|
|
|
|
if (rExternal.Signer.is())
|
|
|
|
|
{
|
|
|
|
|
try
|
|
|
|
|
{
|
2016-11-08 14:10:05 +01:00
|
|
|
rExternal.CertificateStatus = xSecEnv->verifyCertificate(rExternal.Signer, {});
|
2016-10-17 08:12:17 +02:00
|
|
|
}
|
2018-04-05 16:20:13 +02:00
|
|
|
catch (const uno::SecurityException&)
|
2016-10-17 08:12:17 +02:00
|
|
|
{
|
2018-04-05 16:20:13 +02:00
|
|
|
DBG_UNHANDLED_EXCEPTION("xmlsecurity.helper", "failed to verify certificate");
|
2016-10-17 08:12:17 +02:00
|
|
|
rExternal.CertificateStatus = security::CertificateValidity::INVALID;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
rExternal.CertificateStatus = security::CertificateValidity::INVALID;
|
2016-10-13 16:11:02 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return aRet;
|
2016-10-13 10:37:02 +02:00
|
|
|
}
|
|
|
|
|
|
2016-10-20 13:44:03 +02:00
|
|
|
sal_Int32 PDFSignatureHelper::GetNewSecurityId() const { return m_aSignatureInfos.size(); }
|
|
|
|
|
|
2024-11-11 11:36:12 +01:00
|
|
|
void PDFSignatureHelper::SetX509Certificate(svl::crypto::SigningContext& rSigningContext)
|
2016-10-20 13:44:03 +02:00
|
|
|
{
|
2024-11-11 11:36:12 +01:00
|
|
|
m_pSigningContext = &rSigningContext;
|
2016-10-20 13:44:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void PDFSignatureHelper::SetDescription(const OUString& rDescription)
|
|
|
|
|
{
|
|
|
|
|
m_aDescription = rDescription;
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-25 14:32:11 +02:00
|
|
|
bool PDFSignatureHelper::Sign(const uno::Reference<frame::XModel>& xModel,
|
|
|
|
|
const uno::Reference<io::XInputStream>& xInputStream, bool bAdES)
|
2016-10-20 13:44:03 +02:00
|
|
|
{
|
|
|
|
|
std::unique_ptr<SvStream> pStream(utl::UcbStreamHelper::CreateStream(xInputStream, true));
|
2017-03-21 18:03:21 +01:00
|
|
|
vcl::filter::PDFDocument aDocument;
|
2016-10-20 13:44:03 +02:00
|
|
|
if (!aDocument.Read(*pStream))
|
|
|
|
|
{
|
|
|
|
|
SAL_WARN("xmlsecurity.helper", "failed to read the document");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-25 10:58:25 +02:00
|
|
|
sal_Int32 nPage = 0;
|
2020-06-16 12:04:09 +02:00
|
|
|
std::vector<sal_Int8> aSignatureLineShape;
|
2020-06-25 14:32:11 +02:00
|
|
|
GetSignatureLineShape(xModel, nPage, aSignatureLineShape);
|
2020-06-25 10:58:25 +02:00
|
|
|
if (nPage > 0)
|
|
|
|
|
{
|
|
|
|
|
// UNO page number is 1-based.
|
|
|
|
|
aDocument.SetSignaturePage(nPage - 1);
|
|
|
|
|
}
|
2020-06-16 14:31:55 +02:00
|
|
|
if (!aSignatureLineShape.empty())
|
|
|
|
|
{
|
2021-10-08 09:13:09 +02:00
|
|
|
aDocument.SetSignatureLine(std::move(aSignatureLineShape));
|
2020-06-16 14:31:55 +02:00
|
|
|
}
|
2020-06-16 12:04:09 +02:00
|
|
|
|
2024-11-11 11:36:12 +01:00
|
|
|
if (!m_pSigningContext || !aDocument.Sign(*m_pSigningContext, m_aDescription, bAdES))
|
2016-10-20 13:44:03 +02:00
|
|
|
{
|
2024-11-11 11:36:12 +01:00
|
|
|
if (m_pSigningContext && m_pSigningContext->m_xCertificate.is())
|
|
|
|
|
{
|
|
|
|
|
SAL_WARN("xmlsecurity.helper", "failed to sign");
|
|
|
|
|
}
|
2016-10-20 13:44:03 +02:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
uno::Reference<io::XStream> xStream(xInputStream, uno::UNO_QUERY);
|
|
|
|
|
std::unique_ptr<SvStream> pOutStream(utl::UcbStreamHelper::CreateStream(xStream, true));
|
|
|
|
|
if (!aDocument.Write(*pOutStream))
|
|
|
|
|
{
|
|
|
|
|
SAL_WARN("xmlsecurity.helper", "failed to write signed data");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-24 14:41:18 +02:00
|
|
|
bool PDFSignatureHelper::RemoveSignature(const uno::Reference<io::XInputStream>& xInputStream,
|
|
|
|
|
sal_uInt16 nPosition)
|
|
|
|
|
{
|
|
|
|
|
std::unique_ptr<SvStream> pStream(utl::UcbStreamHelper::CreateStream(xInputStream, true));
|
2017-03-21 18:03:21 +01:00
|
|
|
vcl::filter::PDFDocument aDocument;
|
2016-10-24 14:41:18 +02:00
|
|
|
if (!aDocument.Read(*pStream))
|
|
|
|
|
{
|
|
|
|
|
SAL_WARN("xmlsecurity.helper", "failed to read the document");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!aDocument.RemoveSignature(nPosition))
|
|
|
|
|
{
|
|
|
|
|
SAL_WARN("xmlsecurity.helper", "failed to remove signature");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
uno::Reference<io::XStream> xStream(xInputStream, uno::UNO_QUERY);
|
|
|
|
|
uno::Reference<io::XTruncate> xTruncate(xStream, uno::UNO_QUERY);
|
|
|
|
|
if (!xTruncate.is())
|
|
|
|
|
{
|
|
|
|
|
SAL_WARN("xmlsecurity.helper", "failed to truncate");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
xTruncate->truncate();
|
|
|
|
|
std::unique_ptr<SvStream> pOutStream(utl::UcbStreamHelper::CreateStream(xStream, true));
|
|
|
|
|
if (!aDocument.Write(*pOutStream))
|
|
|
|
|
{
|
|
|
|
|
SAL_WARN("xmlsecurity.helper", "failed to write without signature");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-13 10:37:02 +02:00
|
|
|
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|
