xmlsecurity/html/xmlsignature__mscryptimpl_8cxx_source.html

/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */

/*

 * This file is part of the LibreOffice project.

 *

 * This Source Code Form is subject to the terms of the Mozilla Public

 * License, v. 2.0. If a copy of the MPL was not distributed with this

 * file, You can obtain one at http://mozilla.org/MPL/2.0/.

 *

 * This file incorporates work covered by the following license notice:

 *

 *   Licensed to the Apache Software Foundation (ASF) under one or more

 *   contributor license agreements. See the NOTICE file distributed

 *   with this work for additional information regarding copyright

 *   ownership. The ASF licenses this file to you under the Apache

 *   License, Version 2.0 (the "License"); you may not use this file

 *   except in compliance with the License. You may obtain a copy of

 *   the License at http://www.apache.org/licenses/LICENSE-2.0 .

 */


#include <sal/config.h>

#include <sal/log.hxx>

#include <rtl/uuid.h>

#include <xmlsec-wrapper.h>


#include <xmlsec/mscng/x509.h>


#include <com/sun/star/xml/crypto/SecurityOperationStatus.hpp>

#include <com/sun/star/xml/crypto/XXMLSignature.hpp>


#include "securityenvironment_mscryptimpl.hxx"


#include <xmlsec/xmldocumentwrapper_xmlsecimpl.hxx>

#include <xmlelementwrapper_xmlsecimpl.hxx>

#include <xmlsec/xmlstreamio.hxx>

#include <xmlsec/errorcallback.hxx>

#include <cppuhelper/supportsservice.hxx>


using namespace ::com::sun::star;

using namespace ::com::sun::star::uno ;

using namespace ::com::sun::star::lang ;


using ::com::sun::star::xml::wrapper::XXMLElementWrapper ;

using ::com::sun::star::xml::crypto::XSecurityEnvironment ;

using ::com::sun::star::xml::crypto::XXMLSignature ;

using ::com::sun::star::xml::crypto::XXMLSignatureTemplate ;

using ::com::sun::star::xml::crypto::XXMLSecurityContext ;

using ::com::sun::star::xml::crypto::XUriBinding ;


namespace {


class XMLSignature_MSCryptImpl : public ::cppu::WeakImplHelper<

    css::xml::crypto::XXMLSignature ,

    css::lang::XServiceInfo >

{

    public:

        explicit XMLSignature_MSCryptImpl();


        //Methods from XXMLSignature

        virtual css::uno::Reference< css::xml::crypto::XXMLSignatureTemplate > SAL_CALL generate(

            const css::uno::Reference< css::xml::crypto::XXMLSignatureTemplate >& aTemplate ,

            const css::uno::Reference< css::xml::crypto::XSecurityEnvironment >& aEnvironment

        ) override;


        virtual css::uno::Reference< css::xml::crypto::XXMLSignatureTemplate > SAL_CALL validate(

            const css::uno::Reference< css::xml::crypto::XXMLSignatureTemplate >& aTemplate ,

            const css::uno::Reference< css::xml::crypto::XXMLSecurityContext >& aContext

        ) override;


        //Methods from XServiceInfo

        virtual OUString SAL_CALL getImplementationName() override;


        virtual sal_Bool SAL_CALL supportsService(

            const OUString& ServiceName

        ) override;


        virtual css::uno::Sequence< OUString > SAL_CALL getSupportedServiceNames() override;

} ;


}


XMLSignature_MSCryptImpl::XMLSignature_MSCryptImpl() {

}


/* XXMLSignature */

Reference< XXMLSignatureTemplate >

SAL_CALL XMLSignature_MSCryptImpl::generate(

    const Reference< XXMLSignatureTemplate >& aTemplate ,

    const Reference< XSecurityEnvironment >& aEnvironment

)

{

    xmlSecKeysMngrPtr pMngr = nullptr ;

    xmlSecDSigCtxPtr pDsigCtx = nullptr ;

    xmlNodePtr pNode = nullptr ;


    if( !aTemplate.is() )

        throw RuntimeException() ;


    if( !aEnvironment.is() )

        throw RuntimeException() ;


    //Get Keys Manager

    SecurityEnvironment_MSCryptImpl* pSecEnv = dynamic_cast<SecurityEnvironment_MSCryptImpl*>(aEnvironment.get());

    if( pSecEnv == nullptr )

        throw RuntimeException() ;


    //Get the xml node

    Reference< XXMLElementWrapper > xElement = aTemplate->getTemplate() ;

    if( !xElement.is() ) {

        throw RuntimeException() ;

    }


    XMLElementWrapper_XmlSecImpl* pElement = dynamic_cast<XMLElementWrapper_XmlSecImpl*>(xElement.get());

    if( pElement == nullptr ) {

        throw RuntimeException() ;

    }


    pNode = pElement->getNativeElement() ;


    //Get the stream/URI binding

    Reference< XUriBinding > xUriBinding = aTemplate->getBinding() ;

    if( xUriBinding.is() ) {

        //Register the stream input callbacks into libxml2

        if( xmlRegisterStreamInputCallbacks( xUriBinding ) < 0 )

            throw RuntimeException() ;

    }


    setErrorRecorder( );


    pMngr = pSecEnv->createKeysManager();

    if( !pMngr ) {

        throw RuntimeException() ;

    }


    //Create Signature context

    pDsigCtx = xmlSecDSigCtxCreate( pMngr ) ;

    if( pDsigCtx == nullptr )

    {

        //throw XMLSignatureException() ;

        SecurityEnvironment_MSCryptImpl::destroyKeysManager( pMngr );

        clearErrorRecorder();

        return aTemplate;

    }


    //Sign the template

    if( xmlSecDSigCtxSign( pDsigCtx , pNode ) == 0 )

    {

        if (pDsigCtx->status == xmlSecDSigStatusSucceeded)

            aTemplate->setStatus(css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED);

        else

            aTemplate->setStatus(css::xml::crypto::SecurityOperationStatus_UNKNOWN);

    }

    else

    {

        aTemplate->setStatus(css::xml::crypto::SecurityOperationStatus_UNKNOWN);

    }


    xmlSecDSigCtxDestroy( pDsigCtx ) ;

    SecurityEnvironment_MSCryptImpl::destroyKeysManager( pMngr );


    //Unregistered the stream/URI binding

    if( xUriBinding.is() )

        xmlUnregisterStreamInputCallbacks() ;


    clearErrorRecorder();

    return aTemplate ;

}


/* XXMLSignature */

Reference< XXMLSignatureTemplate >

SAL_CALL XMLSignature_MSCryptImpl::validate(

    const Reference< XXMLSignatureTemplate >& aTemplate ,

    const Reference< XXMLSecurityContext >& aSecurityCtx

) {

    xmlSecKeysMngrPtr pMngr = nullptr ;

    xmlSecDSigCtxPtr pDsigCtx = nullptr ;

    xmlNodePtr pNode = nullptr ;


    if( !aTemplate.is() )

        throw RuntimeException() ;


    if( !aSecurityCtx.is() )

        throw RuntimeException() ;


    //Get Keys Manager

    Reference< XSecurityEnvironment > xSecEnv

        = aSecurityCtx->getSecurityEnvironmentByIndex(

            aSecurityCtx->getDefaultSecurityEnvironmentIndex());

    SecurityEnvironment_MSCryptImpl* pSecEnv = dynamic_cast<SecurityEnvironment_MSCryptImpl*>(xSecEnv.get());

    if( pSecEnv == nullptr )

        throw RuntimeException() ;


    //Get the xml node

    Reference< XXMLElementWrapper > xElement = aTemplate->getTemplate() ;

    if( !xElement.is() )

        throw RuntimeException() ;


    XMLElementWrapper_XmlSecImpl* pElement = dynamic_cast<XMLElementWrapper_XmlSecImpl*>(xElement.get());

    if( pElement == nullptr )

        throw RuntimeException() ;


    pNode = pElement->getNativeElement() ;


    //Get the stream/URI binding

    Reference< XUriBinding > xUriBinding = aTemplate->getBinding() ;

    if( xUriBinding.is() ) {

        //Register the stream input callbacks into libxml2

        if( xmlRegisterStreamInputCallbacks( xUriBinding ) < 0 )

            throw RuntimeException() ;

    }


    setErrorRecorder( );


    pMngr = pSecEnv->createKeysManager();

    if( !pMngr ) {

        throw RuntimeException() ;

    }


    //Create Signature context

    pDsigCtx = xmlSecDSigCtxCreate( pMngr ) ;

    if( pDsigCtx == nullptr )

    {

        SecurityEnvironment_MSCryptImpl::destroyKeysManager( pMngr );

        clearErrorRecorder();

        return aTemplate;

    }


    // We do certificate verification ourselves.

    pDsigCtx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;


    // limit possible key data to valid X509 certificates only, no KeyValues

    if (xmlSecPtrListAdd(&(pDsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecMSCngKeyDataX509GetKlass()) < 0)

        throw RuntimeException("failed to limit allowed key data");


    //Verify signature

    //The documentation says that the signature is only valid if the return value is 0 (that is, not < 0)

    //AND pDsigCtx->status == xmlSecDSigStatusSucceeded. That is, we must not make any assumptions, if

    //the return value is < 0. Then we must regard the signature as INVALID. We cannot use the

    //error recorder feature to get the ONE error that made the verification fail, because there is no

    //documentation/specification as to how to interpret the number of recorded errors and what is the initial

    //error.

    int rs = xmlSecDSigCtxVerify(pDsigCtx , pNode);


    // Also verify manifest: this is empty for ODF, but contains everything (except signature metadata) for OOXML.

    xmlSecSize nReferenceCount = xmlSecPtrListGetSize(&pDsigCtx->manifestReferences);

    // Require that all manifest references are also good.

    xmlSecSize nReferenceGood = 0;

    for (xmlSecSize nReference = 0; nReference < nReferenceCount; ++nReference)

    {

        xmlSecDSigReferenceCtxPtr pReference = static_cast<xmlSecDSigReferenceCtxPtr>(xmlSecPtrListGetItem(&pDsigCtx->manifestReferences, nReference));

        if (pReference)

        {

             if (pReference->status == xmlSecDSigStatusSucceeded)

                 ++nReferenceGood;

        }

    }

    SAL_INFO("xmlsecurity.xmlsec", "xmlSecDSigCtxVerify status " << pDsigCtx->status << ", references good " << nReferenceGood << " of " << nReferenceCount);


    if (rs == 0 && nReferenceCount == nReferenceGood)

    {

        if (pDsigCtx->status == xmlSecDSigStatusSucceeded)

            aTemplate->setStatus(css::xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED);

        else

            aTemplate->setStatus(css::xml::crypto::SecurityOperationStatus_UNKNOWN);

    }

    else

    {

        aTemplate->setStatus(css::xml::crypto::SecurityOperationStatus_UNKNOWN);

    }


    xmlSecDSigCtxDestroy( pDsigCtx ) ;

    SecurityEnvironment_MSCryptImpl::destroyKeysManager( pMngr );


    //Unregistered the stream/URI binding

    if( xUriBinding.is() )

        xmlUnregisterStreamInputCallbacks() ;


    clearErrorRecorder();

    return aTemplate;

}


/* XServiceInfo */

OUString SAL_CALL XMLSignature_MSCryptImpl::getImplementationName() {

    return "com.sun.star.xml.crypto.XMLSignature";

}


/* XServiceInfo */

sal_Bool SAL_CALL XMLSignature_MSCryptImpl::supportsService( const OUString& serviceName) {

return cppu::supportsService(this, serviceName);

}


/* XServiceInfo */

Sequence< OUString > SAL_CALL XMLSignature_MSCryptImpl::getSupportedServiceNames() {

    return { "com.sun.star.xml.crypto.XMLSignature" };

}


extern "C" SAL_DLLPUBLIC_EXPORT uno::XInterface*

com_sun_star_xml_crypto_XMLSignature_get_implementation(uno::XComponentContext* /*pCtx*/,

                                                        uno::Sequence<uno::Any> const& /*rSeq*/)

{

    return cppu::acquire(new XMLSignature_MSCryptImpl);

}


/* vim:set shiftwidth=4 softtabstop=4 expandtab: */

RuntimeException

SecurityEnvironment_MSCryptImpl
Definition: securityenvironment_mscryptimpl.hxx:52

SecurityEnvironment_MSCryptImpl::destroyKeysManager
static void destroyKeysManager(xmlSecKeysMngrPtr pKeysMngr)
Definition: securityenvironment_mscryptimpl.cxx:1097

SecurityEnvironment_MSCryptImpl::createKeysManager
xmlSecKeysMngrPtr createKeysManager()
Definition: securityenvironment_mscryptimpl.cxx:1037

XMLElementWrapper_XmlSecImpl
Definition: xmlelementwrapper_xmlsecimpl.hxx:43

XMLElementWrapper_XmlSecImpl::getNativeElement
xmlNodePtr getNativeElement() const
Definition: xmlelementwrapper_xmlsecimpl.hxx:69

config.h

setErrorRecorder
void setErrorRecorder()
Definition: errorcallback.cxx:58

clearErrorRecorder
void clearErrorRecorder()
Definition: errorcallback.cxx:63

errorcallback.hxx

log.hxx

SAL_INFO
#define SAL_INFO(area, stream)

com::sun::star::lang

com::sun::star::uno

com::sun::star

getSupportedServiceNames
css::uno::Sequence< OUString > getSupportedServiceNames()

getImplementationName
OUString getImplementationName()

supportsService
bool CPPUHELPER_DLLPUBLIC supportsService(css::lang::XServiceInfo *implementation, rtl::OUString const &name)

securityenvironment_mscryptimpl.hxx

supportsservice.hxx

sal_Bool
unsigned char sal_Bool

xmldocumentwrapper_xmlsecimpl.hxx

xmlelementwrapper_xmlsecimpl.hxx

xmlsec-wrapper.h

com_sun_star_xml_crypto_XMLSignature_get_implementation
SAL_DLLPUBLIC_EXPORT uno::XInterface * com_sun_star_xml_crypto_XMLSignature_get_implementation(uno::XComponentContext *, uno::Sequence< uno::Any > const &)
Definition: xmlsignature_mscryptimpl.cxx:299

xmlRegisterStreamInputCallbacks
int xmlRegisterStreamInputCallbacks(css::uno::Reference< css::xml::crypto::XUriBinding > const &aUriBinding)
Definition: xmlstreamio.cxx:215

xmlUnregisterStreamInputCallbacks
int xmlUnregisterStreamInputCallbacks()
Definition: xmlstreamio.cxx:232

xmlstreamio.hxx