diff options
| author | Miklos Vajna <vmiklos@collabora.co.uk> | 2016-11-08 14:10:05 +0100 |
|---|---|---|
| committer | Miklos Vajna <vmiklos@collabora.co.uk> | 2016-11-08 14:50:56 +0000 |
| commit | a69873d212c903ea8a1f0d5ca40ae3f08b83a871 (patch) | |
| tree | f1554b070e0525da09eaf482908780901b1ee324 /xmlsecurity | |
| parent | 2573f6bba6b3033143b776650f03fd4813669e5b (diff) | |
xmlsecurity: move the sec context from the format helpers to the sign manager
The signature manager always creates an XML helper, and optionally creates a
PDF helper as well. Both of them initialize xmlsec, and when the signature
manager is deleted, there are two de-inits, leading to an assertion failure in
xmlsec.
Fix the problem by moving the duplicated xmlsec init to the signature manager.
This has the additional benefit that general security-related code no longer
has to talk to the XML helper, it can use the signature manager, which feels
more natural. (What viewing a certificate had to do with XML?)
Change-Id: If6a6bc433636445f3782849a367d4a7ac0be7688
Reviewed-on: https://gerrit.libreoffice.org/30695
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
Diffstat (limited to 'xmlsecurity')
| -rw-r--r-- | xmlsecurity/inc/documentsignaturemanager.hxx | 6 | ||||
| -rw-r--r-- | xmlsecurity/inc/pdfsignaturehelper.hxx | 4 | ||||
| -rw-r--r-- | xmlsecurity/inc/xmlsignaturehelper.hxx | 12 | ||||
| -rw-r--r-- | xmlsecurity/qa/unit/signing/signing.cxx | 26 | ||||
| -rw-r--r-- | xmlsecurity/source/component/documentdigitalsignatures.cxx | 60 | ||||
| -rw-r--r-- | xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx | 11 | ||||
| -rw-r--r-- | xmlsecurity/source/helper/documentsignaturemanager.cxx | 29 | ||||
| -rw-r--r-- | xmlsecurity/source/helper/pdfsignaturehelper.cxx | 11 | ||||
| -rw-r--r-- | xmlsecurity/source/helper/xmlsignaturehelper.cxx | 23 |
9 files changed, 87 insertions, 95 deletions
diff --git a/xmlsecurity/inc/documentsignaturemanager.hxx b/xmlsecurity/inc/documentsignaturemanager.hxx index fd981d7d98b5..70623038581c 100644 --- a/xmlsecurity/inc/documentsignaturemanager.hxx +++ b/xmlsecurity/inc/documentsignaturemanager.hxx @@ -47,6 +47,8 @@ public: css::uno::Reference<css::io::XStream> mxTempSignatureStream; /// Storage containing all OOXML signatures, unused for ODF. css::uno::Reference<css::embed::XStorage> mxTempSignatureStorage; + css::uno::Reference<css::xml::crypto::XSEInitializer> mxSEInitializer; + css::uno::Reference<css::xml::crypto::XXMLSecurityContext> mxSecurityContext; DocumentSignatureManager(const css::uno::Reference<css::uno::XComponentContext>& xContext, DocumentSignatureMode eMode); ~DocumentSignatureManager(); @@ -70,6 +72,10 @@ public: // Checks if the document is a kind where it is relevant to distinguish between using XAdES or not bool IsXAdESRelevant(); #endif + /// Attempts to initialize the platform-specific crypto. + bool init(); + /// Get the security environment. + css::uno::Reference<css::xml::crypto::XSecurityEnvironment> getSecurityEnvironment(); }; #endif // INCLUDED_XMLSECURITY_INC_DOCUMENTSIGNATUREMANAGER_HXX diff --git a/xmlsecurity/inc/pdfsignaturehelper.hxx b/xmlsecurity/inc/pdfsignaturehelper.hxx index cd9a3e2172a1..55d8567cf8e9 100644 --- a/xmlsecurity/inc/pdfsignaturehelper.hxx +++ b/xmlsecurity/inc/pdfsignaturehelper.hxx @@ -25,8 +25,6 @@ class XMLSECURITY_DLLPUBLIC PDFSignatureHelper { css::uno::Reference<css::uno::XComponentContext> m_xComponentContext; - css::uno::Reference<css::xml::crypto::XSEInitializer> m_xSEInitializer; - css::uno::Reference<css::xml::crypto::XXMLSecurityContext> m_xSecurityContext; SignatureInformations m_aSignatureInfos; css::uno::Reference<css::security::XCertificate> m_xCertificate; @@ -35,7 +33,7 @@ class XMLSECURITY_DLLPUBLIC PDFSignatureHelper public: PDFSignatureHelper(const css::uno::Reference<css::uno::XComponentContext>& xComponentContext); bool ReadAndVerifySignature(const css::uno::Reference<css::io::XInputStream>& xInputStream); - css::uno::Sequence<css::security::DocumentSignatureInformation> GetDocumentSignatureInformations() const; + css::uno::Sequence<css::security::DocumentSignatureInformation> GetDocumentSignatureInformations(const css::uno::Reference<css::xml::crypto::XSecurityEnvironment>& xSecEnv) const; SignatureInformations GetSignatureInformations() const; /// Return the ID of the next created signature. diff --git a/xmlsecurity/inc/xmlsignaturehelper.hxx b/xmlsecurity/inc/xmlsignaturehelper.hxx index 8e0c65809e7b..c2a163b437e4 100644 --- a/xmlsecurity/inc/xmlsignaturehelper.hxx +++ b/xmlsecurity/inc/xmlsignaturehelper.hxx @@ -100,9 +100,6 @@ private: css::uno::Reference< css::xml::crypto::sax::XSecurityController > mxSecurityController; css::uno::Reference< css::xml::crypto::XUriBinding > mxUriBinding; - css::uno::Reference< css::xml::crypto::XSEInitializer > mxSEInitializer; - css::uno::Reference< css::xml::crypto::XXMLSecurityContext > mxSecurityContext; - std::vector<XMLSignatureCreationResult> maCreationResults; std::vector<XMLSignatureVerifyResult> @@ -123,10 +120,6 @@ public: XMLSignatureHelper(const css::uno::Reference< css::uno::XComponentContext >& mrCtx ); ~XMLSignatureHelper(); - // Initialize the security context with default crypto token. - // Returns true for success. - bool Init(); - // Set the storage which should be used by the default UriBinding // Must be set before StatrtMission(). //sODFVersion indicates the ODF version @@ -137,15 +130,12 @@ public: // Default handler will verify all. void SetStartVerifySignatureHdl( const Link<LinkParamNone*,bool>& rLink ); - // Get the security environment - css::uno::Reference< css::xml::crypto::XSecurityEnvironment > GetSecurityEnvironment(); - // After signing/verifying, get information about signatures SignatureInformation GetSignatureInformation( sal_Int32 nSecurityId ) const; SignatureInformations GetSignatureInformations() const; // See XSecController for documentation - void StartMission(); + void StartMission(const css::uno::Reference<css::xml::crypto::XXMLSecurityContext>& xSecurityContext); void EndMission(); sal_Int32 GetNewSecurityId(); /** sets data that describes the certificate. diff --git a/xmlsecurity/qa/unit/signing/signing.cxx b/xmlsecurity/qa/unit/signing/signing.cxx index 847ef9aea8fe..bad292114ba2 100644 --- a/xmlsecurity/qa/unit/signing/signing.cxx +++ b/xmlsecurity/qa/unit/signing/signing.cxx @@ -106,7 +106,7 @@ public: private: void createDoc(const OUString& rURL); void createCalc(const OUString& rURL); - uno::Reference<security::XCertificate> getCertificate(XMLSignatureHelper& rSignatureHelper); + uno::Reference<security::XCertificate> getCertificate(DocumentSignatureManager& rSignatureManager); }; SigningTest::SigningTest() @@ -160,9 +160,9 @@ void SigningTest::createCalc(const OUString& rURL) mxComponent = loadFromDesktop(rURL, "com.sun.star.sheet.SpreadsheetDocument"); } -uno::Reference<security::XCertificate> SigningTest::getCertificate(XMLSignatureHelper& rSignatureHelper) +uno::Reference<security::XCertificate> SigningTest::getCertificate(DocumentSignatureManager& rSignatureManager) { - uno::Reference<xml::crypto::XSecurityEnvironment> xSecurityEnvironment = rSignatureHelper.GetSecurityEnvironment(); + uno::Reference<xml::crypto::XSecurityEnvironment> xSecurityEnvironment = rSignatureManager.getSecurityEnvironment(); OUString aCertificate; { SvFileStream aStream(m_directories.getURLFromSrc(DATA_DIRECTORY) + "certificate.crt", StreamMode::READ); @@ -191,14 +191,14 @@ void SigningTest::testDescription() xStorable->storeAsURL(aTempFile.GetURL(), aMediaDescriptor.getAsConstPropertyValueList()); DocumentSignatureManager aManager(mxComponentContext, DocumentSignatureMode::Content); - CPPUNIT_ASSERT(aManager.maSignatureHelper.Init()); + CPPUNIT_ASSERT(aManager.init()); uno::Reference <embed::XStorage> xStorage = comphelper::OStorageHelper::GetStorageOfFormatFromURL(ZIP_STORAGE_FORMAT_STRING, aTempFile.GetURL(), embed::ElementModes::READWRITE); CPPUNIT_ASSERT(xStorage.is()); aManager.mxStore = xStorage; aManager.maSignatureHelper.SetStorage(xStorage, "1.2"); // Then add a signature document. - uno::Reference<security::XCertificate> xCertificate = getCertificate(aManager.maSignatureHelper); + uno::Reference<security::XCertificate> xCertificate = getCertificate(aManager); CPPUNIT_ASSERT(xCertificate.is()); OUString aDescription("SigningTest::testDescription"); sal_Int32 nSecurityId; @@ -224,14 +224,14 @@ void SigningTest::testOOXMLDescription() xStorable->storeAsURL(aTempFile.GetURL(), aMediaDescriptor.getAsConstPropertyValueList()); DocumentSignatureManager aManager(mxComponentContext, DocumentSignatureMode::Content); - CPPUNIT_ASSERT(aManager.maSignatureHelper.Init()); + CPPUNIT_ASSERT(aManager.init()); uno::Reference <embed::XStorage> xStorage = comphelper::OStorageHelper::GetStorageOfFormatFromURL(ZIP_STORAGE_FORMAT_STRING, aTempFile.GetURL(), embed::ElementModes::READWRITE); CPPUNIT_ASSERT(xStorage.is()); aManager.mxStore = xStorage; aManager.maSignatureHelper.SetStorage(xStorage, "1.2"); // Then add a document signature. - uno::Reference<security::XCertificate> xCertificate = getCertificate(aManager.maSignatureHelper); + uno::Reference<security::XCertificate> xCertificate = getCertificate(aManager); CPPUNIT_ASSERT(xCertificate.is()); OUString aDescription("SigningTest::testDescription"); sal_Int32 nSecurityId; @@ -254,7 +254,7 @@ void SigningTest::testOOXMLAppend() osl::File::copy(m_directories.getURLFromSrc(DATA_DIRECTORY) + "partial.docx", aURL)); // Load the test document as a storage and read its single signature. DocumentSignatureManager aManager(mxComponentContext, DocumentSignatureMode::Content); - CPPUNIT_ASSERT(aManager.maSignatureHelper.Init()); + CPPUNIT_ASSERT(aManager.init()); uno::Reference <embed::XStorage> xStorage = comphelper::OStorageHelper::GetStorageOfFormatFromURL(ZIP_STORAGE_FORMAT_STRING, aURL, embed::ElementModes::READWRITE); CPPUNIT_ASSERT(xStorage.is()); aManager.mxStore = xStorage; @@ -264,7 +264,7 @@ void SigningTest::testOOXMLAppend() CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(1), rInformations.size()); // Then add a second document signature. - uno::Reference<security::XCertificate> xCertificate = getCertificate(aManager.maSignatureHelper); + uno::Reference<security::XCertificate> xCertificate = getCertificate(aManager); CPPUNIT_ASSERT(xCertificate.is()); sal_Int32 nSecurityId; aManager.add(xCertificate, OUString(), nSecurityId, false); @@ -279,7 +279,7 @@ void SigningTest::testOOXMLRemove() { // Load the test document as a storage and read its signatures: purpose1 and purpose2. DocumentSignatureManager aManager(mxComponentContext, DocumentSignatureMode::Content); - CPPUNIT_ASSERT(aManager.maSignatureHelper.Init()); + CPPUNIT_ASSERT(aManager.init()); OUString aURL = m_directories.getURLFromSrc(DATA_DIRECTORY) + "multi.docx"; uno::Reference <embed::XStorage> xStorage = comphelper::OStorageHelper::GetStorageOfFormatFromURL(ZIP_STORAGE_FORMAT_STRING, aURL, embed::ElementModes::READWRITE); CPPUNIT_ASSERT(xStorage.is()); @@ -290,7 +290,7 @@ void SigningTest::testOOXMLRemove() CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(2), rInformations.size()); // Then remove the last added signature. - uno::Reference<security::XCertificate> xCertificate = getCertificate(aManager.maSignatureHelper); + uno::Reference<security::XCertificate> xCertificate = getCertificate(aManager); CPPUNIT_ASSERT(xCertificate.is()); aManager.remove(0); @@ -310,7 +310,7 @@ void SigningTest::testOOXMLRemoveAll() osl::File::copy(m_directories.getURLFromSrc(DATA_DIRECTORY) + "partial.docx", aURL)); // Load the test document as a storage and read its single signature. DocumentSignatureManager aManager(mxComponentContext, DocumentSignatureMode::Content); - CPPUNIT_ASSERT(aManager.maSignatureHelper.Init()); + CPPUNIT_ASSERT(aManager.init()); uno::Reference <embed::XStorage> xStorage = comphelper::OStorageHelper::GetStorageOfFormatFromURL(ZIP_STORAGE_FORMAT_STRING, aURL, embed::ElementModes::READWRITE); CPPUNIT_ASSERT(xStorage.is()); aManager.mxStore = xStorage; @@ -320,7 +320,7 @@ void SigningTest::testOOXMLRemoveAll() CPPUNIT_ASSERT_EQUAL(static_cast<std::size_t>(1), rInformations.size()); // Then remove the only signature in the document. - uno::Reference<security::XCertificate> xCertificate = getCertificate(aManager.maSignatureHelper); + uno::Reference<security::XCertificate> xCertificate = getCertificate(aManager); CPPUNIT_ASSERT(xCertificate.is()); aManager.remove(0); aManager.read(/*bUseTempStream=*/true); diff --git a/xmlsecurity/source/component/documentdigitalsignatures.cxx b/xmlsecurity/source/component/documentdigitalsignatures.cxx index 4320a88dc59e..92eca28cad38 100644 --- a/xmlsecurity/source/component/documentdigitalsignatures.cxx +++ b/xmlsecurity/source/component/documentdigitalsignatures.cxx @@ -265,14 +265,23 @@ DocumentDigitalSignatures::ImplVerifySignatures( const Reference< css::embed::XStorage >& rxStorage, const Reference< css::io::XInputStream >& xSignStream, DocumentSignatureMode eMode ) throw (RuntimeException) { + DocumentSignatureManager aSignatureManager(mxCtx, eMode); + + bool bInit = aSignatureManager.init(); + + SAL_WARN_IF(!bInit, "xmlsecurity.comp", "Error initializing security context!"); + + if (!bInit) + return uno::Sequence<security::DocumentSignatureInformation>(0); + if (!rxStorage.is()) { if (xSignStream.is()) { // Something not ZIP-based, try PDF. - PDFSignatureHelper aSignatureHelper(mxCtx); - if (aSignatureHelper.ReadAndVerifySignature(xSignStream)) - return aSignatureHelper.GetDocumentSignatureInformations(); + PDFSignatureHelper& rSignatureHelper = aSignatureManager.getPDFSignatureHelper(); + if (rSignatureHelper.ReadAndVerifySignature(xSignStream)) + return rSignatureHelper.GetDocumentSignatureInformations(aSignatureManager.getSecurityEnvironment()); } SAL_WARN( "xmlsecurity.comp", "Error, no XStorage provided"); @@ -293,29 +302,21 @@ DocumentDigitalSignatures::ImplVerifySignatures( return Sequence< css::security::DocumentSignatureInformation >(0); - XMLSignatureHelper aSignatureHelper( mxCtx ); - - bool bInit = aSignatureHelper.Init(); - - SAL_WARN_IF( !bInit, "xmlsecurity.comp", "Error initializing security context!" ); - - if ( !bInit ) - return Sequence< css::security::DocumentSignatureInformation >(0); - - aSignatureHelper.SetStorage(rxStorage, m_sODFVersion); + XMLSignatureHelper& rSignatureHelper = aSignatureManager.maSignatureHelper; + rSignatureHelper.SetStorage(rxStorage, m_sODFVersion); - aSignatureHelper.StartMission(); + rSignatureHelper.StartMission(aSignatureManager.mxSecurityContext); if (xInputStream.is()) - aSignatureHelper.ReadAndVerifySignature(xInputStream); + rSignatureHelper.ReadAndVerifySignature(xInputStream); else if (aStreamHelper.nStorageFormat == embed::StorageFormats::OFOPXML) - aSignatureHelper.ReadAndVerifySignatureStorage(aStreamHelper.xSignatureStorage); + rSignatureHelper.ReadAndVerifySignatureStorage(aStreamHelper.xSignatureStorage); - aSignatureHelper.EndMission(); + rSignatureHelper.EndMission(); - Reference< css::xml::crypto::XSecurityEnvironment > xSecEnv = aSignatureHelper.GetSecurityEnvironment(); + uno::Reference<xml::crypto::XSecurityEnvironment> xSecEnv = aSignatureManager.getSecurityEnvironment(); - SignatureInformations aSignInfos = aSignatureHelper.GetSignatureInformations(); + SignatureInformations aSignInfos = rSignatureHelper.GetSignatureInformations(); int nInfos = aSignInfos.size(); Sequence< css::security::DocumentSignatureInformation > aInfos(nInfos); css::security::DocumentSignatureInformation* arInfos = aInfos.getArray(); @@ -405,9 +406,10 @@ void DocumentDigitalSignatures::manageTrustedSources( ) throw (RuntimeException Reference< css::xml::crypto::XSecurityEnvironment > xSecEnv; - XMLSignatureHelper aSignatureHelper( mxCtx ); - if ( aSignatureHelper.Init() ) - xSecEnv = aSignatureHelper.GetSecurityEnvironment(); + DocumentSignatureMode eMode{}; + DocumentSignatureManager aSignatureManager(mxCtx, eMode); + if (aSignatureManager.init()) + xSecEnv = aSignatureManager.getSecurityEnvironment(); ScopedVclPtrInstance< MacroSecurity > aDlg( nullptr, mxCtx, xSecEnv ); aDlg->Execute(); @@ -416,15 +418,16 @@ void DocumentDigitalSignatures::manageTrustedSources( ) throw (RuntimeException void DocumentDigitalSignatures::showCertificate( const Reference< css::security::XCertificate >& Certificate ) throw (RuntimeException, std::exception) { - XMLSignatureHelper aSignatureHelper( mxCtx ); + DocumentSignatureMode eMode{}; + DocumentSignatureManager aSignatureManager(mxCtx, eMode); - bool bInit = aSignatureHelper.Init(); + bool bInit = aSignatureManager.init(); SAL_WARN_IF( !bInit, "xmlsecurity.comp", "Error initializing security context!" ); if ( bInit ) { - ScopedVclPtrInstance< CertificateViewer > aViewer( nullptr, aSignatureHelper.GetSecurityEnvironment(), Certificate, false ); + ScopedVclPtrInstance<CertificateViewer> aViewer(nullptr, aSignatureManager.getSecurityEnvironment(), Certificate, false); aViewer->Execute(); } @@ -460,9 +463,10 @@ Reference< css::security::XCertificate > DocumentDigitalSignatures::chooseCertif { Reference< css::xml::crypto::XSecurityEnvironment > xSecEnv; - XMLSignatureHelper aSignatureHelper( mxCtx ); - if ( aSignatureHelper.Init() ) - xSecEnv = aSignatureHelper.GetSecurityEnvironment(); + DocumentSignatureMode eMode{}; + DocumentSignatureManager aSignatureManager(mxCtx, eMode); + if (aSignatureManager.init()) + xSecEnv = aSignatureManager.getSecurityEnvironment(); ScopedVclPtrInstance< CertificateChooser > aChooser(nullptr, mxCtx, xSecEnv); diff --git a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx index 5d8ab1d38849..19ea5d04d2b3 100644 --- a/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx +++ b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx @@ -212,7 +212,7 @@ void DigitalSignaturesDialog::dispose() bool DigitalSignaturesDialog::Init() { - bool bInit = maSignatureManager.maSignatureHelper.Init(); + bool bInit = maSignatureManager.init(); SAL_WARN_IF( !bInit, "xmlsecurity.dialogs", "Error initializing security context!" ); @@ -384,7 +384,7 @@ IMPL_LINK_NOARG(DigitalSignaturesDialog, AddButtonHdl, Button*, void) return; try { - uno::Reference<css::xml::crypto::XSecurityEnvironment> xSecEnv = maSignatureManager.maSignatureHelper.GetSecurityEnvironment(); + uno::Reference<xml::crypto::XSecurityEnvironment> xSecEnv = maSignatureManager.getSecurityEnvironment(); ScopedVclPtrInstance< CertificateChooser > aChooser( this, mxCtx, xSecEnv ); if ( aChooser->Execute() == RET_OK ) @@ -457,7 +457,7 @@ void DigitalSignaturesDialog::ImplFillSignaturesBox() { m_pSignaturesLB->Clear(); - uno::Reference< css::xml::crypto::XSecurityEnvironment > xSecEnv = maSignatureManager.maSignatureHelper.GetSecurityEnvironment(); + uno::Reference<xml::crypto::XSecurityEnvironment> xSecEnv = maSignatureManager.getSecurityEnvironment(); uno::Reference<css::security::XSerialNumberAdapter> xSerialNumberAdapter = css::security::SerialNumberAdapter::create(mxCtx); @@ -618,8 +618,7 @@ void DigitalSignaturesDialog::ImplShowSignaturesDetails() { sal_uInt16 nSelected = (sal_uInt16) reinterpret_cast<sal_uIntPtr>( m_pSignaturesLB->FirstSelected()->GetUserData() ); const SignatureInformation& rInfo = maSignatureManager.maCurrentSignatureInformations[ nSelected ]; - css::uno::Reference<css::xml::crypto::XSecurityEnvironment > xSecEnv = - maSignatureManager.maSignatureHelper.GetSecurityEnvironment(); + uno::Reference<xml::crypto::XSecurityEnvironment> xSecEnv = maSignatureManager.getSecurityEnvironment(); css::uno::Reference<com::sun::star::security::XSerialNumberAdapter> xSerialNumberAdapter = css::security::SerialNumberAdapter::create(mxCtx); // Use Certificate from doc, not from key store @@ -633,7 +632,7 @@ void DigitalSignaturesDialog::ImplShowSignaturesDetails() SAL_WARN_IF( !xCert.is(), "xmlsecurity.dialogs", "Error getting Certificate!" ); if ( xCert.is() ) { - ScopedVclPtrInstance< CertificateViewer > aViewer( this, maSignatureManager.maSignatureHelper.GetSecurityEnvironment(), xCert, false ); + ScopedVclPtrInstance<CertificateViewer> aViewer(this, maSignatureManager.getSecurityEnvironment(), xCert, false); aViewer->Execute(); } } diff --git a/xmlsecurity/source/helper/documentsignaturemanager.cxx b/xmlsecurity/source/helper/documentsignaturemanager.cxx index b88714f9c54b..2afdcc94660b 100644 --- a/xmlsecurity/source/helper/documentsignaturemanager.cxx +++ b/xmlsecurity/source/helper/documentsignaturemanager.cxx @@ -25,6 +25,7 @@ #include <com/sun/star/io/XTruncate.hpp> #include <com/sun/star/security/SerialNumberAdapter.hpp> #include <com/sun/star/embed/XTransactedObject.hpp> +#include <com/sun/star/xml/crypto/SEInitializer.hpp> #include <comphelper/storagehelper.hxx> #include <rtl/ustrbuf.hxx> @@ -47,11 +48,24 @@ DocumentSignatureManager::~DocumentSignatureManager() { } +bool DocumentSignatureManager::init() +{ + SAL_WARN_IF(mxSEInitializer.is(), "xmlsecurity.helper", "DocumentSignatureManager::Init - mxSEInitializer already set!"); + SAL_WARN_IF(mxSecurityContext.is(), "xmlsecurity.helper", "DocumentSignatureManager::Init - mxSecurityContext already set!"); + + mxSEInitializer = css::xml::crypto::SEInitializer::create(mxContext); + + if (mxSEInitializer.is()) + mxSecurityContext = mxSEInitializer->createSecurityContext(OUString()); + + return mxSecurityContext.is(); +} + PDFSignatureHelper& DocumentSignatureManager::getPDFSignatureHelper() { - // It is important to create this only when dealing with PDF, in case both - // this and XMLSignatureHelper is created, xmlsec gets confused, and - // doesn't get correct result. + if (!mxSecurityContext.is()) + init(); + if (!mpPDFSignatureHelper) mpPDFSignatureHelper.reset(new PDFSignatureHelper(mxContext)); @@ -246,7 +260,7 @@ bool DocumentSignatureManager::add(const uno::Reference<security::XCertificate>& return true; } - maSignatureHelper.StartMission(); + maSignatureHelper.StartMission(mxSecurityContext); nSecurityId = maSignatureHelper.GetNewSecurityId(); @@ -398,7 +412,7 @@ void DocumentSignatureManager::read(bool bUseTempStream, bool bCacheLastSignatur if (mxStore.is()) { // ZIP-based: ODF or OOXML. - maSignatureHelper.StartMission(); + maSignatureHelper.StartMission(mxSecurityContext); SignatureStreamHelper aStreamHelper = ImplOpenSignatureStream(embed::ElementModes::READ, bUseTempStream); if (aStreamHelper.nStorageFormat != embed::StorageFormats::OFOPXML && aStreamHelper.xSignatureStream.is()) @@ -474,4 +488,9 @@ void DocumentSignatureManager::write() } } +uno::Reference<xml::crypto::XSecurityEnvironment> DocumentSignatureManager::getSecurityEnvironment() +{ + return mxSecurityContext.is() ? mxSecurityContext->getSecurityEnvironment() : uno::Reference<xml::crypto::XSecurityEnvironment>(); +} + /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/source/helper/pdfsignaturehelper.cxx b/xmlsecurity/source/helper/pdfsignaturehelper.cxx index 859a47975972..ff79af8ca730 100644 --- a/xmlsecurity/source/helper/pdfsignaturehelper.cxx +++ b/xmlsecurity/source/helper/pdfsignaturehelper.cxx @@ -26,10 +26,6 @@ using namespace ::com::sun::star; PDFSignatureHelper::PDFSignatureHelper(const uno::Reference<uno::XComponentContext>& xComponentContext) : m_xComponentContext(xComponentContext) { - m_xSEInitializer = xml::crypto::SEInitializer::create(m_xComponentContext); - if (m_xSEInitializer.is()) - // This initializes nss / mscrypto. - m_xSecurityContext = m_xSEInitializer->createSecurityContext(OUString()); } bool PDFSignatureHelper::ReadAndVerifySignature(const uno::Reference<io::XInputStream>& xInputStream) @@ -76,24 +72,23 @@ SignatureInformations PDFSignatureHelper::GetSignatureInformations() const return m_aSignatureInfos; } -uno::Sequence<security::DocumentSignatureInformation> PDFSignatureHelper::GetDocumentSignatureInformations() const +uno::Sequence<security::DocumentSignatureInformation> PDFSignatureHelper::GetDocumentSignatureInformations(const uno::Reference<xml::crypto::XSecurityEnvironment>& xSecEnv) const { uno::Sequence<security::DocumentSignatureInformation> aRet(m_aSignatureInfos.size()); - uno::Reference<xml::crypto::XSecurityEnvironment> xSecurityEnvironment = m_xSecurityContext->getSecurityEnvironment(); for (size_t i = 0; i < m_aSignatureInfos.size(); ++i) { const SignatureInformation& rInternal = m_aSignatureInfos[i]; security::DocumentSignatureInformation& rExternal = aRet[i]; rExternal.SignatureIsValid = rInternal.nStatus == xml::crypto::SecurityOperationStatus_OPERATION_SUCCEEDED; - rExternal.Signer = xSecurityEnvironment->createCertificateFromAscii(rInternal.ouX509Certificate); + rExternal.Signer = xSecEnv->createCertificateFromAscii(rInternal.ouX509Certificate); // Verify certificate. if (rExternal.Signer.is()) { try { - rExternal.CertificateStatus = xSecurityEnvironment->verifyCertificate(rExternal.Signer, {}); + rExternal.CertificateStatus = xSecEnv->verifyCertificate(rExternal.Signer, {}); } catch (const uno::SecurityException& rException) { diff --git a/xmlsecurity/source/helper/xmlsignaturehelper.cxx b/xmlsecurity/source/helper/xmlsignaturehelper.cxx index c3106332dac7..d41d0fb612bb 100644 --- a/xmlsecurity/source/helper/xmlsignaturehelper.cxx +++ b/xmlsecurity/source/helper/xmlsignaturehelper.cxx @@ -39,7 +39,6 @@ #include <com/sun/star/beans/StringPair.hpp> #include <com/sun/star/xml/sax/Parser.hpp> #include <com/sun/star/xml/sax/Writer.hpp> -#include <com/sun/star/xml/crypto/SEInitializer.hpp> #include <com/sun/star/embed/ElementModes.hpp> #include <com/sun/star/embed/XStorage.hpp> #include <com/sun/star/embed/StorageFormats.hpp> @@ -71,19 +70,6 @@ XMLSignatureHelper::~XMLSignatureHelper() { } -bool XMLSignatureHelper::Init() -{ - SAL_WARN_IF( mxSEInitializer.is(), "xmlsecurity.helper", "XMLSignatureHelper::Init - mxSEInitializer already set!" ); - SAL_WARN_IF( mxSecurityContext.is(), "xmlsecurity.helper", "XMLSignatureHelper::Init - mxSecurityContext already set!" ); - - mxSEInitializer = css::xml::crypto::SEInitializer::create( mxCtx ); - - if ( mxSEInitializer.is() ) - mxSecurityContext = mxSEInitializer->createSecurityContext( OUString() ); - - return mxSecurityContext.is(); -} - void XMLSignatureHelper::SetStorage( const Reference < css::embed::XStorage >& rxStorage, const OUString& sODFVersion) @@ -101,12 +87,12 @@ void XMLSignatureHelper::SetStartVerifySignatureHdl( const Link<LinkParamNone*,b } -void XMLSignatureHelper::StartMission() +void XMLSignatureHelper::StartMission(const uno::Reference<xml::crypto::XXMLSecurityContext>& xSecurityContext) { if ( !mxUriBinding.is() ) mxUriBinding = new UriBindingHelper(); - mpXSecController->startMission( mxUriBinding, mxSecurityContext ); + mpXSecController->startMission(mxUriBinding, xSecurityContext); } void XMLSignatureHelper::EndMission() @@ -314,11 +300,6 @@ SignatureInformations XMLSignatureHelper::GetSignatureInformations() const return mpXSecController->getSignatureInformations(); } -uno::Reference< css::xml::crypto::XSecurityEnvironment > XMLSignatureHelper::GetSecurityEnvironment() -{ - return (mxSecurityContext.is()?(mxSecurityContext->getSecurityEnvironment()): uno::Reference< css::xml::crypto::XSecurityEnvironment >()); -} - IMPL_LINK( XMLSignatureHelper, SignatureCreationResultListener, XMLSignatureCreationResult&, rResult, void ) { maCreationResults.insert( maCreationResults.begin() + maCreationResults.size(), rResult ); |