2016-02-15 11:38:23 +01:00
|
|
|
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
|
|
|
|
/*
|
|
|
|
|
* This file is part of the LibreOffice project.
|
|
|
|
|
*
|
|
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
|
*
|
|
|
|
|
* This file incorporates work covered by the following license notice:
|
|
|
|
|
*
|
|
|
|
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
|
|
|
* contributor license agreements. See the NOTICE file distributed
|
|
|
|
|
* with this work for additional information regarding copyright
|
|
|
|
|
* ownership. The ASF licenses this file to you under the Apache
|
|
|
|
|
* License, Version 2.0 (the "License"); you may not use this file
|
|
|
|
|
* except in compliance with the License. You may obtain a copy of
|
|
|
|
|
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <documentsignaturemanager.hxx>
|
|
|
|
|
|
|
|
|
|
#include <com/sun/star/embed/StorageFormats.hpp>
|
|
|
|
|
#include <com/sun/star/embed/ElementModes.hpp>
|
|
|
|
|
#include <com/sun/star/io/TempFile.hpp>
|
|
|
|
|
#include <com/sun/star/io/XTruncate.hpp>
|
|
|
|
|
#include <com/sun/star/security/SerialNumberAdapter.hpp>
|
|
|
|
|
#include <com/sun/star/embed/XTransactedObject.hpp>
|
2016-11-08 14:10:05 +01:00
|
|
|
#include <com/sun/star/xml/crypto/SEInitializer.hpp>
|
2016-02-15 11:38:23 +01:00
|
|
|
|
|
|
|
|
#include <comphelper/storagehelper.hxx>
|
|
|
|
|
#include <rtl/ustrbuf.hxx>
|
|
|
|
|
#include <sax/tools/converter.hxx>
|
|
|
|
|
#include <tools/date.hxx>
|
|
|
|
|
#include <tools/time.hxx>
|
|
|
|
|
|
2016-03-03 14:59:03 +01:00
|
|
|
#include <certificate.hxx>
|
|
|
|
|
|
2016-02-15 11:38:23 +01:00
|
|
|
using namespace com::sun::star;
|
|
|
|
|
|
|
|
|
|
DocumentSignatureManager::DocumentSignatureManager(const uno::Reference<uno::XComponentContext>& xContext, DocumentSignatureMode eMode)
|
|
|
|
|
: mxContext(xContext),
|
|
|
|
|
maSignatureHelper(xContext),
|
|
|
|
|
meSignatureMode(eMode)
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
DocumentSignatureManager::~DocumentSignatureManager()
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-08 14:10:05 +01:00
|
|
|
bool DocumentSignatureManager::init()
|
|
|
|
|
{
|
|
|
|
|
SAL_WARN_IF(mxSEInitializer.is(), "xmlsecurity.helper", "DocumentSignatureManager::Init - mxSEInitializer already set!");
|
|
|
|
|
SAL_WARN_IF(mxSecurityContext.is(), "xmlsecurity.helper", "DocumentSignatureManager::Init - mxSecurityContext already set!");
|
|
|
|
|
|
|
|
|
|
mxSEInitializer = css::xml::crypto::SEInitializer::create(mxContext);
|
|
|
|
|
|
|
|
|
|
if (mxSEInitializer.is())
|
|
|
|
|
mxSecurityContext = mxSEInitializer->createSecurityContext(OUString());
|
|
|
|
|
|
|
|
|
|
return mxSecurityContext.is();
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-13 16:11:02 +02:00
|
|
|
PDFSignatureHelper& DocumentSignatureManager::getPDFSignatureHelper()
|
|
|
|
|
{
|
2016-11-17 13:26:36 +00:00
|
|
|
bool bInit = true;
|
2016-11-08 14:10:05 +01:00
|
|
|
if (!mxSecurityContext.is())
|
2016-11-17 13:26:36 +00:00
|
|
|
bInit = init();
|
|
|
|
|
|
|
|
|
|
SAL_WARN_IF(!bInit, "xmlsecurity.comp", "Error initializing security context!");
|
2016-11-08 14:10:05 +01:00
|
|
|
|
2016-10-13 16:11:02 +02:00
|
|
|
if (!mpPDFSignatureHelper)
|
|
|
|
|
mpPDFSignatureHelper.reset(new PDFSignatureHelper(mxContext));
|
|
|
|
|
|
|
|
|
|
return *mpPDFSignatureHelper;
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-29 09:50:28 +03:00
|
|
|
#if 0 // For some reason does not work
|
|
|
|
|
bool DocumentSignatureManager::IsXAdESRelevant()
|
|
|
|
|
{
|
|
|
|
|
if (mxStore.is())
|
|
|
|
|
{
|
|
|
|
|
// ZIP-based: ODF or OOXML.
|
|
|
|
|
maSignatureHelper.StartMission();
|
|
|
|
|
|
|
|
|
|
SignatureStreamHelper aStreamHelper = ImplOpenSignatureStream(embed::ElementModes::READ, /*bUseTempStream=*/true);
|
|
|
|
|
if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
|
|
|
|
|
{
|
|
|
|
|
maSignatureHelper.EndMission();
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
// FIXME: How to figure out if it is ODF 1.2?
|
|
|
|
|
maSignatureHelper.EndMission();
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2016-02-15 11:38:23 +01:00
|
|
|
/* Using the zip storage, we cannot get the properties "MediaType" and "IsEncrypted"
|
|
|
|
|
We use the manifest to find out if a file is xml and if it is encrypted.
|
|
|
|
|
The parameter is an encoded uri. However, the manifest contains paths. Therefore
|
|
|
|
|
the path is encoded as uri, so they can be compared.
|
|
|
|
|
*/
|
|
|
|
|
bool DocumentSignatureManager::isXML(const OUString& rURI)
|
|
|
|
|
{
|
|
|
|
|
SAL_WARN_IF(!mxStore.is(), "xmlsecurity.helper", "empty storage reference");
|
|
|
|
|
|
|
|
|
|
bool bIsXML = false;
|
|
|
|
|
bool bPropsAvailable = false;
|
|
|
|
|
const OUString sPropFullPath("FullPath");
|
|
|
|
|
const OUString sPropMediaType("MediaType");
|
|
|
|
|
const OUString sPropDigest("Digest");
|
|
|
|
|
|
|
|
|
|
for (int i = 0; i < m_manifest.getLength(); i++)
|
|
|
|
|
{
|
2016-03-07 09:58:12 +01:00
|
|
|
const uno::Sequence<beans::PropertyValue>& entry = m_manifest[i];
|
2016-02-15 11:38:23 +01:00
|
|
|
OUString sPath, sMediaType;
|
|
|
|
|
bool bEncrypted = false;
|
|
|
|
|
for (int j = 0; j < entry.getLength(); j++)
|
|
|
|
|
{
|
2016-03-07 09:58:12 +01:00
|
|
|
const beans::PropertyValue& prop = entry[j];
|
2016-02-15 11:38:23 +01:00
|
|
|
|
|
|
|
|
if (prop.Name.equals(sPropFullPath))
|
|
|
|
|
prop.Value >>= sPath;
|
|
|
|
|
else if (prop.Name.equals(sPropMediaType))
|
|
|
|
|
prop.Value >>= sMediaType;
|
|
|
|
|
else if (prop.Name.equals(sPropDigest))
|
|
|
|
|
bEncrypted = true;
|
|
|
|
|
}
|
|
|
|
|
if (DocumentSignatureHelper::equalsReferenceUriManifestPath(rURI, sPath))
|
|
|
|
|
{
|
|
|
|
|
bIsXML = sMediaType == "text/xml" && ! bEncrypted;
|
|
|
|
|
bPropsAvailable = true;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (!bPropsAvailable)
|
|
|
|
|
{
|
|
|
|
|
//This would be the case for at least mimetype, META-INF/manifest.xml
|
|
|
|
|
//META-INF/macrosignatures.xml.
|
|
|
|
|
//Files can only be encrypted if they are in the manifest.xml.
|
|
|
|
|
//That is, the current file cannot be encrypted, otherwise bPropsAvailable
|
|
|
|
|
//would be true.
|
|
|
|
|
OUString aXMLExt("XML");
|
|
|
|
|
sal_Int32 nSep = rURI.lastIndexOf('.');
|
|
|
|
|
if (nSep != (-1))
|
|
|
|
|
{
|
|
|
|
|
OUString aExt = rURI.copy(nSep+1);
|
|
|
|
|
if (aExt.equalsIgnoreAsciiCase(aXMLExt))
|
|
|
|
|
bIsXML = true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return bIsXML;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//If bTempStream is true, then a temporary stream is return. If it is false then, the actual
|
|
|
|
|
//signature stream is used.
|
|
|
|
|
//Every time the user presses Add a new temporary stream is created.
|
|
|
|
|
//We keep the temporary stream as member because ImplGetSignatureInformations
|
|
|
|
|
//will later access the stream to create DocumentSignatureInformation objects
|
|
|
|
|
//which are stored in maCurrentSignatureInformations.
|
|
|
|
|
SignatureStreamHelper DocumentSignatureManager::ImplOpenSignatureStream(sal_Int32 nStreamOpenMode, bool bTempStream)
|
|
|
|
|
{
|
|
|
|
|
SignatureStreamHelper aHelper;
|
|
|
|
|
if (mxStore.is())
|
|
|
|
|
{
|
|
|
|
|
uno::Reference<container::XNameAccess> xNameAccess(mxStore, uno::UNO_QUERY);
|
|
|
|
|
if (xNameAccess.is() && xNameAccess->hasByName("[Content_Types].xml"))
|
|
|
|
|
aHelper.nStorageFormat = embed::StorageFormats::OFOPXML;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (bTempStream)
|
|
|
|
|
{
|
2016-03-07 09:58:12 +01:00
|
|
|
if (nStreamOpenMode & embed::ElementModes::TRUNCATE)
|
2016-02-15 11:38:23 +01:00
|
|
|
{
|
|
|
|
|
//We write always into a new temporary stream.
|
2016-03-07 09:58:12 +01:00
|
|
|
mxTempSignatureStream.set(io::TempFile::create(mxContext), uno::UNO_QUERY_THROW);
|
2016-02-15 11:38:23 +01:00
|
|
|
if (aHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
|
|
|
|
|
aHelper.xSignatureStream = mxTempSignatureStream;
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
mxTempSignatureStorage = comphelper::OStorageHelper::GetStorageOfFormatFromStream(ZIP_STORAGE_FORMAT_STRING, mxTempSignatureStream);
|
|
|
|
|
aHelper.xSignatureStorage = mxTempSignatureStorage;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
//When we read from the temp stream, then we must have previously
|
|
|
|
|
//created one.
|
|
|
|
|
SAL_WARN_IF(!mxTempSignatureStream.is(), "xmlsecurity.helper", "empty temp. signature stream reference");
|
|
|
|
|
}
|
|
|
|
|
aHelper.xSignatureStream = mxTempSignatureStream;
|
|
|
|
|
if (aHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
|
|
|
|
|
aHelper.xSignatureStorage = mxTempSignatureStorage;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
//No temporary stream
|
|
|
|
|
if (!mxSignatureStream.is())
|
|
|
|
|
{
|
|
|
|
|
//We may not have a dedicated stream for writing the signature
|
|
|
|
|
//So we take one directly from the storage
|
|
|
|
|
//Or DocumentDigitalSignatures::showDocumentContentSignatures was called,
|
|
|
|
|
//in which case Add/Remove is not allowed. This is done, for example, if the
|
|
|
|
|
//document is readonly
|
|
|
|
|
aHelper = DocumentSignatureHelper::OpenSignatureStream(mxStore, nStreamOpenMode, meSignatureMode);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
aHelper.xSignatureStream = mxSignatureStream;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-03-07 09:58:12 +01:00
|
|
|
if (nStreamOpenMode & embed::ElementModes::TRUNCATE)
|
2016-02-15 11:38:23 +01:00
|
|
|
{
|
|
|
|
|
if (aHelper.xSignatureStream.is() && aHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
|
|
|
|
|
{
|
2016-03-07 09:58:12 +01:00
|
|
|
uno::Reference<io::XTruncate> xTruncate(aHelper.xSignatureStream, uno::UNO_QUERY_THROW);
|
2016-02-15 11:38:23 +01:00
|
|
|
xTruncate->truncate();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else if (bTempStream || mxSignatureStream.is())
|
|
|
|
|
{
|
|
|
|
|
//In case we read the signature stream from the storage directly,
|
|
|
|
|
//which is the case when DocumentDigitalSignatures::showDocumentContentSignatures
|
|
|
|
|
//then XSeakable is not supported
|
|
|
|
|
uno::Reference<io::XSeekable> xSeek(aHelper.xSignatureStream, uno::UNO_QUERY_THROW);
|
|
|
|
|
xSeek->seek(0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return aHelper;
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-17 12:40:06 +01:00
|
|
|
bool DocumentSignatureManager::add(const uno::Reference<security::XCertificate>& xCert, const OUString& rDescription, sal_Int32& nSecurityId, bool bAdESCompliant)
|
2016-02-15 11:38:23 +01:00
|
|
|
{
|
|
|
|
|
if (!xCert.is())
|
|
|
|
|
{
|
|
|
|
|
SAL_WARN("xmlsecurity.helper", "no certificate selected");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
uno::Reference<security::XSerialNumberAdapter> xSerialNumberAdapter = security::SerialNumberAdapter::create(mxContext);
|
|
|
|
|
OUString aCertSerial = xSerialNumberAdapter->toString(xCert->getSerialNumber());
|
|
|
|
|
if (aCertSerial.isEmpty())
|
|
|
|
|
{
|
|
|
|
|
SAL_WARN("xmlsecurity.helper", "Error in Certificate, problem with serial number!");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-20 13:44:03 +02:00
|
|
|
if (!mxStore.is())
|
|
|
|
|
{
|
|
|
|
|
// Something not ZIP based, try PDF.
|
|
|
|
|
nSecurityId = getPDFSignatureHelper().GetNewSecurityId();
|
|
|
|
|
getPDFSignatureHelper().SetX509Certificate(xCert);
|
|
|
|
|
getPDFSignatureHelper().SetDescription(rDescription);
|
|
|
|
|
uno::Reference<io::XInputStream> xInputStream(mxSignatureStream, uno::UNO_QUERY);
|
2016-11-17 12:40:06 +01:00
|
|
|
if (!getPDFSignatureHelper().Sign(xInputStream, bAdESCompliant))
|
2016-10-20 13:44:03 +02:00
|
|
|
{
|
|
|
|
|
SAL_WARN("xmlsecurity.helper", "PDFSignatureHelper::Sign() failed");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-08 14:10:05 +01:00
|
|
|
maSignatureHelper.StartMission(mxSecurityContext);
|
2016-02-15 11:38:23 +01:00
|
|
|
|
|
|
|
|
nSecurityId = maSignatureHelper.GetNewSecurityId();
|
|
|
|
|
|
|
|
|
|
OUStringBuffer aStrBuffer;
|
|
|
|
|
sax::Converter::encodeBase64(aStrBuffer, xCert->getEncoded());
|
|
|
|
|
|
2016-03-03 14:59:03 +01:00
|
|
|
OUString aCertDigest;
|
|
|
|
|
if (xmlsecurity::Certificate* pCertificate = dynamic_cast<xmlsecurity::Certificate*>(xCert.get()))
|
|
|
|
|
{
|
|
|
|
|
OUStringBuffer aBuffer;
|
|
|
|
|
sax::Converter::encodeBase64(aBuffer, pCertificate->getSHA256Thumbprint());
|
|
|
|
|
aCertDigest = aBuffer.makeStringAndClear();
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
SAL_WARN("xmlsecurity.helper", "XCertificate implementation without an xmlsecurity::Certificate one");
|
|
|
|
|
|
|
|
|
|
maSignatureHelper.SetX509Certificate(nSecurityId, xCert->getIssuerName(), aCertSerial, aStrBuffer.makeStringAndClear(), aCertDigest);
|
2016-02-15 11:38:23 +01:00
|
|
|
|
2016-11-14 09:25:27 +01:00
|
|
|
uno::Sequence< uno::Reference< security::XCertificate > > aCertPath = getSecurityEnvironment()->buildCertificatePath(xCert);
|
2016-11-11 17:07:31 +02:00
|
|
|
const uno::Reference< security::XCertificate >* pCertPath = aCertPath.getConstArray();
|
|
|
|
|
sal_Int32 nCnt = aCertPath.getLength();
|
|
|
|
|
|
|
|
|
|
for (int i = 0; i < nCnt; i++)
|
|
|
|
|
{
|
|
|
|
|
sax::Converter::encodeBase64(aStrBuffer, pCertPath[i]->getEncoded());
|
|
|
|
|
maSignatureHelper.AddEncapsulatedX509Certificate(aStrBuffer.makeStringAndClear());
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-01 14:49:56 +02:00
|
|
|
std::vector< OUString > aElements = DocumentSignatureHelper::CreateElementList(mxStore, meSignatureMode, DocumentSignatureAlgorithm::OOo3_2);
|
2016-02-15 11:38:23 +01:00
|
|
|
DocumentSignatureHelper::AppendContentTypes(mxStore, aElements);
|
|
|
|
|
|
|
|
|
|
sal_Int32 nElements = aElements.size();
|
|
|
|
|
for (sal_Int32 n = 0; n < nElements; n++)
|
|
|
|
|
{
|
|
|
|
|
bool bBinaryMode = !isXML(aElements[n]);
|
2016-11-17 12:40:06 +01:00
|
|
|
maSignatureHelper.AddForSigning(nSecurityId, aElements[n], aElements[n], bBinaryMode, bAdESCompliant);
|
2016-02-15 11:38:23 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
maSignatureHelper.SetDateTime(nSecurityId, Date(Date::SYSTEM), tools::Time(tools::Time::SYSTEM));
|
|
|
|
|
maSignatureHelper.SetDescription(nSecurityId, rDescription);
|
|
|
|
|
|
|
|
|
|
// We open a signature stream in which the existing and the new
|
|
|
|
|
//signature is written. ImplGetSignatureInformation (later in this function) will
|
|
|
|
|
//then read the stream an will fill maCurrentSignatureInformations. The final signature
|
|
|
|
|
//is written when the user presses OK. Then only maCurrentSignatureInformation and
|
|
|
|
|
//a sax writer are used to write the information.
|
|
|
|
|
SignatureStreamHelper aStreamHelper = ImplOpenSignatureStream(embed::ElementModes::WRITE | embed::ElementModes::TRUNCATE, true);
|
|
|
|
|
|
|
|
|
|
if (aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
|
|
|
|
|
{
|
|
|
|
|
uno::Reference<io::XOutputStream> xOutputStream(aStreamHelper.xSignatureStream, uno::UNO_QUERY_THROW);
|
|
|
|
|
uno::Reference<xml::sax::XWriter> xSaxWriter = maSignatureHelper.CreateDocumentHandlerWithHeader(xOutputStream);
|
|
|
|
|
|
|
|
|
|
// Export old signatures...
|
|
|
|
|
uno::Reference<xml::sax::XDocumentHandler> xDocumentHandler(xSaxWriter, uno::UNO_QUERY_THROW);
|
2016-04-04 08:57:19 +02:00
|
|
|
std::size_t nInfos = maCurrentSignatureInformations.size();
|
|
|
|
|
for (std::size_t n = 0; n < nInfos; n++)
|
2016-11-17 12:40:06 +01:00
|
|
|
XMLSignatureHelper::ExportSignature(xDocumentHandler, maCurrentSignatureInformations[n], bAdESCompliant);
|
2016-02-15 11:38:23 +01:00
|
|
|
|
|
|
|
|
// Create a new one...
|
2016-11-17 12:40:06 +01:00
|
|
|
maSignatureHelper.CreateAndWriteSignature(xDocumentHandler, bAdESCompliant);
|
2016-02-15 11:38:23 +01:00
|
|
|
|
|
|
|
|
// That's it...
|
|
|
|
|
XMLSignatureHelper::CloseDocumentHandler(xDocumentHandler);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
// OOXML
|
|
|
|
|
|
|
|
|
|
// Handle relations.
|
2016-03-07 10:57:45 +01:00
|
|
|
maSignatureHelper.EnsureSignaturesRelation(mxStore, /*bAdd=*/true);
|
2016-02-15 11:38:23 +01:00
|
|
|
// Old signatures + the new one.
|
|
|
|
|
int nSignatureCount = maCurrentSignatureInformations.size() + 1;
|
|
|
|
|
maSignatureHelper.ExportSignatureRelations(aStreamHelper.xSignatureStorage, nSignatureCount);
|
|
|
|
|
|
2016-03-03 15:32:48 +01:00
|
|
|
// Export old signatures.
|
2016-04-04 08:57:19 +02:00
|
|
|
for (std::size_t i = 0; i < maCurrentSignatureInformations.size(); ++i)
|
2016-03-03 15:32:48 +01:00
|
|
|
maSignatureHelper.ExportOOXMLSignature(mxStore, aStreamHelper.xSignatureStorage, maCurrentSignatureInformations[i], i + 1);
|
|
|
|
|
|
2016-02-15 11:38:23 +01:00
|
|
|
// Create a new signature.
|
|
|
|
|
maSignatureHelper.CreateAndWriteOOXMLSignature(mxStore, aStreamHelper.xSignatureStorage, nSignatureCount);
|
|
|
|
|
|
|
|
|
|
// Flush objects.
|
|
|
|
|
uno::Reference<embed::XTransactedObject> xTransact(aStreamHelper.xSignatureStorage, uno::UNO_QUERY);
|
|
|
|
|
xTransact->commit();
|
|
|
|
|
uno::Reference<io::XOutputStream> xOutputStream(aStreamHelper.xSignatureStream, uno::UNO_QUERY);
|
|
|
|
|
xOutputStream->closeOutput();
|
|
|
|
|
|
|
|
|
|
uno::Reference<io::XTempFile> xTempFile(aStreamHelper.xSignatureStream, uno::UNO_QUERY);
|
2016-03-04 12:34:39 +01:00
|
|
|
SAL_INFO("xmlsecurity.helper", "DocumentSignatureManager::add temporary storage at " << xTempFile->getUri());
|
2016-02-15 11:38:23 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
maSignatureHelper.EndMission();
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2016-03-04 12:20:38 +01:00
|
|
|
void DocumentSignatureManager::remove(sal_uInt16 nPosition)
|
|
|
|
|
{
|
2016-10-24 14:41:18 +02:00
|
|
|
if (!mxStore.is())
|
|
|
|
|
{
|
|
|
|
|
// Something not ZIP based, try PDF.
|
|
|
|
|
uno::Reference<io::XInputStream> xInputStream(mxSignatureStream, uno::UNO_QUERY);
|
2016-10-26 17:53:04 +02:00
|
|
|
if (!PDFSignatureHelper::RemoveSignature(xInputStream, nPosition))
|
2016-10-24 14:41:18 +02:00
|
|
|
{
|
|
|
|
|
SAL_WARN("xmlsecurity.helper", "PDFSignatureHelper::RemoveSignature() failed");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-26 17:53:04 +02:00
|
|
|
// Only erase when the removal was successful, it may fail for PDF.
|
|
|
|
|
// Also, erase the requested and all following signatures, as PDF signatures are always chained.
|
|
|
|
|
maCurrentSignatureInformations.erase(maCurrentSignatureInformations.begin() + nPosition, maCurrentSignatureInformations.end());
|
2016-10-24 14:41:18 +02:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2016-03-04 12:20:38 +01:00
|
|
|
maCurrentSignatureInformations.erase(maCurrentSignatureInformations.begin() + nPosition);
|
|
|
|
|
|
|
|
|
|
// Export all other signatures...
|
|
|
|
|
SignatureStreamHelper aStreamHelper = ImplOpenSignatureStream(embed::ElementModes::WRITE | embed::ElementModes::TRUNCATE, /*bTempStream=*/true);
|
|
|
|
|
|
2016-03-04 12:34:39 +01:00
|
|
|
if (aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
|
|
|
|
|
{
|
|
|
|
|
uno::Reference<io::XOutputStream> xOutputStream(aStreamHelper.xSignatureStream, uno::UNO_QUERY_THROW);
|
|
|
|
|
uno::Reference<xml::sax::XWriter> xSaxWriter = maSignatureHelper.CreateDocumentHandlerWithHeader(xOutputStream);
|
|
|
|
|
|
|
|
|
|
uno::Reference< xml::sax::XDocumentHandler> xDocumentHandler(xSaxWriter, uno::UNO_QUERY_THROW);
|
2016-04-04 08:57:19 +02:00
|
|
|
std::size_t nInfos = maCurrentSignatureInformations.size();
|
|
|
|
|
for (std::size_t n = 0 ; n < nInfos ; ++n)
|
2016-11-09 15:14:03 +02:00
|
|
|
XMLSignatureHelper::ExportSignature(xDocumentHandler, maCurrentSignatureInformations[n], false /* ??? */);
|
2016-03-04 12:34:39 +01:00
|
|
|
|
|
|
|
|
XMLSignatureHelper::CloseDocumentHandler(xDocumentHandler);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
// OOXML
|
|
|
|
|
|
|
|
|
|
// Handle relations.
|
|
|
|
|
int nSignatureCount = maCurrentSignatureInformations.size();
|
|
|
|
|
maSignatureHelper.ExportSignatureRelations(aStreamHelper.xSignatureStorage, nSignatureCount);
|
|
|
|
|
|
|
|
|
|
// Export old signatures.
|
2016-04-04 08:57:19 +02:00
|
|
|
for (std::size_t i = 0; i < maCurrentSignatureInformations.size(); ++i)
|
2016-03-04 12:34:39 +01:00
|
|
|
maSignatureHelper.ExportOOXMLSignature(mxStore, aStreamHelper.xSignatureStorage, maCurrentSignatureInformations[i], i + 1);
|
|
|
|
|
|
|
|
|
|
// Flush objects.
|
|
|
|
|
uno::Reference<embed::XTransactedObject> xTransact(aStreamHelper.xSignatureStorage, uno::UNO_QUERY);
|
|
|
|
|
xTransact->commit();
|
|
|
|
|
uno::Reference<io::XOutputStream> xOutputStream(aStreamHelper.xSignatureStream, uno::UNO_QUERY);
|
|
|
|
|
xOutputStream->closeOutput();
|
2016-03-04 12:20:38 +01:00
|
|
|
|
2016-03-04 12:34:39 +01:00
|
|
|
uno::Reference<io::XTempFile> xTempFile(aStreamHelper.xSignatureStream, uno::UNO_QUERY);
|
|
|
|
|
SAL_INFO("xmlsecurity.helper", "DocumentSignatureManager::remove: temporary storage is at " << xTempFile->getUri());
|
|
|
|
|
}
|
2016-03-04 12:20:38 +01:00
|
|
|
}
|
|
|
|
|
|
xmlsecurity OOXML export: only cache existing signatures, not our temp. one
When adding a signature, first we export it to a temp. storage, then
read it back, show the verification to the user, and then later we do or
do not write the temp. storage back to the original one.
This means the signature gets exported two times, and MSO only considers
the final result valid. So when caching signatures (to avoid a real
export based on our data model), don't cache the one we just added to
the temp. storage, but do a real export second time as well.
With this, MSO considers our appended signature (next to an existing
one) valid, too.
Change-Id: I4d615298463e037ea4e654ff5c3addcef8b0a094
2016-03-04 10:49:12 +01:00
|
|
|
void DocumentSignatureManager::read(bool bUseTempStream, bool bCacheLastSignature)
|
2016-02-15 11:38:23 +01:00
|
|
|
{
|
|
|
|
|
maCurrentSignatureInformations.clear();
|
|
|
|
|
|
2016-10-13 16:11:02 +02:00
|
|
|
if (mxStore.is())
|
|
|
|
|
{
|
|
|
|
|
// ZIP-based: ODF or OOXML.
|
2016-11-08 14:10:05 +01:00
|
|
|
maSignatureHelper.StartMission(mxSecurityContext);
|
2016-02-15 11:38:23 +01:00
|
|
|
|
2016-10-13 16:11:02 +02:00
|
|
|
SignatureStreamHelper aStreamHelper = ImplOpenSignatureStream(embed::ElementModes::READ, bUseTempStream);
|
|
|
|
|
if (aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML && aStreamHelper.xSignatureStream.is())
|
|
|
|
|
{
|
|
|
|
|
uno::Reference< io::XInputStream > xInputStream(aStreamHelper.xSignatureStream, uno::UNO_QUERY);
|
|
|
|
|
maSignatureHelper.ReadAndVerifySignature(xInputStream);
|
|
|
|
|
}
|
|
|
|
|
else if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML && aStreamHelper.xSignatureStorage.is())
|
|
|
|
|
maSignatureHelper.ReadAndVerifySignatureStorage(aStreamHelper.xSignatureStorage, bCacheLastSignature);
|
|
|
|
|
maSignatureHelper.EndMission();
|
|
|
|
|
|
|
|
|
|
maCurrentSignatureInformations = maSignatureHelper.GetSignatureInformations();
|
|
|
|
|
}
|
|
|
|
|
else
|
2016-02-15 11:38:23 +01:00
|
|
|
{
|
2016-10-13 16:11:02 +02:00
|
|
|
// Something not ZIP based, try PDF.
|
|
|
|
|
uno::Reference<io::XInputStream> xInputStream(mxSignatureStream, uno::UNO_QUERY);
|
|
|
|
|
if (getPDFSignatureHelper().ReadAndVerifySignature(xInputStream))
|
|
|
|
|
maCurrentSignatureInformations = getPDFSignatureHelper().GetSignatureInformations();
|
2016-02-15 11:38:23 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-09 15:14:03 +02:00
|
|
|
void DocumentSignatureManager::write(bool bXAdESCompliantIfODF)
|
2016-03-07 09:58:12 +01:00
|
|
|
{
|
2016-10-20 17:07:26 +02:00
|
|
|
if (!mxStore.is())
|
|
|
|
|
{
|
|
|
|
|
// Something not ZIP based, assume PDF, which is written directly in add() already.
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2016-03-07 09:58:12 +01:00
|
|
|
// Export all other signatures...
|
|
|
|
|
SignatureStreamHelper aStreamHelper = ImplOpenSignatureStream(embed::ElementModes::WRITE|embed::ElementModes::TRUNCATE, false);
|
|
|
|
|
|
|
|
|
|
if (aStreamHelper.xSignatureStream.is() && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
|
|
|
|
|
{
|
|
|
|
|
// ODF
|
|
|
|
|
uno::Reference< io::XOutputStream > xOutputStream(aStreamHelper.xSignatureStream, uno::UNO_QUERY);
|
|
|
|
|
uno::Reference<xml::sax::XWriter> xSaxWriter = maSignatureHelper.CreateDocumentHandlerWithHeader(xOutputStream);
|
|
|
|
|
|
|
|
|
|
uno::Reference< xml::sax::XDocumentHandler> xDocumentHandler(xSaxWriter, uno::UNO_QUERY_THROW);
|
2016-04-04 08:57:19 +02:00
|
|
|
std::size_t nInfos = maCurrentSignatureInformations.size();
|
|
|
|
|
for (std::size_t n = 0 ; n < nInfos ; ++n)
|
2016-11-09 15:14:03 +02:00
|
|
|
XMLSignatureHelper::ExportSignature(xDocumentHandler, maCurrentSignatureInformations[n], bXAdESCompliantIfODF);
|
2016-03-07 09:58:12 +01:00
|
|
|
|
|
|
|
|
XMLSignatureHelper::CloseDocumentHandler(xDocumentHandler);
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
else if (aStreamHelper.xSignatureStorage.is() && aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
|
|
|
|
|
{
|
|
|
|
|
// OOXML
|
2016-04-04 08:57:19 +02:00
|
|
|
std::size_t nSignatureCount = maCurrentSignatureInformations.size();
|
2016-03-07 12:09:44 +01:00
|
|
|
maSignatureHelper.ExportSignatureContentTypes(mxStore, nSignatureCount);
|
2016-03-07 10:16:58 +01:00
|
|
|
if (nSignatureCount > 0)
|
|
|
|
|
maSignatureHelper.ExportSignatureRelations(aStreamHelper.xSignatureStorage, nSignatureCount);
|
2016-03-07 10:57:45 +01:00
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
// Removing all signatures: then need to remove the signature relation as well.
|
|
|
|
|
maSignatureHelper.EnsureSignaturesRelation(mxStore, /*bAdd=*/false);
|
2016-03-07 11:10:53 +01:00
|
|
|
// Also remove the whole signature sub-storage: release our read-write reference + remove the element.
|
|
|
|
|
aStreamHelper = SignatureStreamHelper();
|
|
|
|
|
mxStore->removeElement("_xmlsignatures");
|
2016-03-07 10:57:45 +01:00
|
|
|
}
|
2016-03-07 09:58:12 +01:00
|
|
|
|
2016-04-04 08:57:19 +02:00
|
|
|
for (std::size_t i = 0; i < nSignatureCount; ++i)
|
2016-03-07 09:58:12 +01:00
|
|
|
maSignatureHelper.ExportOOXMLSignature(mxStore, aStreamHelper.xSignatureStorage, maCurrentSignatureInformations[i], i + 1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If stream was not provided, we are responsible for committing it....
|
2016-03-07 11:10:53 +01:00
|
|
|
if (!mxSignatureStream.is() && aStreamHelper.xSignatureStorage.is())
|
2016-03-07 09:58:12 +01:00
|
|
|
{
|
|
|
|
|
uno::Reference<embed::XTransactedObject> xTrans(aStreamHelper.xSignatureStorage, uno::UNO_QUERY);
|
|
|
|
|
xTrans->commit();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-08 14:10:05 +01:00
|
|
|
uno::Reference<xml::crypto::XSecurityEnvironment> DocumentSignatureManager::getSecurityEnvironment()
|
|
|
|
|
{
|
|
|
|
|
return mxSecurityContext.is() ? mxSecurityContext->getSecurityEnvironment() : uno::Reference<xml::crypto::XSecurityEnvironment>();
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-15 11:38:23 +01:00
|
|
|
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|
