wangxin/loongoffice
1
0
Fork 0
forked from amazingfate/loongoffice
Code Pull Requests Activity
Files
8ca611b2125a74cfdb273cfedfa3b94de14f628b
loongoffice/xmlsecurity/source/component/documentdigitalsignatures.cxx
Stephan Bergmann 19691c3b68 Revert all the recent loplugin:unocast changes 
...as obsoleted by ef533553559fe09b4afab651fc692885d1acf4ed "Rudimentary support
for dynamic_cast on UNO proxy objects".

This reverts all of:
4cfcc9ac37b90ce64c8402a41eb4638adb185b5c "loplugin:unocast (framework::Desktop)"
03efbf72f4ddf7a84aa8aabef348331bd4b75e8a "loplugin:unocast
 (vclcanvas::TextLayout)"
80099fdd51a69eaa6c36ca88ef772810e4a777fa "loplugin:unocast (SalGtkXWindow)"
cc147f576d8687fb79c77d47d41dc4ba1678a469 "loplugin:unocast
 (sdext::presenter::CachablePresenterView)"
40db42be1d8fd0f9c6c8c5ba3767ddb9ee2034c2 "loplugin:unocast
 (vclcanvas::CanvasFont)"
2d1e7995eae29e2826449eb5179f5fae181794a5 "loplugin:unocast (CairoColorSpace)"
4c0bbe4bd97636207cf71a6aa120c67698891da9 "loplugin:unocast
 (canvas::ParametricPolyPolygon)"
89803666621c07d1b1ac9d3bd883f0ca192a91a0 "loplugin:unocast
 (vclcanas::CanvasBitmap)"
d5e0c2c8db71878d21c2a7255af08cf5f9a6dd04 "loplugin:unocast
 (sfx2::DigitalSignatures)"
c0c4519e0d5b555f59bbc04cc616454edfd1f4ce "loplugin:unocast
 (VCLXAccessibleComponent)"
feb8b833a6245d42400f42a0bc789dc84594ee6f "loplugin:unocast (VCLXDialog)"
1fa58cc6cc9c3849753342a5d9a6ddfa461b5e66 "loplugin:unocast (VCLXMultiPage)"
f481f036deb1b1b46f3038074c4659f3a91b9c6c "loplugin:unocast
 (DocumentSettingsSerializer)"
73df933f5fa5932f94e5a1b338a3eda00a9ce354 "loplugin:unocast
 (css::embed::EmbeddedUpdate)"
420165ab0ef03c0467f9d17f504de2d2fc78f0e6 "loplugin:unocast
 (canvas::tools' StandardColorSpace, StandardNoAlphaColorSpace)"
9abe8ee067e6c00f19d8a13346d53c4641c27166 "loplugin:unocast (MutableTreeNode)"
9f3022ceb036f23b4b0994c3e2fbd1001bff225a "loplugin:unocast (VCLXTabPage)"
1be70dda02c12a60778b7607cff2520ae1aa611e "loplugin:unocast
 (vcl::unotools::VclCanvasBitmap)"
d6a70bb641b96e8e5616448c2378131ed62658b4 "loplugin:unocast
 (basegfx::unotools::UnoPolyPolygon)"
5a14f009e6782c077463c8cbb8e9cea3d7950107 "loplugin:unocast
 (xmlsecurity::Certificate)"
99009c9535dfa3e0d838989ccc7d84bfa2320ff4 "loplugin:unocast (sd::Annotation)"
0c7585c5fa78887e5459885ed744e8044fd76137 "loplugin:unocast (sd::TextApiObject)"
24e14afd1bfcaed6c200ab081973fba7e47267ca "loplugin:unocast
 (SignatureVerifierImpl)"
1a7ad0c10d286ce9ae2700ceb2fd50eed1fb43a4 "loplugin:unocast
 (pcr::PropertyEventTranslation)"
a97e2d2702d9a6f37775ccee2c08c4f3b2479c4b "loplugin:unocast (RangePageBreaks)"
19dfdf86ad1f5b08041d8b7a9f196caf881231ab "iloplugin:unocast
 (pcr::OFormattedNumericControl)"
f9785ea595fd8e911f6370e836fa579225b9e571 "loplugin:unocast
 (frm::OInterfaceContainer)"
5e5f40a4a92a31b0932c690219d002fcf18598cf "loplugin:unocast (ScVbaShapes)"
27b35b2c215b4832d4378ec3a7ecbba926552d06 "loplugin:unocast (ScVbaShapeRange)"
cb3108f860065928552a86cf8acc4b3a95718ecf "cid#1517812 Dereference null return
 value"
feba0ddb1521d1142560fe54b7d7696ee910237f "loplugin:unocast
 (weld::TransportAsXWindow)"
4d6c23216559eb48f9943bb49d6e475a6d64ba15 "loplugin:unocast
 (oox::ForumlaImExportBase)"
4844c096a8ab6a9a620c410a0949d4499f12a504 "loplugin:unocast
 (cairocanvas::SurfaceProvider)"
9a0b523e0a84d403b9092176ccec4b3e3efe42d0 "loplugin:unocast
 (cairocanvas::CanvasBitmap)"
8a5648d8e59b4b007dbbf3824777c19a21efc61e "loplugin:unocast
 (cairocanvas::TextLayout)"
28c27a0623bc78a0590858f97d03b620985bc84c "loplugin:unocast
 (cairocanvas::CanvasFont)"
53bc223cb3288e32a417696ee61c29e5f01f209d "loplugin:unocast
 (cairocanvas::RepaintTarget)"
5f70b0b9f6bc4ab145ddbd9155590ed4a3b1b9ec "loplugin:unocast (SvXMLImport)"
068187a898cdd2e26e9b16c348ecc1ed2dee3f29 "loplugin:unocast (VCLXWindow)"
88b4f966202717cd4ad38a30a8eda22c3e69ed35 "loplugin:unocast
 (sfx2::sidebar::SidebarController)"
f1b7a69b280aefe2f1b3b0f32193494fd765f2bd "loplugin:unocast
 (SvxLineStyleToolBoxControl)"
ba76f0ba7e8de4d2953739c952004b7d9af47197 "loplugin:unocast
 (i18npool::Calendar_gregorian)"
840154daf934d8df52ead1cb7acd798c4d30f007 "loplugin:unocast
 (framework::AddonsToolBarWrapper)"
b0e9c4c5f063cefa9557810e3349bdb9c7493091 "loplugin:unocast
 (GrammarCheckingIterator)"
8ee6cfc9655ce9de4617cea1a0d9cb9d7a4fbfac "loplugin:unocast
 (ucb::ucp::ext::Content)"
5b8cd77c112bc8c0e92b8fec215c3c8e802bbc0a "loplugin:unocast
 (basic::SfxScriptLibraryContainer)"
9e73ff9fce12e102bb3c3cea8d8bb96c88f2c9ad "loplugin:unocast
 (sdext::presenter::PresenterNotesView)"
a98acca8fbc38d3fd5600ae5056a8e42b6d8a40d "loplugin:unocast
 (SelectionChangeHandler)"
c0b59ad6e35b0cb0dea0821e95f95569739078c1 "Consistently use
 comphelper::getSomethingImpl<I>(aIdentifier, this)"
276e3ccbdd3259ec3daf8a1a98fa7f406b14e21c "loplugin:unocast
 (vclcanvas::RepaintTarget)"

Change-Id: I37c73e3422a5154bf6cb647640d2d3f23db8bc34
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/145063
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
2023-01-05 11:45:51 +00:00

901 lines
39 KiB
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* This file is part of the LibreOffice project.
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* This file incorporates work covered by the following license notice:
*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed
* with this work for additional information regarding copyright
* ownership. The ASF licenses this file to you under the Apache
* License, Version 2.0 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
*/
#include <resourcemanager.hxx>
#include <certificate.hxx>
#include <certificatechooser.hxx>
#include <certificateviewer.hxx>
#include <digitalsignaturesdialog.hxx>
#include <macrosecurity.hxx>
#include <biginteger.hxx>
#include <strings.hrc>
#include <pdfsignaturehelper.hxx>
#include <sax/tools/converter.hxx>
#include <com/sun/star/embed/XStorage.hpp>
#include <com/sun/star/embed/StorageFormats.hpp>
#include <com/sun/star/embed/XTransactedObject.hpp>
#include <com/sun/star/embed/ElementModes.hpp>
#include <com/sun/star/lang/XInitialization.hpp>
#include <com/sun/star/lang/XServiceInfo.hpp>
#include <com/sun/star/ucb/XContent.hpp>
#include <com/sun/star/ucb/XContentIdentifierFactory.hpp>
#include <com/sun/star/ucb/XCommandEnvironment.hpp>
#include <com/sun/star/ucb/XCommandProcessor.hpp>
#include <com/sun/star/ucb/Command.hpp>
#include <com/sun/star/uno/SecurityException.hpp>
#include <vcl/weld.hxx>
#include <vcl/svapp.hxx>
#include <tools/date.hxx>
#include <tools/time.hxx>
#include <unotools/securityoptions.hxx>
#include <com/sun/star/security/CertificateValidity.hpp>
#include <com/sun/star/security/CertificateKind.hpp>
#include <comphelper/base64.hxx>
#include <comphelper/documentconstants.hxx>
#include <comphelper/propertyvalue.hxx>
#include <comphelper/sequence.hxx>
#include <cppuhelper/implbase.hxx>
#include <comphelper/xmlsechelper.hxx>
#include <cppuhelper/supportsservice.hxx>
#include <sal/log.hxx>
#include <com/sun/star/lang/IllegalArgumentException.hpp>
#include <com/sun/star/security/XDocumentDigitalSignatures.hpp>
#include <com/sun/star/xml/crypto/XXMLSecurityContext.hpp>
#include <sfx2/digitalsignatures.hxx>
#include <map>
using namespace css;
using namespace css::uno;
using namespace css::lang;
using namespace css::security;
using namespace css::xml::crypto;
namespace {
class DocumentDigitalSignatures
: public cppu::WeakImplHelper<css::security::XDocumentDigitalSignatures,
css::lang::XInitialization, css::lang::XServiceInfo>,
public sfx2::DigitalSignatures
{
private:
css::uno::Reference<css::uno::XComponentContext> mxCtx;
css::uno::Reference<css::awt::XWindow> mxParentWindow;
/// will be set by XInitialization. If not we assume true. false means an earlier version (whatever that means,
/// this is a string, not a boolean).
/// Note that the code talks about "ODF version" even if this class is also used to sign OOXML.
OUString m_sODFVersion;
/// The number of arguments which were passed in XInitialization::initialize
int m_nArgumentsCount;
/// Indicates if the document already contains a document signature
bool m_bHasDocumentSignature;
/// @throws css::uno::RuntimeException
bool ImplViewSignatures(const css::uno::Reference<css::embed::XStorage>& rxStorage,
const css::uno::Reference<css::io::XStream>& xSignStream,
DocumentSignatureMode eMode, bool bReadOnly);
/// @throws css::uno::RuntimeException
void ImplViewSignatures(const css::uno::Reference<css::embed::XStorage>& rxStorage,
const css::uno::Reference<css::io::XInputStream>& xSignStream,
DocumentSignatureMode eMode, bool bReadOnly);
/// @throws css::uno::RuntimeException
css::uno::Sequence<css::security::DocumentSignatureInformation>
ImplVerifySignatures(const css::uno::Reference<css::embed::XStorage>& rxStorage,
const ::com::sun::star::uno::Reference<css::io::XInputStream>& xSignStream,
DocumentSignatureMode eMode);
css::uno::Sequence<css::uno::Reference<css::security::XCertificate>>
chooseCertificatesImpl(std::map<OUString, OUString>& rProperties, const UserAction eAction,
const CertificateKind certificateKind=CertificateKind_NONE);
bool
signWithCertificateImpl(const uno::Reference<frame::XModel>& /*xModel*/,
css::uno::Reference<css::security::XCertificate> const& xCertificate,
css::uno::Reference<css::embed::XStorage> const& xStorage,
css::uno::Reference<css::io::XStream> const& xStream,
DocumentSignatureMode eMode);
public:
explicit DocumentDigitalSignatures(
const css::uno::Reference<css::uno::XComponentContext>& rxCtx);
//XInitialization
void SAL_CALL initialize(const css::uno::Sequence<css::uno::Any>& aArguments) override;
OUString SAL_CALL getImplementationName() override;
sal_Bool SAL_CALL supportsService(OUString const& ServiceName) override;
css::uno::Sequence<OUString> SAL_CALL getSupportedServiceNames() override;
// XDocumentDigitalSignatures
sal_Bool SAL_CALL
signDocumentContent(const css::uno::Reference<css::embed::XStorage>& xStorage,
const css::uno::Reference<css::io::XStream>& xSignStream) override;
sal_Bool SAL_CALL signSignatureLine(
const css::uno::Reference<css::embed::XStorage>& Storage,
const css::uno::Reference<css::io::XStream>& xSignStream, const OUString& aSignatureLineId,
const Reference<css::security::XCertificate>& xCertificate,
const Reference<css::graphic::XGraphic>& xValidGraphic,
const Reference<css::graphic::XGraphic>& xInvalidGraphic,
const OUString& aComment) override;
css::uno::Sequence<css::security::DocumentSignatureInformation>
SAL_CALL verifyDocumentContentSignatures(
const css::uno::Reference<css::embed::XStorage>& xStorage,
const css::uno::Reference<css::io::XInputStream>& xSignInStream) override;
void SAL_CALL showDocumentContentSignatures(
const css::uno::Reference<css::embed::XStorage>& xStorage,
const css::uno::Reference<css::io::XInputStream>& xSignInStream) override;
OUString SAL_CALL getDocumentContentSignatureDefaultStreamName() override;
sal_Bool SAL_CALL
signScriptingContent(const css::uno::Reference<css::embed::XStorage>& xStorage,
const css::uno::Reference<css::io::XStream>& xSignStream) override;
css::uno::Sequence<css::security::DocumentSignatureInformation>
SAL_CALL verifyScriptingContentSignatures(
const css::uno::Reference<css::embed::XStorage>& xStorage,
const css::uno::Reference<css::io::XInputStream>& xSignInStream) override;
void SAL_CALL showScriptingContentSignatures(
const css::uno::Reference<css::embed::XStorage>& xStorage,
const css::uno::Reference<css::io::XInputStream>& xSignInStream) override;
OUString SAL_CALL getScriptingContentSignatureDefaultStreamName() override;
sal_Bool SAL_CALL
signPackage(const css::uno::Reference<css::embed::XStorage>& Storage,
const css::uno::Reference<css::io::XStream>& xSignStream) override;
css::uno::Sequence<css::security::DocumentSignatureInformation>
SAL_CALL verifyPackageSignatures(
const css::uno::Reference<css::embed::XStorage>& Storage,
const css::uno::Reference<css::io::XInputStream>& xSignInStream) override;
void SAL_CALL
showPackageSignatures(const css::uno::Reference<css::embed::XStorage>& xStorage,
const css::uno::Reference<css::io::XInputStream>& xSignInStream) override;
OUString SAL_CALL getPackageSignatureDefaultStreamName() override;
void SAL_CALL
showCertificate(const css::uno::Reference<css::security::XCertificate>& Certificate) override;
void SAL_CALL manageTrustedSources() override;
sal_Bool SAL_CALL
isAuthorTrusted(const css::uno::Reference<css::security::XCertificate>& Author) override;
sal_Bool SAL_CALL isLocationTrusted(const OUString& Location) override;
void SAL_CALL addAuthorToTrustedSources(
const css::uno::Reference<css::security::XCertificate>& Author) override;
void SAL_CALL addLocationToTrustedSources(const OUString& Location) override;
css::uno::Reference<css::security::XCertificate>
SAL_CALL chooseCertificate(OUString& rDescription) override;
css::uno::Reference<css::security::XCertificate>
SAL_CALL chooseSigningCertificate(OUString& rDescription) override;
css::uno::Reference<css::security::XCertificate>
SAL_CALL selectSigningCertificate(OUString& rDescription) override;
css::uno::Reference<css::security::XCertificate>
SAL_CALL selectSigningCertificateWithType(const CertificateKind certificateKind,
OUString& rDescription) override;
css::uno::Sequence<css::uno::Reference<css::security::XCertificate>>
SAL_CALL chooseEncryptionCertificate() override;
css::uno::Reference<css::security::XCertificate> SAL_CALL chooseCertificateWithProps(
css::uno::Sequence<::com::sun::star::beans::PropertyValue>& Properties) override;
sal_Bool SAL_CALL signDocumentWithCertificate(
css::uno::Reference<css::security::XCertificate> const & xCertificate,
css::uno::Reference<css::embed::XStorage> const & xStoragexStorage,
css::uno::Reference<css::io::XStream> const & xStream) override;
sal_Bool SAL_CALL signPackageWithCertificate(
css::uno::Reference<css::security::XCertificate> const& xCertificate,
css::uno::Reference<css::embed::XStorage> const& xStoragexStorage,
css::uno::Reference<css::io::XStream> const& xStream) override;
sal_Bool SAL_CALL signScriptingContentWithCertificate(
css::uno::Reference<css::security::XCertificate> const& xCertificate,
css::uno::Reference<css::embed::XStorage> const& xStoragexStorage,
css::uno::Reference<css::io::XStream> const& xStream) override;
void SAL_CALL setParentWindow(const css::uno::Reference<css::awt::XWindow>& rParentwindow) override
{
mxParentWindow = rParentwindow;
}
/// See sfx2::DigitalSignatures::SignModelWithCertificate().
bool
SignModelWithCertificate(const css::uno::Reference<css::frame::XModel>& xModel,
const css::uno::Reference<css::security::XCertificate>& xCertificate,
const css::uno::Reference<css::embed::XStorage>& xStorage,
const css::uno::Reference<css::io::XStream>& xStream) override;
};
}
DocumentDigitalSignatures::DocumentDigitalSignatures( const Reference< XComponentContext >& rxCtx ):
mxCtx(rxCtx),
m_sODFVersion(ODFVER_013_TEXT),
m_nArgumentsCount(0),
m_bHasDocumentSignature(false)
{
}
void DocumentDigitalSignatures::initialize( const Sequence< Any >& aArguments)
{
if (aArguments.getLength() > 2)
throw css::lang::IllegalArgumentException(
"DocumentDigitalSignatures::initialize requires zero, one, or two arguments",
static_cast<XInitialization*>(this), 0);
m_nArgumentsCount = aArguments.getLength();
if (!aArguments.hasElements())
return;
if (!(aArguments[0] >>= m_sODFVersion))
throw css::lang::IllegalArgumentException(
"DocumentDigitalSignatures::initialize: the first arguments must be a string",
static_cast<XInitialization*>(this), 0);
if (aArguments.getLength() == 2
&& !(aArguments[1] >>= m_bHasDocumentSignature))
throw css::lang::IllegalArgumentException(
"DocumentDigitalSignatures::initialize: the second arguments must be a bool",
static_cast<XInitialization*>(this), 1);
//the Version is supported as of ODF1.2, so for and 1.1 document or older we will receive the
//an empty string. In this case we set it to ODFVER_010_TEXT. Then we can later check easily
//if initialize was called. Only then m_sODFVersion.getLength() is greater than 0
if (m_sODFVersion.isEmpty())
m_sODFVersion = ODFVER_010_TEXT;
}
OUString DocumentDigitalSignatures::getImplementationName()
{
return "com.sun.star.security.DocumentDigitalSignatures";
}
sal_Bool DocumentDigitalSignatures::supportsService(
OUString const & ServiceName)
{
return cppu::supportsService(this, ServiceName);
}
css::uno::Sequence<OUString>
DocumentDigitalSignatures::getSupportedServiceNames()
{
Sequence<OUString> aRet{ "com.sun.star.security.DocumentDigitalSignatures" };
return aRet;
}
sal_Bool DocumentDigitalSignatures::signDocumentContent(
const Reference< css::embed::XStorage >& rxStorage,
const Reference< css::io::XStream >& xSignStream)
{
OSL_ENSURE(!m_sODFVersion.isEmpty(), "DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
return ImplViewSignatures( rxStorage, xSignStream, DocumentSignatureMode::Content, false );
}
sal_Bool DocumentDigitalSignatures::signSignatureLine(
const Reference<css::embed::XStorage>& rxStorage,
const Reference<css::io::XStream>& xSignStream,
const OUString& aSignatureLineId,
const Reference<css::security::XCertificate>& xCertificate,
const Reference<css::graphic::XGraphic>& xValidGraphic,
const Reference<css::graphic::XGraphic>& xInvalidGraphic,
const OUString& aComment)
{
OSL_ENSURE(!m_sODFVersion.isEmpty(),
"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
DocumentSignatureManager aSignatureManager(mxCtx, DocumentSignatureMode::Content);
if (!aSignatureManager.init())
return false;
aSignatureManager.setStore(rxStorage);
aSignatureManager.getSignatureHelper().SetStorage(rxStorage, m_sODFVersion);
aSignatureManager.setSignatureStream(xSignStream);
Reference<XXMLSecurityContext> xSecurityContext;
Reference<XServiceInfo> xServiceInfo(xCertificate, UNO_QUERY);
if (xServiceInfo->getImplementationName()
== "com.sun.star.xml.security.gpg.XCertificate_GpgImpl")
xSecurityContext = aSignatureManager.getGpgSecurityContext();
else
xSecurityContext = aSignatureManager.getSecurityContext();
sal_Int32 nSecurityId;
bool bSuccess = aSignatureManager.add(xCertificate, xSecurityContext, aComment, nSecurityId,
true, aSignatureLineId, xValidGraphic, xInvalidGraphic);
if (!bSuccess)
return false;
// Need to have this to verify the signature
aSignatureManager.read(/*bUseTempStream=*/true, /*bCacheLastSignature=*/false);
aSignatureManager.write(true);
if (rxStorage.is() && !xSignStream.is())
{
uno::Reference<embed::XTransactedObject> xTrans(rxStorage, uno::UNO_QUERY);
xTrans->commit();
}
return true;
}
Sequence< css::security::DocumentSignatureInformation >
DocumentDigitalSignatures::verifyDocumentContentSignatures(
const Reference< css::embed::XStorage >& rxStorage,
const Reference< css::io::XInputStream >& xSignInStream )
{
OSL_ENSURE(!m_sODFVersion.isEmpty(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
return ImplVerifySignatures( rxStorage, xSignInStream, DocumentSignatureMode::Content );
}
void DocumentDigitalSignatures::showDocumentContentSignatures(
const Reference< css::embed::XStorage >& rxStorage,
const Reference< css::io::XInputStream >& xSignInStream )
{
OSL_ENSURE(!m_sODFVersion.isEmpty(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
ImplViewSignatures( rxStorage, xSignInStream, DocumentSignatureMode::Content, true );
}
OUString DocumentDigitalSignatures::getDocumentContentSignatureDefaultStreamName()
{
return DocumentSignatureHelper::GetDocumentContentSignatureDefaultStreamName();
}
sal_Bool DocumentDigitalSignatures::signScriptingContent(
const Reference< css::embed::XStorage >& rxStorage,
const Reference< css::io::XStream >& xSignStream )
{
OSL_ENSURE(!m_sODFVersion.isEmpty(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
OSL_ENSURE(m_nArgumentsCount == 2, "DocumentDigitalSignatures: Service was not initialized properly");
return ImplViewSignatures( rxStorage, xSignStream, DocumentSignatureMode::Macros, false );
}
Sequence< css::security::DocumentSignatureInformation >
DocumentDigitalSignatures::verifyScriptingContentSignatures(
const Reference< css::embed::XStorage >& rxStorage,
const Reference< css::io::XInputStream >& xSignInStream )
{
OSL_ENSURE(!m_sODFVersion.isEmpty(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
return ImplVerifySignatures( rxStorage, xSignInStream, DocumentSignatureMode::Macros );
}
void DocumentDigitalSignatures::showScriptingContentSignatures(
const Reference< css::embed::XStorage >& rxStorage,
const Reference< css::io::XInputStream >& xSignInStream )
{
OSL_ENSURE(!m_sODFVersion.isEmpty(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
ImplViewSignatures( rxStorage, xSignInStream, DocumentSignatureMode::Macros, true );
}
OUString DocumentDigitalSignatures::getScriptingContentSignatureDefaultStreamName()
{
return DocumentSignatureHelper::GetScriptingContentSignatureDefaultStreamName();
}
sal_Bool DocumentDigitalSignatures::signPackage(
const Reference< css::embed::XStorage >& rxStorage,
const Reference< css::io::XStream >& xSignStream )
{
OSL_ENSURE(!m_sODFVersion.isEmpty(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
return ImplViewSignatures( rxStorage, xSignStream, DocumentSignatureMode::Package, false );
}
Sequence< css::security::DocumentSignatureInformation >
DocumentDigitalSignatures::verifyPackageSignatures(
const Reference< css::embed::XStorage >& rxStorage,
const Reference< css::io::XInputStream >& xSignInStream )
{
OSL_ENSURE(!m_sODFVersion.isEmpty(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
return ImplVerifySignatures( rxStorage, xSignInStream, DocumentSignatureMode::Package );
}
void DocumentDigitalSignatures::showPackageSignatures(
const Reference< css::embed::XStorage >& rxStorage,
const Reference< css::io::XInputStream >& xSignInStream )
{
OSL_ENSURE(!m_sODFVersion.isEmpty(),"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
ImplViewSignatures( rxStorage, xSignInStream, DocumentSignatureMode::Package, true );
}
OUString DocumentDigitalSignatures::getPackageSignatureDefaultStreamName( )
{
return DocumentSignatureHelper::GetPackageSignatureDefaultStreamName();
}
void DocumentDigitalSignatures::ImplViewSignatures(
const Reference< css::embed::XStorage >& rxStorage,
const Reference< css::io::XInputStream >& xSignStream,
DocumentSignatureMode eMode, bool bReadOnly )
{
Reference< io::XStream > xStream;
if ( xSignStream.is() )
xStream.set( xSignStream, UNO_QUERY );
ImplViewSignatures( rxStorage, xStream, eMode, bReadOnly );
}
bool DocumentDigitalSignatures::ImplViewSignatures(
const Reference< css::embed::XStorage >& rxStorage, const Reference< css::io::XStream >& xSignStream,
DocumentSignatureMode eMode, bool bReadOnly )
{
bool bChanges = false;
auto xSignaturesDialog = std::make_shared<DigitalSignaturesDialog>(
Application::GetFrameWeld(mxParentWindow), mxCtx, eMode, bReadOnly, m_sODFVersion,
m_bHasDocumentSignature);
bool bInit = xSignaturesDialog->Init();
SAL_WARN_IF( !bInit, "xmlsecurity.comp", "Error initializing security context!" );
if ( bInit )
{
xSignaturesDialog->SetStorage(rxStorage);
xSignaturesDialog->SetSignatureStream( xSignStream );
if (bReadOnly)
{
xSignaturesDialog->beforeRun();
weld::DialogController::runAsync(xSignaturesDialog, [] (sal_Int32) {});
return false;
}
else if (xSignaturesDialog->run() == RET_OK)
{
if (xSignaturesDialog->SignaturesChanged())
{
bChanges = true;
// If we have a storage and no stream, we are responsible for commit
if ( rxStorage.is() && !xSignStream.is() )
{
uno::Reference< embed::XTransactedObject > xTrans( rxStorage, uno::UNO_QUERY );
xTrans->commit();
}
}
}
}
else
{
std::unique_ptr<weld::MessageDialog> xBox(Application::CreateMessageDialog(Application::GetFrameWeld(mxParentWindow),
VclMessageType::Warning, VclButtonsType::Ok,
XsResId(RID_XMLSECWB_NO_MOZILLA_PROFILE)));
xBox->run();
}
return bChanges;
}
Sequence< css::security::DocumentSignatureInformation >
DocumentDigitalSignatures::ImplVerifySignatures(
const Reference< css::embed::XStorage >& rxStorage,
const Reference< css::io::XInputStream >& xSignStream, DocumentSignatureMode eMode )
{
DocumentSignatureManager aSignatureManager(mxCtx, eMode);
bool bInit = aSignatureManager.init();
SAL_WARN_IF(!bInit, "xmlsecurity.comp", "Error initializing security context!");
if (!bInit)
return {};
if (!rxStorage.is())
{
if (xSignStream.is())
{
// Something not ZIP-based, try PDF.
PDFSignatureHelper& rSignatureHelper = aSignatureManager.getPDFSignatureHelper();
if (rSignatureHelper.ReadAndVerifySignature(xSignStream))
return rSignatureHelper.GetDocumentSignatureInformations(aSignatureManager.getSecurityEnvironment());
}
SAL_WARN( "xmlsecurity.comp", "Error, no XStorage provided");
return Sequence<css::security::DocumentSignatureInformation>();
}
// First check for the InputStream, to avoid unnecessary initialization of the security environment...
SignatureStreamHelper aStreamHelper;
Reference< io::XInputStream > xInputStream = xSignStream;
if ( !xInputStream.is() )
{
aStreamHelper = DocumentSignatureHelper::OpenSignatureStream( rxStorage, embed::ElementModes::READ, eMode );
if ( aStreamHelper.xSignatureStream.is() )
xInputStream.set( aStreamHelper.xSignatureStream, UNO_QUERY );
}
if (!xInputStream.is() && aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
return {};
XMLSignatureHelper& rSignatureHelper = aSignatureManager.getSignatureHelper();
rSignatureHelper.SetStorage(rxStorage, m_sODFVersion);
rSignatureHelper.StartMission(aSignatureManager.getSecurityContext());
if (xInputStream.is())
rSignatureHelper.ReadAndVerifySignature(xInputStream);
else if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
rSignatureHelper.ReadAndVerifySignatureStorage(aStreamHelper.xSignatureStorage);
rSignatureHelper.EndMission();
uno::Reference<xml::crypto::XSecurityEnvironment> xSecEnv = aSignatureManager.getSecurityEnvironment();
uno::Reference<xml::crypto::XSecurityEnvironment> xGpgSecEnv = aSignatureManager.getGpgSecurityEnvironment();
SignatureInformations aSignInfos = rSignatureHelper.GetSignatureInformations();
int nInfos = aSignInfos.size();
Sequence< css::security::DocumentSignatureInformation > aInfos(nInfos);
css::security::DocumentSignatureInformation* arInfos = aInfos.getArray();
for (int n = 0; n < nInfos; ++n)
{
DocumentSignatureAlgorithm mode
= DocumentSignatureHelper::getDocumentAlgorithm(m_sODFVersion, aSignInfos[n]);
const std::vector<OUString> aElementsToBeVerified
= DocumentSignatureHelper::CreateElementList(rxStorage, eMode, mode);
const SignatureInformation& rInfo = aSignInfos[n];
css::security::DocumentSignatureInformation& rSigInfo = arInfos[n];
if (!rInfo.X509Datas.empty()) // X.509
{
std::vector<uno::Reference<XCertificate>> certs(
rSignatureHelper.CheckAndUpdateSignatureInformation(
xSecEnv, rInfo));
if (certs.empty())
{
rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID;
}
else
{
rSigInfo.Signer = certs.back();
// get only intermediates
certs.pop_back();
// On Windows checking the certificate path is buggy. It does name matching (issuer, subject name)
// to find the parent certificate. It does not take into account that there can be several certificates
// with the same subject name.
try
{
rSigInfo.CertificateStatus = xSecEnv->verifyCertificate(
rSigInfo.Signer, comphelper::containerToSequence(certs));
}
catch (SecurityException&)
{
SAL_WARN("xmlsecurity.comp", "Verification of certificate failed");
rSigInfo.CertificateStatus = css::security::CertificateValidity::INVALID;
}
}
}
else if (!rInfo.ouGpgCertificate.isEmpty() && xGpgSecEnv.is()) // GPG
{
// TODO not ideal to retrieve cert by keyID, might
// collide, or PGPKeyID format might change - can't we
// keep the xCert itself in rInfo?
rSigInfo.Signer = xGpgSecEnv->getCertificate(
rInfo.ouGpgKeyID, xmlsecurity::numericStringToBigInteger(u""));
rSigInfo.CertificateStatus = xGpgSecEnv->verifyCertificate(
rSigInfo.Signer, Sequence<Reference<css::security::XCertificate>>());
}
// Time support again (#i38744#)
Date aDate(rInfo.stDateTime.Day, rInfo.stDateTime.Month, rInfo.stDateTime.Year);
tools::Time aTime(rInfo.stDateTime.Hours, rInfo.stDateTime.Minutes,
rInfo.stDateTime.Seconds, rInfo.stDateTime.NanoSeconds);
rSigInfo.SignatureDate = aDate.GetDate();
rSigInfo.SignatureTime = aTime.GetTime() / tools::Time::nanoPerCenti;
rSigInfo.SignatureIsValid
= (rInfo.nStatus == css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED);
// Signature line info (ID + Images)
if (!rInfo.ouSignatureLineId.isEmpty())
rSigInfo.SignatureLineId = rInfo.ouSignatureLineId;
if (rInfo.aValidSignatureImage.is())
rSigInfo.ValidSignatureLineImage = rInfo.aValidSignatureImage;
if (rInfo.aInvalidSignatureImage.is())
rSigInfo.InvalidSignatureLineImage = rInfo.aInvalidSignatureImage;
// OOXML intentionally doesn't sign metadata.
if (rSigInfo.SignatureIsValid
&& aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML)
{
rSigInfo.SignatureIsValid = DocumentSignatureHelper::checkIfAllFilesAreSigned(
aElementsToBeVerified, rInfo, mode);
}
if (eMode == DocumentSignatureMode::Content)
{
if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML)
rSigInfo.PartialDocumentSignature = true;
else
rSigInfo.PartialDocumentSignature
= !DocumentSignatureHelper::isOOo3_2_Signature(aSignInfos[n]);
}
}
return aInfos;
}
void DocumentDigitalSignatures::manageTrustedSources( )
{
// MT: i45295
// SecEnv is only needed to display certificate information from trusted sources.
// Macro Security also has some options where no security environment is needed, so raise dialog anyway.
// Later I should change the code so the Dialog creates the SecEnv on demand...
Reference< css::xml::crypto::XSecurityEnvironment > xSecEnv;
DocumentSignatureManager aSignatureManager(mxCtx, {});
if (aSignatureManager.init())
xSecEnv = aSignatureManager.getSecurityEnvironment();
MacroSecurity aDlg(Application::GetFrameWeld(mxParentWindow), xSecEnv);
aDlg.run();
}
void DocumentDigitalSignatures::showCertificate(
const Reference< css::security::XCertificate >& Certificate )
{
DocumentSignatureManager aSignatureManager(mxCtx, {});
bool bInit = aSignatureManager.init();
SAL_WARN_IF( !bInit, "xmlsecurity.comp", "Error initializing security context!" );
if ( bInit )
{
CertificateViewer aViewer(Application::GetFrameWeld(mxParentWindow), aSignatureManager.getSecurityEnvironment(), Certificate, false, nullptr);
aViewer.run();
}
}
sal_Bool DocumentDigitalSignatures::isAuthorTrusted(
const Reference<css::security::XCertificate>& xAuthor)
{
if (!xAuthor.is())
{
return false;
}
OUString sSerialNum = xmlsecurity::bigIntegerToNumericString(xAuthor->getSerialNumber());
std::vector< SvtSecurityOptions::Certificate > aTrustedAuthors = SvtSecurityOptions::GetTrustedAuthors();
return std::any_of(aTrustedAuthors.begin(), aTrustedAuthors.end(),
[this, &xAuthor, &sSerialNum](const SvtSecurityOptions::Certificate& rAuthor) {
if (!xmlsecurity::EqualDistinguishedNames(rAuthor.SubjectName, xAuthor->getIssuerName(), xmlsecurity::NOCOMPAT))
return false;
if (rAuthor.SerialNumber != sSerialNum)
return false;
DocumentSignatureManager aSignatureManager(mxCtx, {});
if (!aSignatureManager.init())
return false;
uno::Reference<css::security::XCertificate> xCert = aSignatureManager.getSecurityEnvironment()->createCertificateFromAscii(rAuthor.RawData);
auto pAuthor = dynamic_cast<xmlsecurity::Certificate*>(xAuthor.get());
auto pCert = dynamic_cast<xmlsecurity::Certificate*>(xCert.get());
if (pAuthor && pCert)
return pCert->getSHA256Thumbprint() == pAuthor->getSHA256Thumbprint();
return xCert->getSHA1Thumbprint() == xAuthor->getSHA1Thumbprint();
});
}
uno::Sequence<Reference<css::security::XCertificate>>
DocumentDigitalSignatures::chooseCertificatesImpl(std::map<OUString, OUString>& rProperties,
const UserAction eAction,
const CertificateKind certificateKind)
{
std::vector< Reference< css::xml::crypto::XXMLSecurityContext > > xSecContexts;
DocumentSignatureManager aSignatureManager(mxCtx, {});
if (aSignatureManager.init()) {
xSecContexts.push_back(aSignatureManager.getSecurityContext());
// Don't include OpenPGP if only X.509 certs are requested
if (certificateKind == CertificateKind_NONE || certificateKind == CertificateKind_OPENPGP)
xSecContexts.push_back(aSignatureManager.getGpgSecurityContext());
}
CertificateChooser aChooser(Application::GetFrameWeld(mxParentWindow), std::move(xSecContexts), eAction);
if (aChooser.run() != RET_OK)
return { Reference< css::security::XCertificate >(nullptr) };
uno::Sequence< Reference< css::security::XCertificate > > xCerts = aChooser.GetSelectedCertificates();
rProperties["Description"] = aChooser.GetDescription();
rProperties["Usage"] = aChooser.GetUsageText();
return xCerts;
}
Reference< css::security::XCertificate > DocumentDigitalSignatures::chooseCertificate(OUString& rDescription)
{
return chooseSigningCertificate( rDescription );
}
Reference< css::security::XCertificate > DocumentDigitalSignatures::chooseSigningCertificate(OUString& rDescription)
{
std::map<OUString, OUString> aProperties;
Reference< css::security::XCertificate > xCert = chooseCertificatesImpl( aProperties, UserAction::Sign )[0];
rDescription = aProperties["Description"];
return xCert;
}
Reference< css::security::XCertificate > DocumentDigitalSignatures::selectSigningCertificate(OUString& rDescription)
{
std::map<OUString, OUString> aProperties;
Reference< css::security::XCertificate > xCert = chooseCertificatesImpl( aProperties, UserAction::SelectSign )[0];
rDescription = aProperties["Description"];
return xCert;
}
Reference<css::security::XCertificate>
DocumentDigitalSignatures::selectSigningCertificateWithType(const CertificateKind certificateKind,
OUString& rDescription)
{
std::map<OUString, OUString> aProperties;
Reference<css::security::XCertificate> xCert
= chooseCertificatesImpl(aProperties, UserAction::SelectSign, certificateKind)[0];
rDescription = aProperties["Description"];
return xCert;
}
css::uno::Sequence< Reference< css::security::XCertificate > > DocumentDigitalSignatures::chooseEncryptionCertificate()
{
std::map<OUString, OUString> aProperties;
uno::Sequence< Reference< css::security::XCertificate > > aCerts=
chooseCertificatesImpl( aProperties, UserAction::Encrypt );
if (aCerts.getLength() == 1 && !aCerts[0].is())
// our error case contract is: empty sequence, so map that!
return uno::Sequence< Reference< css::security::XCertificate > >();
else
return aCerts;
}
css::uno::Reference< css::security::XCertificate > DocumentDigitalSignatures::chooseCertificateWithProps(Sequence<::com::sun::star::beans::PropertyValue>& rProperties)
{
std::map<OUString, OUString> aProperties;
auto xCert = chooseCertificatesImpl( aProperties, UserAction::Sign )[0];
std::vector<css::beans::PropertyValue> vec;
vec.reserve(aProperties.size());
for (const auto& pair : aProperties)
{
vec.emplace_back(comphelper::makePropertyValue(pair.first, pair.second));
}
rProperties = comphelper::containerToSequence(vec);
return xCert;
}
sal_Bool DocumentDigitalSignatures::isLocationTrusted( const OUString& Location )
{
return SvtSecurityOptions::isTrustedLocationUri(Location);
}
void DocumentDigitalSignatures::addAuthorToTrustedSources(
const Reference< css::security::XCertificate >& Author )
{
SvtSecurityOptions::Certificate aNewCert;
aNewCert.SubjectName = Author->getIssuerName();
aNewCert.SerialNumber = xmlsecurity::bigIntegerToNumericString( Author->getSerialNumber() );
OUStringBuffer aStrBuffer;
::comphelper::Base64::encode(aStrBuffer, Author->getEncoded());
aNewCert.RawData = aStrBuffer.makeStringAndClear();
std::vector< SvtSecurityOptions::Certificate > aTrustedAuthors = SvtSecurityOptions::GetTrustedAuthors();
aTrustedAuthors.push_back( aNewCert );
SvtSecurityOptions::SetTrustedAuthors( aTrustedAuthors );
}
void DocumentDigitalSignatures::addLocationToTrustedSources( const OUString& Location )
{
std::vector< OUString > aSecURLs = SvtSecurityOptions::GetSecureURLs();
aSecURLs.push_back(Location);
SvtSecurityOptions::SetSecureURLs( std::move(aSecURLs) );
}
sal_Bool DocumentDigitalSignatures::signDocumentWithCertificate(
css::uno::Reference<css::security::XCertificate> const & xCertificate,
css::uno::Reference<css::embed::XStorage> const & xStorage,
css::uno::Reference<css::io::XStream> const & xStream)
{
uno::Reference<frame::XModel> xModel;
return signWithCertificateImpl(xModel, xCertificate, xStorage, xStream,
DocumentSignatureMode::Content);
}
bool DocumentDigitalSignatures::SignModelWithCertificate(
const uno::Reference<frame::XModel>& xModel,
const css::uno::Reference<css::security::XCertificate>& xCertificate,
const css::uno::Reference<css::embed::XStorage>& xStorage,
const css::uno::Reference<css::io::XStream>& xStream)
{
return signWithCertificateImpl(xModel, xCertificate, xStorage, xStream,
DocumentSignatureMode::Content);
}
sal_Bool DocumentDigitalSignatures::signPackageWithCertificate(
css::uno::Reference<css::security::XCertificate> const& xCertificate,
css::uno::Reference<css::embed::XStorage> const& xStorage,
css::uno::Reference<css::io::XStream> const& xStream)
{
uno::Reference<frame::XModel> xModel;
return signWithCertificateImpl(xModel, xCertificate, xStorage, xStream,
DocumentSignatureMode::Package);
}
sal_Bool DocumentDigitalSignatures::signScriptingContentWithCertificate(
css::uno::Reference<css::security::XCertificate> const& xCertificate,
css::uno::Reference<css::embed::XStorage> const& xStorage,
css::uno::Reference<css::io::XStream> const& xStream)
{
uno::Reference<frame::XModel> xModel;
return signWithCertificateImpl(xModel, xCertificate, xStorage, xStream,
DocumentSignatureMode::Macros);
}
bool DocumentDigitalSignatures::signWithCertificateImpl(
const uno::Reference<frame::XModel>& xModel,
css::uno::Reference<css::security::XCertificate> const& xCertificate,
css::uno::Reference<css::embed::XStorage> const& xStorage,
css::uno::Reference<css::io::XStream> const& xStream, DocumentSignatureMode eMode)
{
OSL_ENSURE(!m_sODFVersion.isEmpty(),
"DocumentDigitalSignatures: ODF Version not set, assuming minimum 1.2");
DocumentSignatureManager aSignatureManager(mxCtx, eMode);
if (!aSignatureManager.init())
return false;
aSignatureManager.setStore(xStorage);
aSignatureManager.getSignatureHelper().SetStorage(xStorage, m_sODFVersion);
aSignatureManager.setSignatureStream(xStream);
aSignatureManager.setModel(xModel);
Reference<XXMLSecurityContext> xSecurityContext = aSignatureManager.getSecurityContext();
sal_Int32 nSecurityId;
bool bSuccess = aSignatureManager.add(xCertificate, xSecurityContext, "", nSecurityId, true);
if (!bSuccess)
return false;
aSignatureManager.read(/*bUseTempStream=*/true, /*bCacheLastSignature=*/false);
aSignatureManager.write(true);
if (xStorage.is() && !xStream.is())
{
uno::Reference<embed::XTransactedObject> xTransaction(xStorage, uno::UNO_QUERY);
xTransaction->commit();
}
return true;
}
extern "C" SAL_DLLPUBLIC_EXPORT uno::XInterface*
com_sun_star_security_DocumentDigitalSignatures_get_implementation(
uno::XComponentContext* pCtx, uno::Sequence<uno::Any> const& /*rSeq*/)
{
return cppu::acquire(
new DocumentDigitalSignatures(uno::Reference<uno::XComponentContext>(pCtx)));
}
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
View Git Blame Copy Permalink