diff options
| author | Miklos Vajna <vmiklos@collabora.co.uk> | 2016-03-11 17:09:02 +0100 |
|---|---|---|
| committer | Miklos Vajna <vmiklos@collabora.co.uk> | 2016-03-11 17:37:11 +0100 |
| commit | 27fc89cce931039f8f585c10b8ee41023c777b5e (patch) | |
| tree | b0a0d069a7f3b8f8de579c73d40cbaac959f8197 /xmlsecurity | |
| parent | 6c11778ee6919b0f16acb17a896f65d4021f3089 (diff) | |
xmlsecurity: extract OOXML export code into its own class
It was odd that import code had its own OOXMLSecParser, but export code
was buried in the controller.
Change-Id: Ie1964bf9c54a8b779981e8d72bf4810090cf960c
Diffstat (limited to 'xmlsecurity')
| -rw-r--r-- | xmlsecurity/Library_xmlsecurity.mk | 1 | ||||
| -rw-r--r-- | xmlsecurity/source/helper/ooxmlsecexporter.cxx | 504 | ||||
| -rw-r--r-- | xmlsecurity/source/helper/ooxmlsecexporter.hxx | 37 | ||||
| -rw-r--r-- | xmlsecurity/source/helper/xsecctl.cxx | 365 |
4 files changed, 545 insertions, 362 deletions
diff --git a/xmlsecurity/Library_xmlsecurity.mk b/xmlsecurity/Library_xmlsecurity.mk index c594ec9392a1..1997010344e9 100644 --- a/xmlsecurity/Library_xmlsecurity.mk +++ b/xmlsecurity/Library_xmlsecurity.mk @@ -56,6 +56,7 @@ $(eval $(call gb_Library_add_exception_objects,xmlsecurity,\ xmlsecurity/source/helper/documentsignaturehelper \ xmlsecurity/source/helper/documentsignaturemanager \ xmlsecurity/source/helper/ooxmlsecparser \ + xmlsecurity/source/helper/ooxmlsecexporter \ xmlsecurity/source/helper/xmlsignaturehelper2 \ xmlsecurity/source/helper/xmlsignaturehelper \ xmlsecurity/source/helper/xsecctl \ diff --git a/xmlsecurity/source/helper/ooxmlsecexporter.cxx b/xmlsecurity/source/helper/ooxmlsecexporter.cxx new file mode 100644 index 000000000000..d88d542ce4fa --- /dev/null +++ b/xmlsecurity/source/helper/ooxmlsecexporter.cxx @@ -0,0 +1,504 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#include "ooxmlsecexporter.hxx" + +#include <algorithm> + +#include <com/sun/star/embed/ElementModes.hpp> +#include <com/sun/star/embed/XHierarchicalStorageAccess.hpp> +#include <com/sun/star/beans/StringPair.hpp> + +#include <comphelper/ofopxmlhelper.hxx> +#include <config_global.h> +#include <o3tl/make_unique.hxx> +#include <rtl/ref.hxx> +#include <unotools/datetime.hxx> +#include <xmloff/attrlist.hxx> + +#include <xsecctl.hxx> + +using namespace com::sun::star; + +struct OOXMLSecExporter::Impl +{ + const uno::Reference<uno::XComponentContext>& m_xComponentContext; + const uno::Reference<embed::XStorage>& m_xRootStorage; + const uno::Reference<xml::sax::XDocumentHandler>& m_xDocumentHandler; + const SignatureInformation& m_rInformation; + OUString m_aSignatureTimeValue; + + Impl(const uno::Reference<uno::XComponentContext>& xComponentContext, + const uno::Reference<embed::XStorage>& xRootStorage, + const uno::Reference<xml::sax::XDocumentHandler>& xDocumentHandler, + const SignatureInformation& rInformation) + : m_xComponentContext(xComponentContext) + , m_xRootStorage(xRootStorage) + , m_xDocumentHandler(xDocumentHandler) + , m_rInformation(rInformation) + { + } + + /// Should we intentionally not sign this stream? + static bool isOOXMLBlacklist(const OUString& rStreamName); + /// Should we intentionally not sign this relation type? + static bool isOOXMLRelationBlacklist(const OUString& rRelationName); + + void writeSignedInfo(); + void writeCanonicalizationMethod(); + void writeCanonicalizationTransform(); + void writeDigestMethod(); + void writeSignatureMethod(); + void writeSignedInfoReferences(); + void writeSignatureValue(); + void writeKeyInfo(); + void writePackageObject(); + void writeManifest(); + void writeRelationshipTransform(const OUString& rURI); + /// Writes <SignatureProperties> inside idPackageObject. + void writePackageObjectSignatureProperties(); + /// Writes a single <Reference> inside <Manifest>. + void writeManifestReference(const SignatureReferenceInformation& rReference); + void writeOfficeObject(); + /// Writes <SignatureInfoV1>. + void writeSignatureInfo(); + void writePackageSignature(); + void writeSignedProperties(); +}; + +bool OOXMLSecExporter::Impl::isOOXMLBlacklist(const OUString& rStreamName) +{ +#if !HAVE_BROKEN_STATIC_INITILIZER_LIST + static +#endif + const std::initializer_list<OUStringLiteral> vBlacklist = + { + OUStringLiteral("/%5BContent_Types%5D.xml"), + OUStringLiteral("/docProps/app.xml"), + OUStringLiteral("/docProps/core.xml"), + // Don't attempt to sign other signatures for now. + OUStringLiteral("/_xmlsignatures") + }; + // Just check the prefix, as we don't care about the content type part of the stream name. + return std::find_if(vBlacklist.begin(), vBlacklist.end(), [&](const OUStringLiteral& rLiteral) + { + return rStreamName.startsWith(rLiteral); + }) != vBlacklist.end(); +} + +bool OOXMLSecExporter::Impl::isOOXMLRelationBlacklist(const OUString& rRelationName) +{ +#if !HAVE_BROKEN_STATIC_INITILIZER_LIST + static +#endif + const std::initializer_list<OUStringLiteral> vBlacklist = + { + OUStringLiteral("http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties"), + OUStringLiteral("http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties"), + OUStringLiteral("http://schemas.openxmlformats.org/package/2006/relationships/digital-signature/origin") + }; + return std::find(vBlacklist.begin(), vBlacklist.end(), rRelationName) != vBlacklist.end(); +} + +void OOXMLSecExporter::Impl::writeSignedInfo() +{ + m_xDocumentHandler->startElement(TAG_SIGNEDINFO, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + + writeCanonicalizationMethod(); + writeSignatureMethod(); + writeSignedInfoReferences(); + + m_xDocumentHandler->endElement(TAG_SIGNEDINFO); +} + +void OOXMLSecExporter::Impl::writeCanonicalizationMethod() +{ + rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); + pAttributeList->AddAttribute(ATTR_ALGORITHM, ALGO_C14N); + m_xDocumentHandler->startElement(TAG_CANONICALIZATIONMETHOD, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); + m_xDocumentHandler->endElement(TAG_CANONICALIZATIONMETHOD); + +} + +void OOXMLSecExporter::Impl::writeCanonicalizationTransform() +{ + rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); + pAttributeList->AddAttribute(ATTR_ALGORITHM, ALGO_C14N); + m_xDocumentHandler->startElement(TAG_TRANSFORM, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); + m_xDocumentHandler->endElement(TAG_TRANSFORM); + +} + +void OOXMLSecExporter::Impl::writeDigestMethod() +{ + rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); + pAttributeList->AddAttribute(ATTR_ALGORITHM, ALGO_XMLDSIGSHA256); + m_xDocumentHandler->startElement(TAG_DIGESTMETHOD, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); + m_xDocumentHandler->endElement(TAG_DIGESTMETHOD); +} + +void OOXMLSecExporter::Impl::writeSignatureMethod() +{ + rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); + pAttributeList->AddAttribute(ATTR_ALGORITHM, ALGO_RSASHA256); + m_xDocumentHandler->startElement(TAG_SIGNATUREMETHOD, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); + m_xDocumentHandler->endElement(TAG_SIGNATUREMETHOD); +} + +void OOXMLSecExporter::Impl::writeSignedInfoReferences() +{ + const SignatureReferenceInformations& rReferences = m_rInformation.vSignatureReferenceInfors; + for (const SignatureReferenceInformation& rReference : rReferences) + { + if (rReference.nType == SignatureReferenceType::SAMEDOCUMENT) + { + { + rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); + if (rReference.ouURI != "idSignedProperties") + pAttributeList->AddAttribute("Type", "http://www.w3.org/2000/09/xmldsig#Object"); + else + pAttributeList->AddAttribute("Type", "http://uri.etsi.org/01903#SignedProperties"); + pAttributeList->AddAttribute(ATTR_URI, CHAR_FRAGMENT + rReference.ouURI); + m_xDocumentHandler->startElement(TAG_REFERENCE, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); + } + if (rReference.ouURI == "idSignedProperties") + { + m_xDocumentHandler->startElement(TAG_TRANSFORMS, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + writeCanonicalizationTransform(); + m_xDocumentHandler->endElement(TAG_TRANSFORMS); + } + + writeDigestMethod(); + m_xDocumentHandler->startElement(TAG_DIGESTVALUE, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->characters(rReference.ouDigestValue); + m_xDocumentHandler->endElement(TAG_DIGESTVALUE); + m_xDocumentHandler->endElement(TAG_REFERENCE); + } + } +} + +void OOXMLSecExporter::Impl::writeSignatureValue() +{ + m_xDocumentHandler->startElement(TAG_SIGNATUREVALUE, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->characters(m_rInformation.ouSignatureValue); + m_xDocumentHandler->endElement(TAG_SIGNATUREVALUE); +} + +void OOXMLSecExporter::Impl::writeKeyInfo() +{ + m_xDocumentHandler->startElement(TAG_KEYINFO, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->startElement(TAG_X509DATA, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->startElement(TAG_X509CERTIFICATE, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->characters(m_rInformation.ouX509Certificate); + m_xDocumentHandler->endElement(TAG_X509CERTIFICATE); + m_xDocumentHandler->endElement(TAG_X509DATA); + m_xDocumentHandler->endElement(TAG_KEYINFO); +} + +void OOXMLSecExporter::Impl::writePackageObject() +{ + rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); + pAttributeList->AddAttribute(ATTR_ID, "idPackageObject"); + m_xDocumentHandler->startElement(TAG_OBJECT, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); + + writeManifest(); + writePackageObjectSignatureProperties(); + + m_xDocumentHandler->endElement(TAG_OBJECT); +} + +void OOXMLSecExporter::Impl::writeManifest() +{ + m_xDocumentHandler->startElement(TAG_MANIFEST, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + const SignatureReferenceInformations& rReferences = m_rInformation.vSignatureReferenceInfors; + for (const SignatureReferenceInformation& rReference : rReferences) + { + if (rReference.nType != SignatureReferenceType::SAMEDOCUMENT) + { + if (OOXMLSecExporter::Impl::isOOXMLBlacklist(rReference.ouURI)) + continue; + + writeManifestReference(rReference); + } + } + m_xDocumentHandler->endElement(TAG_MANIFEST); +} + +void OOXMLSecExporter::Impl::writeRelationshipTransform(const OUString& rURI) +{ + uno::Reference<embed::XHierarchicalStorageAccess> xHierarchicalStorageAccess(m_xRootStorage, uno::UNO_QUERY); + uno::Reference<io::XInputStream> xRelStream(xHierarchicalStorageAccess->openStreamElementByHierarchicalName(rURI, embed::ElementModes::READ), uno::UNO_QUERY); + { + rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); + pAttributeList->AddAttribute(ATTR_ALGORITHM, ALGO_RELATIONSHIP); + m_xDocumentHandler->startElement(TAG_TRANSFORM, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); + } + + uno::Sequence< uno::Sequence<beans::StringPair> > aRelationsInfo = comphelper::OFOPXMLHelper::ReadRelationsInfoSequence(xRelStream, rURI, m_xComponentContext); + for (const uno::Sequence<beans::StringPair>& rPairs : aRelationsInfo) + { + OUString aId; + OUString aType; + for (const beans::StringPair& rPair : rPairs) + { + if (rPair.First == "Id") + aId = rPair.Second; + else if (rPair.First == "Type") + aType = rPair.Second; + } + + if (OOXMLSecExporter::Impl::isOOXMLRelationBlacklist(aType)) + continue; + + rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); + pAttributeList->AddAttribute(ATTR_XMLNS ":" NSTAG_MDSSI, NS_MDSSI); + pAttributeList->AddAttribute(ATTR_SOURCEID, aId); + m_xDocumentHandler->startElement(NSTAG_MDSSI ":" TAG_RELATIONSHIPREFERENCE, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); + m_xDocumentHandler->endElement(NSTAG_MDSSI ":" TAG_RELATIONSHIPREFERENCE); + } + + m_xDocumentHandler->endElement(TAG_TRANSFORM); +} + +void OOXMLSecExporter::Impl::writePackageObjectSignatureProperties() +{ + m_xDocumentHandler->startElement(TAG_SIGNATUREPROPERTIES, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + { + rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); + pAttributeList->AddAttribute(ATTR_ID, "idSignatureTime"); + pAttributeList->AddAttribute(ATTR_TARGET, "#idPackageSignature"); + m_xDocumentHandler->startElement(TAG_SIGNATUREPROPERTY, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); + } + { + rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); + pAttributeList->AddAttribute(ATTR_XMLNS ":" NSTAG_MDSSI, NS_MDSSI); + m_xDocumentHandler->startElement(NSTAG_MDSSI ":" TAG_SIGNATURETIME, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); + } + m_xDocumentHandler->startElement(NSTAG_MDSSI ":" TAG_FORMAT, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->characters("YYYY-MM-DDThh:mm:ssTZD"); + m_xDocumentHandler->endElement(NSTAG_MDSSI ":" TAG_FORMAT); + + m_xDocumentHandler->startElement(NSTAG_MDSSI ":" TAG_VALUE, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + if (!m_rInformation.ouDateTime.isEmpty()) + m_aSignatureTimeValue = m_rInformation.ouDateTime; + else + { + m_aSignatureTimeValue = utl::toISO8601(m_rInformation.stDateTime); + // Ignore sub-seconds. + sal_Int32 nCommaPos = m_aSignatureTimeValue.indexOf(','); + if (nCommaPos != -1) + { + m_aSignatureTimeValue = m_aSignatureTimeValue.copy(0, nCommaPos); + m_aSignatureTimeValue += "Z"; + } + } + m_xDocumentHandler->characters(m_aSignatureTimeValue); + m_xDocumentHandler->endElement(NSTAG_MDSSI ":" TAG_VALUE); + + m_xDocumentHandler->endElement(NSTAG_MDSSI ":" TAG_SIGNATURETIME); + m_xDocumentHandler->endElement(TAG_SIGNATUREPROPERTY); + m_xDocumentHandler->endElement(TAG_SIGNATUREPROPERTIES); +} + +void OOXMLSecExporter::Impl::writeManifestReference(const SignatureReferenceInformation& rReference) +{ + rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); + pAttributeList->AddAttribute(ATTR_URI, rReference.ouURI); + m_xDocumentHandler->startElement(TAG_REFERENCE, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); + + // Transforms + if (rReference.ouURI.endsWith("?ContentType=application/vnd.openxmlformats-package.relationships+xml")) + { + OUString aURI = rReference.ouURI; + // Ignore leading slash. + if (aURI.startsWith("/")) + aURI = aURI.copy(1); + // Ignore query part of the URI. + sal_Int32 nQueryPos = aURI.indexOf('?'); + if (nQueryPos != -1) + aURI = aURI.copy(0, nQueryPos); + + m_xDocumentHandler->startElement(TAG_TRANSFORMS, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + + writeRelationshipTransform(aURI); + writeCanonicalizationTransform(); + + m_xDocumentHandler->endElement(TAG_TRANSFORMS); + } + + writeDigestMethod(); + m_xDocumentHandler->startElement(TAG_DIGESTVALUE, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->characters(rReference.ouDigestValue); + m_xDocumentHandler->endElement(TAG_DIGESTVALUE); + m_xDocumentHandler->endElement(TAG_REFERENCE); +} + +void OOXMLSecExporter::Impl::writeOfficeObject() +{ + { + rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); + pAttributeList->AddAttribute(ATTR_ID, "idOfficeObject"); + m_xDocumentHandler->startElement(TAG_OBJECT, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); + } + m_xDocumentHandler->startElement(TAG_SIGNATUREPROPERTIES, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + { + rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); + pAttributeList->AddAttribute(ATTR_ID, "idOfficeV1Details"); + pAttributeList->AddAttribute(ATTR_TARGET, "#idPackageSignature"); + m_xDocumentHandler->startElement(TAG_SIGNATUREPROPERTY, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); + } + writeSignatureInfo(); + m_xDocumentHandler->endElement(TAG_SIGNATUREPROPERTY); + m_xDocumentHandler->endElement(TAG_SIGNATUREPROPERTIES); + m_xDocumentHandler->endElement(TAG_OBJECT); +} + +void OOXMLSecExporter::Impl::writeSignatureInfo() +{ + rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); + pAttributeList->AddAttribute(ATTR_XMLNS, "http://schemas.microsoft.com/office/2006/digsig"); + m_xDocumentHandler->startElement("SignatureInfoV1", uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); + + m_xDocumentHandler->startElement("SetupId", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->endElement("SetupId"); + m_xDocumentHandler->startElement("SignatureText", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->endElement("SignatureText"); + m_xDocumentHandler->startElement("SignatureImage", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->endElement("SignatureImage"); + m_xDocumentHandler->startElement("SignatureComments", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->characters(m_rInformation.ouDescription); + m_xDocumentHandler->endElement("SignatureComments"); + // Just hardcode something valid according to [MS-OFFCRYPTO]. + m_xDocumentHandler->startElement("WindowsVersion", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->characters("6.1"); + m_xDocumentHandler->endElement("WindowsVersion"); + m_xDocumentHandler->startElement("OfficeVersion", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->characters("16.0"); + m_xDocumentHandler->endElement("OfficeVersion"); + m_xDocumentHandler->startElement("ApplicationVersion", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->characters("16.0"); + m_xDocumentHandler->endElement("ApplicationVersion"); + m_xDocumentHandler->startElement("Monitors", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->characters("1"); + m_xDocumentHandler->endElement("Monitors"); + m_xDocumentHandler->startElement("HorizontalResolution", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->characters("1280"); + m_xDocumentHandler->endElement("HorizontalResolution"); + m_xDocumentHandler->startElement("VerticalResolution", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->characters("800"); + m_xDocumentHandler->endElement("VerticalResolution"); + m_xDocumentHandler->startElement("ColorDepth", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->characters("32"); + m_xDocumentHandler->endElement("ColorDepth"); + m_xDocumentHandler->startElement("SignatureProviderId", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->characters("{00000000-0000-0000-0000-000000000000}"); + m_xDocumentHandler->endElement("SignatureProviderId"); + m_xDocumentHandler->startElement("SignatureProviderUrl", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->endElement("SignatureProviderUrl"); + m_xDocumentHandler->startElement("SignatureProviderDetails", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->characters("9"); // This is what MSO 2016 writes, though [MS-OFFCRYPTO] doesn't document what the value means. + m_xDocumentHandler->endElement("SignatureProviderDetails"); + m_xDocumentHandler->startElement("SignatureType", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->characters("1"); + m_xDocumentHandler->endElement("SignatureType"); + + m_xDocumentHandler->endElement("SignatureInfoV1"); +} + +void OOXMLSecExporter::Impl::writePackageSignature() +{ + m_xDocumentHandler->startElement(TAG_OBJECT, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + { + rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); + pAttributeList->AddAttribute(ATTR_XMLNS ":" NSTAG_XD, NS_XD); + pAttributeList->AddAttribute(ATTR_TARGET, "#idPackageSignature"); + m_xDocumentHandler->startElement(NSTAG_XD ":" TAG_QUALIFYINGPROPERTIES, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); + } + + // FIXME why does this part crash NSS when MOZILLA_CERTIFICATE_FOLDER is not set? + static bool bTest = getenv("LO_TESTNAME"); + if (!bTest) + writeSignedProperties(); + + m_xDocumentHandler->endElement(NSTAG_XD ":" TAG_QUALIFYINGPROPERTIES); + m_xDocumentHandler->endElement(TAG_OBJECT); +} + +void OOXMLSecExporter::Impl::writeSignedProperties() +{ + { + rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); + pAttributeList->AddAttribute(ATTR_ID, "idSignedProperties"); + m_xDocumentHandler->startElement(NSTAG_XD ":" TAG_SIGNEDPROPERTIES, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); + } + + m_xDocumentHandler->startElement("xd:SignedSignatureProperties", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->startElement("xd:SigningTime", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->characters(m_aSignatureTimeValue); + m_xDocumentHandler->endElement("xd:SigningTime"); + m_xDocumentHandler->startElement("xd:SigningCertificate", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->startElement("xd:Cert", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->startElement("xd:CertDigest", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + writeDigestMethod(); + + m_xDocumentHandler->startElement("DigestValue", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + assert(!m_rInformation.ouCertDigest.isEmpty()); + m_xDocumentHandler->characters(m_rInformation.ouCertDigest); + m_xDocumentHandler->endElement("DigestValue"); + + m_xDocumentHandler->endElement("xd:CertDigest"); + m_xDocumentHandler->startElement("xd:IssuerSerial", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->startElement("X509IssuerName", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->characters(m_rInformation.ouX509IssuerName); + m_xDocumentHandler->endElement("X509IssuerName"); + m_xDocumentHandler->startElement("X509SerialNumber", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->characters(m_rInformation.ouX509SerialNumber); + m_xDocumentHandler->endElement("X509SerialNumber"); + m_xDocumentHandler->endElement("xd:IssuerSerial"); + m_xDocumentHandler->endElement("xd:Cert"); + m_xDocumentHandler->endElement("xd:SigningCertificate"); + m_xDocumentHandler->startElement("xd:SignaturePolicyIdentifier", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->startElement("xd:SignaturePolicyImplied", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); + m_xDocumentHandler->endElement("xd:SignaturePolicyImplied"); + m_xDocumentHandler->endElement("xd:SignaturePolicyIdentifier"); + m_xDocumentHandler->endElement("xd:SignedSignatureProperties"); + + m_xDocumentHandler->endElement(NSTAG_XD ":" TAG_SIGNEDPROPERTIES); +} + +OOXMLSecExporter::OOXMLSecExporter(const uno::Reference<uno::XComponentContext>& xComponentContext, + const uno::Reference<embed::XStorage>& xRootStorage, + const uno::Reference<xml::sax::XDocumentHandler>& xDocumentHandler, + const SignatureInformation& rInformation) + : m_pImpl(o3tl::make_unique<Impl>(xComponentContext, xRootStorage, xDocumentHandler, rInformation)) +{ +} + +OOXMLSecExporter::~OOXMLSecExporter() +{ +} + +void OOXMLSecExporter::writeSignature() +{ + rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); + pAttributeList->AddAttribute(ATTR_XMLNS, NS_XMLDSIG); + pAttributeList->AddAttribute(ATTR_ID, "idPackageSignature"); + m_pImpl->m_xDocumentHandler->startElement(TAG_SIGNATURE, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); + + m_pImpl->writeSignedInfo(); + m_pImpl->writeSignatureValue(); + m_pImpl->writeKeyInfo(); + m_pImpl->writePackageObject(); + m_pImpl->writeOfficeObject(); + m_pImpl->writePackageSignature(); + + m_pImpl->m_xDocumentHandler->endElement(TAG_SIGNATURE); +} + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/source/helper/ooxmlsecexporter.hxx b/xmlsecurity/source/helper/ooxmlsecexporter.hxx new file mode 100644 index 000000000000..3b3d04eadb27 --- /dev/null +++ b/xmlsecurity/source/helper/ooxmlsecexporter.hxx @@ -0,0 +1,37 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#ifndef INCLUDED_XMLSECURITY_SOURCE_HELPER_OOXMLSECEXPORTER_HXX +#define INCLUDED_XMLSECURITY_SOURCE_HELPER_OOXMLSECEXPORTER_HXX + +#include <memory> + +#include <com/sun/star/uno/XComponentContext.hpp> +#include <com/sun/star/embed/XStorage.hpp> +#include <com/sun/star/xml/sax/XDocumentHandler.hpp> +#include <xmlsecurity/sigstruct.hxx> + +/// Writes a single OOXML digital signature. +class OOXMLSecExporter +{ + struct Impl; + std::unique_ptr<Impl> m_pImpl; + +public: + OOXMLSecExporter(const css::uno::Reference<css::uno::XComponentContext>& xComponentContext, + const css::uno::Reference<css::embed::XStorage>& xRootStorage, + const css::uno::Reference<css::xml::sax::XDocumentHandler>& xDocumentHandler, + const SignatureInformation& rInformation); + ~OOXMLSecExporter(); + void writeSignature(); +}; + +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx index 676e60d82c52..f0271b81a67c 100644 --- a/xmlsecurity/source/helper/xsecctl.cxx +++ b/xmlsecurity/source/helper/xsecctl.cxx @@ -39,6 +39,7 @@ #include <unotools/datetime.hxx> #include <comphelper/ofopxmlhelper.hxx> #include <sax/tools/converter.hxx> +#include <ooxmlsecexporter.hxx> namespace cssu = com::sun::star::uno; namespace cssl = com::sun::star::lang; @@ -854,370 +855,10 @@ void XSecController::exportSignature( xDocumentHandler->endElement( tag_Signature ); } -/// Should we intentionally not sign this stream? -static bool lcl_isOOXMLBlacklist(const OUString& rStreamName) -{ -#if !HAVE_BROKEN_STATIC_INITILIZER_LIST - static -#endif - const std::initializer_list<OUStringLiteral> vBlacklist = - { - OUStringLiteral("/%5BContent_Types%5D.xml"), - OUStringLiteral("/docProps/app.xml"), - OUStringLiteral("/docProps/core.xml"), - // Don't attempt to sign other signatures for now. - OUStringLiteral("/_xmlsignatures") - }; - // Just check the prefix, as we don't care about the content type part of the stream name. - return std::find_if(vBlacklist.begin(), vBlacklist.end(), [&](const OUStringLiteral& rLiteral) { return rStreamName.startsWith(rLiteral); }) != vBlacklist.end(); -} - -/// Should we intentionally not sign this relation type? -static bool lcl_isOOXMLRelationBlacklist(const OUString& rRelationName) -{ -#if !HAVE_BROKEN_STATIC_INITILIZER_LIST - static -#endif - const std::initializer_list<OUStringLiteral> vBlacklist = - { - OUStringLiteral("http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties"), - OUStringLiteral("http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties"), - OUStringLiteral("http://schemas.openxmlformats.org/package/2006/relationships/digital-signature/origin") - }; - return std::find(vBlacklist.begin(), vBlacklist.end(), rRelationName) != vBlacklist.end(); -} - void XSecController::exportOOXMLSignature(const uno::Reference<embed::XStorage>& xRootStorage, const uno::Reference<xml::sax::XDocumentHandler>& xDocumentHandler, const SignatureInformation& rInformation) { - uno::Reference<embed::XHierarchicalStorageAccess> xHierarchicalStorageAccess(xRootStorage, uno::UNO_QUERY); - - { - rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); - pAttributeList->AddAttribute(ATTR_XMLNS, NS_XMLDSIG); - pAttributeList->AddAttribute(ATTR_ID, "idPackageSignature"); - xDocumentHandler->startElement(TAG_SIGNATURE, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); - } - xDocumentHandler->startElement(TAG_SIGNEDINFO, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - - { - rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); - pAttributeList->AddAttribute(ATTR_ALGORITHM, ALGO_C14N); - xDocumentHandler->startElement(TAG_CANONICALIZATIONMETHOD, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); - xDocumentHandler->endElement(TAG_CANONICALIZATIONMETHOD); - } - - { - rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); - pAttributeList->AddAttribute(ATTR_ALGORITHM, ALGO_RSASHA256); - xDocumentHandler->startElement(TAG_SIGNATUREMETHOD, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); - xDocumentHandler->endElement(TAG_SIGNATUREMETHOD); - } - - const SignatureReferenceInformations& rReferences = rInformation.vSignatureReferenceInfors; - for (const SignatureReferenceInformation& rReference : rReferences) - { - if (rReference.nType == SignatureReferenceType::SAMEDOCUMENT) - { - { - rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); - if (rReference.ouURI != "idSignedProperties") - pAttributeList->AddAttribute("Type", "http://www.w3.org/2000/09/xmldsig#Object"); - else - pAttributeList->AddAttribute("Type", "http://uri.etsi.org/01903#SignedProperties"); - pAttributeList->AddAttribute(ATTR_URI, CHAR_FRAGMENT + rReference.ouURI); - xDocumentHandler->startElement(TAG_REFERENCE, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); - } - if (rReference.ouURI == "idSignedProperties") - { - xDocumentHandler->startElement(TAG_TRANSFORMS, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); - pAttributeList->AddAttribute(ATTR_ALGORITHM, ALGO_C14N); - xDocumentHandler->startElement(TAG_TRANSFORM, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); - xDocumentHandler->endElement(TAG_TRANSFORM); - xDocumentHandler->endElement(TAG_TRANSFORMS); - } - - { - rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); - pAttributeList->AddAttribute(ATTR_ALGORITHM, ALGO_XMLDSIGSHA256); - xDocumentHandler->startElement(TAG_DIGESTMETHOD, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); - xDocumentHandler->endElement(TAG_DIGESTMETHOD); - } - xDocumentHandler->startElement(TAG_DIGESTVALUE, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->characters(rReference.ouDigestValue); - xDocumentHandler->endElement(TAG_DIGESTVALUE); - xDocumentHandler->endElement(TAG_REFERENCE); - } - } - - xDocumentHandler->endElement(TAG_SIGNEDINFO); - - xDocumentHandler->startElement(TAG_SIGNATUREVALUE, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->characters(rInformation.ouSignatureValue); - xDocumentHandler->endElement(TAG_SIGNATUREVALUE); - - xDocumentHandler->startElement(TAG_KEYINFO, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->startElement(TAG_X509DATA, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->startElement(TAG_X509CERTIFICATE, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->characters(rInformation.ouX509Certificate); - xDocumentHandler->endElement(TAG_X509CERTIFICATE); - xDocumentHandler->endElement(TAG_X509DATA); - xDocumentHandler->endElement(TAG_KEYINFO); - - { - rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); - pAttributeList->AddAttribute(ATTR_ID, "idPackageObject"); - xDocumentHandler->startElement(TAG_OBJECT, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); - } - xDocumentHandler->startElement(TAG_MANIFEST, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - for (const SignatureReferenceInformation& rReference : rReferences) - { - if (rReference.nType != SignatureReferenceType::SAMEDOCUMENT) - { - if (lcl_isOOXMLBlacklist(rReference.ouURI)) - continue; - - { - rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); - pAttributeList->AddAttribute(ATTR_URI, rReference.ouURI); - xDocumentHandler->startElement(TAG_REFERENCE, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); - } - - // Transforms - if (rReference.ouURI.endsWith("?ContentType=application/vnd.openxmlformats-package.relationships+xml")) - { - OUString aURI = rReference.ouURI; - // Ignore leading slash. - if (aURI.startsWith("/")) - aURI = aURI.copy(1); - // Ignore query part of the URI. - sal_Int32 nQueryPos = aURI.indexOf('?'); - if (nQueryPos != -1) - aURI = aURI.copy(0, nQueryPos); - - uno::Reference<io::XInputStream> xRelStream(xHierarchicalStorageAccess->openStreamElementByHierarchicalName(aURI, embed::ElementModes::READ), uno::UNO_QUERY); - xDocumentHandler->startElement(TAG_TRANSFORMS, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - { - rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); - pAttributeList->AddAttribute(ATTR_ALGORITHM, ALGO_RELATIONSHIP); - xDocumentHandler->startElement(TAG_TRANSFORM, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); - } - - uno::Sequence< uno::Sequence<beans::StringPair> > aRelationsInfo = comphelper::OFOPXMLHelper::ReadRelationsInfoSequence(xRelStream, aURI, mxCtx); - for (const uno::Sequence<beans::StringPair>& rPairs : aRelationsInfo) - { - OUString aId; - OUString aType; - for (const beans::StringPair& rPair : rPairs) - { - if (rPair.First == "Id") - aId = rPair.Second; - else if (rPair.First == "Type") - aType = rPair.Second; - } - - if (lcl_isOOXMLRelationBlacklist(aType)) - continue; - - { - rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); - pAttributeList->AddAttribute(ATTR_XMLNS ":" NSTAG_MDSSI, NS_MDSSI); - pAttributeList->AddAttribute(ATTR_SOURCEID, aId); - xDocumentHandler->startElement(NSTAG_MDSSI ":" TAG_RELATIONSHIPREFERENCE, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); - } - xDocumentHandler->endElement(NSTAG_MDSSI ":" TAG_RELATIONSHIPREFERENCE); - } - - xDocumentHandler->endElement(TAG_TRANSFORM); - { - rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); - pAttributeList->AddAttribute(ATTR_ALGORITHM, ALGO_C14N); - xDocumentHandler->startElement(TAG_TRANSFORM, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); - } - xDocumentHandler->endElement(TAG_TRANSFORM); - xDocumentHandler->endElement(TAG_TRANSFORMS); - } - - { - rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); - pAttributeList->AddAttribute(ATTR_ALGORITHM, ALGO_XMLDSIGSHA256); - xDocumentHandler->startElement(TAG_DIGESTMETHOD, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); - xDocumentHandler->endElement(TAG_DIGESTMETHOD); - } - xDocumentHandler->startElement(TAG_DIGESTVALUE, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->characters(rReference.ouDigestValue); - xDocumentHandler->endElement(TAG_DIGESTVALUE); - xDocumentHandler->endElement(TAG_REFERENCE); - } - } - xDocumentHandler->endElement(TAG_MANIFEST); - - // SignatureProperties - xDocumentHandler->startElement(TAG_SIGNATUREPROPERTIES, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - { - rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); - pAttributeList->AddAttribute(ATTR_ID, "idSignatureTime"); - pAttributeList->AddAttribute(ATTR_TARGET, "#idPackageSignature"); - xDocumentHandler->startElement(TAG_SIGNATUREPROPERTY, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); - } - { - rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); - pAttributeList->AddAttribute(ATTR_XMLNS ":" NSTAG_MDSSI, NS_MDSSI); - xDocumentHandler->startElement(NSTAG_MDSSI ":" TAG_SIGNATURETIME, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); - } - xDocumentHandler->startElement(NSTAG_MDSSI ":" TAG_FORMAT, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->characters("YYYY-MM-DDThh:mm:ssTZD"); - xDocumentHandler->endElement(NSTAG_MDSSI ":" TAG_FORMAT); - - xDocumentHandler->startElement(NSTAG_MDSSI ":" TAG_VALUE, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - OUString aSignatureTimeValue; - if (!rInformation.ouDateTime.isEmpty()) - aSignatureTimeValue = rInformation.ouDateTime; - else - { - aSignatureTimeValue = utl::toISO8601(rInformation.stDateTime); - // Ignore sub-seconds. - sal_Int32 nCommaPos = aSignatureTimeValue.indexOf(','); - if (nCommaPos != -1) - { - aSignatureTimeValue = aSignatureTimeValue.copy(0, nCommaPos); - aSignatureTimeValue += "Z"; - } - } - xDocumentHandler->characters(aSignatureTimeValue); - xDocumentHandler->endElement(NSTAG_MDSSI ":" TAG_VALUE); - - xDocumentHandler->endElement(NSTAG_MDSSI ":" TAG_SIGNATURETIME); - xDocumentHandler->endElement(TAG_SIGNATUREPROPERTY); - xDocumentHandler->endElement(TAG_SIGNATUREPROPERTIES); - - xDocumentHandler->endElement(TAG_OBJECT); - - // idOfficeObject - { - rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); - pAttributeList->AddAttribute(ATTR_ID, "idOfficeObject"); - xDocumentHandler->startElement(TAG_OBJECT, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); - } - xDocumentHandler->startElement(TAG_SIGNATUREPROPERTIES, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - { - rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); - pAttributeList->AddAttribute(ATTR_ID, "idOfficeV1Details"); - pAttributeList->AddAttribute(ATTR_TARGET, "#idPackageSignature"); - xDocumentHandler->startElement(TAG_SIGNATUREPROPERTY, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); - } - { - rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); - pAttributeList->AddAttribute(ATTR_XMLNS, "http://schemas.microsoft.com/office/2006/digsig"); - xDocumentHandler->startElement("SignatureInfoV1", uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); - } - xDocumentHandler->startElement("SetupId", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->endElement("SetupId"); - xDocumentHandler->startElement("SignatureText", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->endElement("SignatureText"); - xDocumentHandler->startElement("SignatureImage", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->endElement("SignatureImage"); - xDocumentHandler->startElement("SignatureComments", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->characters(rInformation.ouDescription); - xDocumentHandler->endElement("SignatureComments"); - // Just hardcode something valid according to [MS-OFFCRYPTO]. - xDocumentHandler->startElement("WindowsVersion", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->characters("6.1"); - xDocumentHandler->endElement("WindowsVersion"); - xDocumentHandler->startElement("OfficeVersion", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->characters("16.0"); - xDocumentHandler->endElement("OfficeVersion"); - xDocumentHandler->startElement("ApplicationVersion", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->characters("16.0"); - xDocumentHandler->endElement("ApplicationVersion"); - xDocumentHandler->startElement("Monitors", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->characters("1"); - xDocumentHandler->endElement("Monitors"); - xDocumentHandler->startElement("HorizontalResolution", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->characters("1280"); - xDocumentHandler->endElement("HorizontalResolution"); - xDocumentHandler->startElement("VerticalResolution", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->characters("800"); - xDocumentHandler->endElement("VerticalResolution"); - xDocumentHandler->startElement("ColorDepth", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->characters("32"); - xDocumentHandler->endElement("ColorDepth"); - xDocumentHandler->startElement("SignatureProviderId", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->characters("{00000000-0000-0000-0000-000000000000}"); - xDocumentHandler->endElement("SignatureProviderId"); - xDocumentHandler->startElement("SignatureProviderUrl", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->endElement("SignatureProviderUrl"); - xDocumentHandler->startElement("SignatureProviderDetails", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->characters("9"); // This is what MSO 2016 writes, though [MS-OFFCRYPTO] doesn't document what the value means. - xDocumentHandler->endElement("SignatureProviderDetails"); - xDocumentHandler->startElement("SignatureType", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->characters("1"); - xDocumentHandler->endElement("SignatureType"); - xDocumentHandler->endElement("SignatureInfoV1"); - xDocumentHandler->endElement(TAG_SIGNATUREPROPERTY); - xDocumentHandler->endElement(TAG_SIGNATUREPROPERTIES); - xDocumentHandler->endElement(TAG_OBJECT); - - xDocumentHandler->startElement(TAG_OBJECT, uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - { - rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); - pAttributeList->AddAttribute(ATTR_XMLNS ":" NSTAG_XD, NS_XD); - pAttributeList->AddAttribute(ATTR_TARGET, "#idPackageSignature"); - xDocumentHandler->startElement(NSTAG_XD ":" TAG_QUALIFYINGPROPERTIES, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); - } - - // FIXME why does this part crash NSS when MOZILLA_CERTIFICATE_FOLDER is not set? - static bool bTest = getenv("LO_TESTNAME"); - if (!bTest) - { - { - rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); - pAttributeList->AddAttribute(ATTR_ID, "idSignedProperties"); - xDocumentHandler->startElement(NSTAG_XD ":" TAG_SIGNEDPROPERTIES, uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); - } - - xDocumentHandler->startElement("xd:SignedSignatureProperties", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->startElement("xd:SigningTime", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->characters(aSignatureTimeValue); - xDocumentHandler->endElement("xd:SigningTime"); - xDocumentHandler->startElement("xd:SigningCertificate", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->startElement("xd:Cert", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->startElement("xd:CertDigest", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - { - rtl::Reference<SvXMLAttributeList> pAttributeList(new SvXMLAttributeList()); - pAttributeList->AddAttribute(ATTR_ALGORITHM, ALGO_XMLDSIGSHA256); - xDocumentHandler->startElement("DigestMethod", uno::Reference<xml::sax::XAttributeList>(pAttributeList.get())); - } - xDocumentHandler->endElement("DigestMethod"); - xDocumentHandler->startElement("DigestValue", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - - assert(!rInformation.ouCertDigest.isEmpty()); - xDocumentHandler->characters(rInformation.ouCertDigest); - - xDocumentHandler->endElement("DigestValue"); - xDocumentHandler->endElement("xd:CertDigest"); - xDocumentHandler->startElement("xd:IssuerSerial", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->startElement("X509IssuerName", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->characters(rInformation.ouX509IssuerName); - xDocumentHandler->endElement("X509IssuerName"); - xDocumentHandler->startElement("X509SerialNumber", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->characters(rInformation.ouX509SerialNumber); - xDocumentHandler->endElement("X509SerialNumber"); - xDocumentHandler->endElement("xd:IssuerSerial"); - xDocumentHandler->endElement("xd:Cert"); - xDocumentHandler->endElement("xd:SigningCertificate"); - xDocumentHandler->startElement("xd:SignaturePolicyIdentifier", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->startElement("xd:SignaturePolicyImplied", uno::Reference<xml::sax::XAttributeList>(new SvXMLAttributeList())); - xDocumentHandler->endElement("xd:SignaturePolicyImplied"); - xDocumentHandler->endElement("xd:SignaturePolicyIdentifier"); - xDocumentHandler->endElement("xd:SignedSignatureProperties"); - - xDocumentHandler->endElement(NSTAG_XD ":" TAG_SIGNEDPROPERTIES); - } - xDocumentHandler->endElement(NSTAG_XD ":" TAG_QUALIFYINGPROPERTIES); - xDocumentHandler->endElement(TAG_OBJECT); - - xDocumentHandler->endElement(TAG_SIGNATURE); + OOXMLSecExporter aExporter(mxCtx, xRootStorage, xDocumentHandler, rInformation); + aExporter.writeSignature(); } SignatureInformation XSecController::getSignatureInformation( sal_Int32 nSecurityId ) const |