diff options
Diffstat (limited to 'xmlsecurity/source/helper')
-rw-r--r-- | xmlsecurity/source/helper/documentsignaturehelper.cxx | 905 | ||||
-rw-r--r-- | xmlsecurity/source/helper/makefile.mk | 6 | ||||
-rw-r--r-- | xmlsecurity/source/helper/xmlsignaturehelper.cxx | 5 | ||||
-rw-r--r-- | xmlsecurity/source/helper/xmlsignaturehelper2.cxx | 5 | ||||
-rw-r--r-- | xmlsecurity/source/helper/xmlsignaturehelper2.hxx | 5 | ||||
-rw-r--r-- | xmlsecurity/source/helper/xsecctl.cxx | 5 | ||||
-rw-r--r-- | xmlsecurity/source/helper/xsecctl.hxx | 5 | ||||
-rw-r--r-- | xmlsecurity/source/helper/xsecparser.cxx | 5 | ||||
-rw-r--r-- | xmlsecurity/source/helper/xsecparser.hxx | 5 | ||||
-rw-r--r-- | xmlsecurity/source/helper/xsecsign.cxx | 5 | ||||
-rw-r--r-- | xmlsecurity/source/helper/xsecverify.cxx | 5 |
11 files changed, 461 insertions, 495 deletions
diff --git a/xmlsecurity/source/helper/documentsignaturehelper.cxx b/xmlsecurity/source/helper/documentsignaturehelper.cxx index ca2cfe941f4d..d0fba345588c 100644 --- a/xmlsecurity/source/helper/documentsignaturehelper.cxx +++ b/xmlsecurity/source/helper/documentsignaturehelper.cxx @@ -1,405 +1,402 @@ -/*************************************************************************
- *
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * Copyright 2008 by Sun Microsystems, Inc.
- *
- * OpenOffice.org - a multi-platform office productivity suite
- *
- * $RCSfile: documentsignaturehelper.cxx,v $
- * $Revision: 1.11 $
- *
- * This file is part of OpenOffice.org.
- *
- * OpenOffice.org is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License version 3
- * only, as published by the Free Software Foundation.
- *
- * OpenOffice.org is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License version 3 for more details
- * (a copy is included in the LICENSE file that accompanied this code).
- *
- * You should have received a copy of the GNU Lesser General Public License
- * version 3 along with OpenOffice.org. If not, see
- * <http://www.openoffice.org/license.html>
- * for a copy of the LGPLv3 License.
- *
- ************************************************************************/
-
-// MARKER(update_precomp.py): autogen include statement, do not remove
-#include "precompiled_xmlsecurity.hxx"
-
-#include <xmlsecurity/documentsignaturehelper.hxx>
-
-#include <com/sun/star/container/XNameAccess.hpp>
-#include <com/sun/star/lang/XComponent.hpp>
-#include <com/sun/star/lang/DisposedException.hpp>
-#include <com/sun/star/embed/XStorage.hpp>
-#include <com/sun/star/embed/ElementModes.hpp>
-#include "com/sun/star/beans/XPropertySet.hpp"
-
-#include "comphelper/documentconstants.hxx"
-#include <tools/debug.hxx>
-#include "rtl/uri.hxx"
-
-using namespace ::com::sun::star::uno;
-//using namespace ::com::sun::star;
-namespace css = ::com::sun::star;
-using rtl::OUString;
-
-
-namespace
-{
-::rtl::OUString getElement(::rtl::OUString const & version, ::sal_Int32 * index)
-{
- while (*index < version.getLength() && version[*index] == '0') {
- ++*index;
- }
- return version.getToken(0, '.', *index);
-}
-
-
-
-// Return 1 if version1 is greater then version 2, 0 if they are equal
-//and -1 if version1 is less version 2
-int compareVersions(
- ::rtl::OUString const & version1, ::rtl::OUString const & version2)
-{
- for (::sal_Int32 i1 = 0, i2 = 0; i1 >= 0 || i2 >= 0;) {
- ::rtl::OUString e1(getElement(version1, &i1));
- ::rtl::OUString e2(getElement(version2, &i2));
- if (e1.getLength() < e2.getLength()) {
- return -1;
- } else if (e1.getLength() > e2.getLength()) {
- return 1;
- } else if (e1 < e2) {
- return -1;
- } else if (e1 > e2) {
- return 1;
- }
- }
- return 0;
-}
-}
-//If the OOo 3.0 mode is used then we exclude
-//'mimetype' and all content of 'META-INF'.
-//If the argument 'bSigning' is true then the element list is created for a signing
-//operation in which case we use the latest signing algorithm. That is all elements
-//we find in the zip storage are added to the list. We do not support the old signatures
-//which did not contain all files.
-//If 'bSigning' is false, then we validate. If the user enabled validating according to OOo 3.0
-//then mimetype and all content of META-INF must be excluded.
-void ImplFillElementList(
- std::vector< rtl::OUString >& rList, const Reference < css::embed::XStorage >& rxStore,
- const ::rtl::OUString rRootStorageName, const bool bRecursive,
- const DocumentSignatureAlgorithm mode)
-{
- ::rtl::OUString aMetaInfName( RTL_CONSTASCII_USTRINGPARAM( "META-INF" ) );
- ::rtl::OUString sMimeTypeName (RTL_CONSTASCII_USTRINGPARAM("mimetype"));
- ::rtl::OUString aSep( RTL_CONSTASCII_USTRINGPARAM( "/" ) );
-
- Reference < css::container::XNameAccess > xElements( rxStore, UNO_QUERY );
- Sequence< ::rtl::OUString > aElements = xElements->getElementNames();
- sal_Int32 nElements = aElements.getLength();
- const ::rtl::OUString* pNames = aElements.getConstArray();
-
- for ( sal_Int32 n = 0; n < nElements; n++ )
- {
- if (mode != OOo3_2Document
- && (pNames[n] == aMetaInfName
- || pNames[n] == sMimeTypeName))
- {
- continue;
- }
- else
- {
- ::rtl::OUString sEncName = ::rtl::Uri::encode(
- pNames[n], rtl_UriCharClassRelSegment,
- rtl_UriEncodeStrict, RTL_TEXTENCODING_UTF8);
- if (sEncName.getLength() == 0 && pNames[n].getLength() != 0)
- throw css::uno::Exception(::rtl::OUString(
- RTL_CONSTASCII_USTRINGPARAM("Failed to encode element name of XStorage")), 0);
-
- if ( rxStore->isStreamElement( pNames[n] ) )
- {
- //Exclude documentsignatures.xml!
- if (pNames[n].equals(
- DocumentSignatureHelper::GetDocumentContentSignatureDefaultStreamName()))
- continue;
- ::rtl::OUString aFullName( rRootStorageName + sEncName );
- rList.push_back(aFullName);
- }
- else if ( bRecursive && rxStore->isStorageElement( pNames[n] ) )
- {
- Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( pNames[n], css::embed::ElementModes::READ );
- rtl::OUString aFullRootName( rRootStorageName + sEncName + aSep );
- ImplFillElementList(rList, xSubStore, aFullRootName, bRecursive, mode);
- }
- }
- }
-}
-
-
-bool DocumentSignatureHelper::isODFPre_1_2(const ::rtl::OUString & sVersion)
-{
- //The property version exists only if the document is at least version 1.2
- //That is, if the document has version 1.1 and sVersion is empty.
- //The constant is defined in comphelper/documentconstants.hxx
- if (compareVersions(sVersion, ODFVER_012_TEXT) == -1)
- return true;
- return false;
-}
-
-bool DocumentSignatureHelper::isOOo3_2_Signature(const SignatureInformation & sigInfo)
-{
- ::rtl::OUString sManifestURI(RTL_CONSTASCII_USTRINGPARAM("META-INF/manifest.xml"));
- bool bOOo3_2 = false;
- typedef ::std::vector< SignatureReferenceInformation >::const_iterator CIT;
- for (CIT i = sigInfo.vSignatureReferenceInfors.begin();
- i < sigInfo.vSignatureReferenceInfors.end(); i++)
- {
- if (i->ouURI.equals(sManifestURI))
- {
- bOOo3_2 = true;
- break;
- }
- }
- return bOOo3_2;
-}
-
-DocumentSignatureAlgorithm
-DocumentSignatureHelper::getDocumentAlgorithm(
- const ::rtl::OUString & sODFVersion, const SignatureInformation & sigInfo)
-{
- OSL_ASSERT(sODFVersion.getLength());
- DocumentSignatureAlgorithm mode = OOo3_2Document;
- if (!isOOo3_2_Signature(sigInfo))
- {
- if (isODFPre_1_2(sODFVersion))
- mode = OOo2Document;
- else
- mode = OOo3_0Document;
- }
- return mode;
-}
-
-//The function creates a list of files which are to be signed or for which
-//the signature is to be validated. The strings are UTF8 encoded URIs which
-//contain '/' as path separators.
-//
-//The algorithm how document signatures are created and validated has
-//changed over time. The change affects only which files within the document
-//are changed. Document signatures created by OOo 2.x only used particular files. Since
-//OOo 3.0 everything except "mimetype" and "META-INF" are signed. As of OOo 3.2 everything
-//except META-INF/documentsignatures.xml is signed.
-//Signatures are validated according to the algorithm which was then used for validation.
-//That is, when validating a signature which was created by OOo 3.0, then mimetype and
-//META-INF are not used.
-//
-//When a signature is created then we always use the latest algorithm. That is, we use
-//that of OOo 3.2
-std::vector< rtl::OUString >
-DocumentSignatureHelper::CreateElementList(
- const Reference < css::embed::XStorage >& rxStore,
- const ::rtl::OUString /*rRootStorageName*/, DocumentSignatureMode eMode,
- const DocumentSignatureAlgorithm mode)
-{
- std::vector< rtl::OUString > aElements;
- ::rtl::OUString aSep( RTL_CONSTASCII_USTRINGPARAM( "/" ) );
-
- switch ( eMode )
- {
- case SignatureModeDocumentContent:
- {
- if (mode == OOo2Document) //that is, ODF 1.0, 1.1
- {
- // 1) Main content
- ImplFillElementList(aElements, rxStore, ::rtl::OUString(), false, mode);
-
- // 2) Pictures...
- rtl::OUString aSubStorageName( rtl::OUString::createFromAscii( "Pictures" ) );
- try
- {
- Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ );
- ImplFillElementList(aElements, xSubStore, aSubStorageName+aSep, true, mode);
- }
- catch(css::io::IOException& )
- {
- ; // Doesn't have to exist...
- }
- // 3) OLE....
- aSubStorageName = rtl::OUString::createFromAscii( "ObjectReplacements" );
- try
- {
- Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ );
- ImplFillElementList(aElements, xSubStore, aSubStorageName+aSep, true, mode);
- xSubStore.clear();
-
- // Object folders...
- rtl::OUString aMatchStr( rtl::OUString::createFromAscii( "Object " ) );
- Reference < css::container::XNameAccess > xElements( rxStore, UNO_QUERY );
- Sequence< ::rtl::OUString > aElementNames = xElements->getElementNames();
- sal_Int32 nElements = aElementNames.getLength();
- const ::rtl::OUString* pNames = aElementNames.getConstArray();
- for ( sal_Int32 n = 0; n < nElements; n++ )
- {
- if ( ( pNames[n].match( aMatchStr ) ) && rxStore->isStorageElement( pNames[n] ) )
- {
- Reference < css::embed::XStorage > xTmpSubStore = rxStore->openStorageElement( pNames[n], css::embed::ElementModes::READ );
- ImplFillElementList(aElements, xTmpSubStore, pNames[n]+aSep, true, mode);
- }
- }
- }
- catch( com::sun::star::io::IOException& )
- {
- ; // Doesn't have to exist...
- }
- }
- else
- {
- // Everything except META-INF
- ImplFillElementList(aElements, rxStore, ::rtl::OUString(), true, mode);
- }
- }
- break;
- case SignatureModeMacros:
- {
- // 1) Macros
- rtl::OUString aSubStorageName( rtl::OUString::createFromAscii( "Basic" ) );
- try
- {
- Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ );
- ImplFillElementList(aElements, xSubStore, aSubStorageName+aSep, true, mode);
- }
- catch( com::sun::star::io::IOException& )
- {
- ; // Doesn't have to exist...
- }
-
- // 2) Dialogs
- aSubStorageName = rtl::OUString::createFromAscii( "Dialogs") ;
- try
- {
- Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ );
- ImplFillElementList(aElements, xSubStore, aSubStorageName+aSep, true, mode);
- }
- catch( com::sun::star::io::IOException& )
- {
- ; // Doesn't have to exist...
- }
- // 3) Scripts
- aSubStorageName = rtl::OUString::createFromAscii( "Scripts") ;
- try
- {
- Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ );
- ImplFillElementList(aElements, xSubStore, aSubStorageName+aSep, true, mode);
- }
- catch( css::io::IOException& )
- {
- ; // Doesn't have to exist...
- }
- }
- break;
- case SignatureModePackage:
- {
- // Everything except META-INF
- ImplFillElementList(aElements, rxStore, ::rtl::OUString(), true, mode);
- }
- break;
- }
-
- return aElements;
-}
-
-SignatureStreamHelper DocumentSignatureHelper::OpenSignatureStream(
- const Reference < css::embed::XStorage >& rxStore, sal_Int32 nOpenMode, DocumentSignatureMode eDocSigMode )
-{
- sal_Int32 nSubStorageOpenMode = css::embed::ElementModes::READ;
- if ( nOpenMode & css::embed::ElementModes::WRITE )
- nSubStorageOpenMode = css::embed::ElementModes::WRITE;
-
- SignatureStreamHelper aHelper;
-
- try
- {
- ::rtl::OUString aSIGStoreName( RTL_CONSTASCII_USTRINGPARAM( "META-INF" ) );
- aHelper.xSignatureStorage = rxStore->openStorageElement( aSIGStoreName, nSubStorageOpenMode );
- if ( aHelper.xSignatureStorage.is() )
- {
- ::rtl::OUString aSIGStreamName;
- if ( eDocSigMode == SignatureModeDocumentContent )
- aSIGStreamName = DocumentSignatureHelper::GetDocumentContentSignatureDefaultStreamName();
- else if ( eDocSigMode == SignatureModeMacros )
- aSIGStreamName = DocumentSignatureHelper::GetScriptingContentSignatureDefaultStreamName();
- else
- aSIGStreamName = DocumentSignatureHelper::GetPackageSignatureDefaultStreamName();
-
- aHelper.xSignatureStream = aHelper.xSignatureStorage->openStreamElement( aSIGStreamName, nOpenMode );
- }
- }
- catch(css::io::IOException& )
- {
- // Doesn't have to exist...
- DBG_ASSERT( nOpenMode == css::embed::ElementModes::READ, "Error creating signature stream..." );
- }
-
- return aHelper;
-}
-
-//sElementList contains all files which are expected to be signed. Only those files must me signed,
-//no more, no less.
-//The DocumentSignatureAlgorithm indicates if the document was created with OOo 2.x. Then
-//the uri s in the Reference elements in the signature, were not properly encoded.
-// For example: <Reference URI="ObjectReplacements/Object 1">
-bool DocumentSignatureHelper::checkIfAllFilesAreSigned(
- const ::std::vector< ::rtl::OUString > & sElementList,
- const SignatureInformation & sigInfo,
- const DocumentSignatureAlgorithm alg)
-{
- // Can only be valid if ALL streams are signed, which means real stream count == signed stream count
- unsigned int nRealCount = 0;
- for ( int i = sigInfo.vSignatureReferenceInfors.size(); i; )
- {
- const SignatureReferenceInformation& rInf = sigInfo.vSignatureReferenceInfors[--i];
- // There is also an extra entry of type TYPE_SAMEDOCUMENT_REFERENCE because of signature date.
- if ( ( rInf.nType == TYPE_BINARYSTREAM_REFERENCE ) || ( rInf.nType == TYPE_XMLSTREAM_REFERENCE ) )
- {
- ::rtl::OUString sReferenceURI = rInf.ouURI;
- if (alg == OOo2Document)
- {
- //Comparing URIs is a difficult. Therefore we kind of normalize
- //it before comparing. We assume that our URI do not have a leading "./"
- //and fragments at the end (...#...)
- sReferenceURI = ::rtl::Uri::encode(
- sReferenceURI, rtl_UriCharClassPchar,
- rtl_UriEncodeCheckEscapes, RTL_TEXTENCODING_UTF8);
- }
-
- //find the file in the element list
- typedef ::std::vector< ::rtl::OUString >::const_iterator CIT;
- for (CIT aIter = sElementList.begin(); aIter < sElementList.end(); aIter++)
- {
- ::rtl::OUString sElementListURI = *aIter;
- if (alg == OOo2Document)
- {
- sElementListURI =
- ::rtl::Uri::encode(
- sElementListURI, rtl_UriCharClassPchar,
- rtl_UriEncodeCheckEscapes, RTL_TEXTENCODING_UTF8);
- }
- if (sElementListURI.equals(sReferenceURI))
- {
- nRealCount++;
- break;
- }
- }
- }
- }
- return sElementList.size() == nRealCount;
-}
-
+/************************************************************************* + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * Copyright 2000, 2010 Oracle and/or its affiliates. + * + * OpenOffice.org - a multi-platform office productivity suite + * + * This file is part of OpenOffice.org. + * + * OpenOffice.org is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License version 3 + * only, as published by the Free Software Foundation. + * + * OpenOffice.org is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License version 3 for more details + * (a copy is included in the LICENSE file that accompanied this code). + * + * You should have received a copy of the GNU Lesser General Public License + * version 3 along with OpenOffice.org. If not, see + * <http://www.openoffice.org/license.html> + * for a copy of the LGPLv3 License. + * + ************************************************************************/ + +// MARKER(update_precomp.py): autogen include statement, do not remove +#include "precompiled_xmlsecurity.hxx" + +#include <xmlsecurity/documentsignaturehelper.hxx> + +#include <com/sun/star/container/XNameAccess.hpp> +#include <com/sun/star/lang/XComponent.hpp> +#include <com/sun/star/lang/DisposedException.hpp> +#include <com/sun/star/embed/XStorage.hpp> +#include <com/sun/star/embed/ElementModes.hpp> +#include "com/sun/star/beans/XPropertySet.hpp" + +#include "comphelper/documentconstants.hxx" +#include <tools/debug.hxx> +#include "rtl/uri.hxx" + +using namespace ::com::sun::star::uno; +//using namespace ::com::sun::star; +namespace css = ::com::sun::star; +using rtl::OUString; + + +namespace +{ +::rtl::OUString getElement(::rtl::OUString const & version, ::sal_Int32 * index) +{ + while (*index < version.getLength() && version[*index] == '0') { + ++*index; + } + return version.getToken(0, '.', *index); +} + + + +// Return 1 if version1 is greater then version 2, 0 if they are equal +//and -1 if version1 is less version 2 +int compareVersions( + ::rtl::OUString const & version1, ::rtl::OUString const & version2) +{ + for (::sal_Int32 i1 = 0, i2 = 0; i1 >= 0 || i2 >= 0;) { + ::rtl::OUString e1(getElement(version1, &i1)); + ::rtl::OUString e2(getElement(version2, &i2)); + if (e1.getLength() < e2.getLength()) { + return -1; + } else if (e1.getLength() > e2.getLength()) { + return 1; + } else if (e1 < e2) { + return -1; + } else if (e1 > e2) { + return 1; + } + } + return 0; +} +} +//If the OOo 3.0 mode is used then we exclude +//'mimetype' and all content of 'META-INF'. +//If the argument 'bSigning' is true then the element list is created for a signing +//operation in which case we use the latest signing algorithm. That is all elements +//we find in the zip storage are added to the list. We do not support the old signatures +//which did not contain all files. +//If 'bSigning' is false, then we validate. If the user enabled validating according to OOo 3.0 +//then mimetype and all content of META-INF must be excluded. +void ImplFillElementList( + std::vector< rtl::OUString >& rList, const Reference < css::embed::XStorage >& rxStore, + const ::rtl::OUString rRootStorageName, const bool bRecursive, + const DocumentSignatureAlgorithm mode) +{ + ::rtl::OUString aMetaInfName( RTL_CONSTASCII_USTRINGPARAM( "META-INF" ) ); + ::rtl::OUString sMimeTypeName (RTL_CONSTASCII_USTRINGPARAM("mimetype")); + ::rtl::OUString aSep( RTL_CONSTASCII_USTRINGPARAM( "/" ) ); + + Reference < css::container::XNameAccess > xElements( rxStore, UNO_QUERY ); + Sequence< ::rtl::OUString > aElements = xElements->getElementNames(); + sal_Int32 nElements = aElements.getLength(); + const ::rtl::OUString* pNames = aElements.getConstArray(); + + for ( sal_Int32 n = 0; n < nElements; n++ ) + { + if (mode != OOo3_2Document + && (pNames[n] == aMetaInfName + || pNames[n] == sMimeTypeName)) + { + continue; + } + else + { + ::rtl::OUString sEncName = ::rtl::Uri::encode( + pNames[n], rtl_UriCharClassRelSegment, + rtl_UriEncodeStrict, RTL_TEXTENCODING_UTF8); + if (sEncName.getLength() == 0 && pNames[n].getLength() != 0) + throw css::uno::Exception(::rtl::OUString( + RTL_CONSTASCII_USTRINGPARAM("Failed to encode element name of XStorage")), 0); + + if ( rxStore->isStreamElement( pNames[n] ) ) + { + //Exclude documentsignatures.xml! + if (pNames[n].equals( + DocumentSignatureHelper::GetDocumentContentSignatureDefaultStreamName())) + continue; + ::rtl::OUString aFullName( rRootStorageName + sEncName ); + rList.push_back(aFullName); + } + else if ( bRecursive && rxStore->isStorageElement( pNames[n] ) ) + { + Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( pNames[n], css::embed::ElementModes::READ ); + rtl::OUString aFullRootName( rRootStorageName + sEncName + aSep ); + ImplFillElementList(rList, xSubStore, aFullRootName, bRecursive, mode); + } + } + } +} + + +bool DocumentSignatureHelper::isODFPre_1_2(const ::rtl::OUString & sVersion) +{ + //The property version exists only if the document is at least version 1.2 + //That is, if the document has version 1.1 and sVersion is empty. + //The constant is defined in comphelper/documentconstants.hxx + if (compareVersions(sVersion, ODFVER_012_TEXT) == -1) + return true; + return false; +} + +bool DocumentSignatureHelper::isOOo3_2_Signature(const SignatureInformation & sigInfo) +{ + ::rtl::OUString sManifestURI(RTL_CONSTASCII_USTRINGPARAM("META-INF/manifest.xml")); + bool bOOo3_2 = false; + typedef ::std::vector< SignatureReferenceInformation >::const_iterator CIT; + for (CIT i = sigInfo.vSignatureReferenceInfors.begin(); + i < sigInfo.vSignatureReferenceInfors.end(); i++) + { + if (i->ouURI.equals(sManifestURI)) + { + bOOo3_2 = true; + break; + } + } + return bOOo3_2; +} + +DocumentSignatureAlgorithm +DocumentSignatureHelper::getDocumentAlgorithm( + const ::rtl::OUString & sODFVersion, const SignatureInformation & sigInfo) +{ + OSL_ASSERT(sODFVersion.getLength()); + DocumentSignatureAlgorithm mode = OOo3_2Document; + if (!isOOo3_2_Signature(sigInfo)) + { + if (isODFPre_1_2(sODFVersion)) + mode = OOo2Document; + else + mode = OOo3_0Document; + } + return mode; +} + +//The function creates a list of files which are to be signed or for which +//the signature is to be validated. The strings are UTF8 encoded URIs which +//contain '/' as path separators. +// +//The algorithm how document signatures are created and validated has +//changed over time. The change affects only which files within the document +//are changed. Document signatures created by OOo 2.x only used particular files. Since +//OOo 3.0 everything except "mimetype" and "META-INF" are signed. As of OOo 3.2 everything +//except META-INF/documentsignatures.xml is signed. +//Signatures are validated according to the algorithm which was then used for validation. +//That is, when validating a signature which was created by OOo 3.0, then mimetype and +//META-INF are not used. +// +//When a signature is created then we always use the latest algorithm. That is, we use +//that of OOo 3.2 +std::vector< rtl::OUString > +DocumentSignatureHelper::CreateElementList( + const Reference < css::embed::XStorage >& rxStore, + const ::rtl::OUString /*rRootStorageName*/, DocumentSignatureMode eMode, + const DocumentSignatureAlgorithm mode) +{ + std::vector< rtl::OUString > aElements; + ::rtl::OUString aSep( RTL_CONSTASCII_USTRINGPARAM( "/" ) ); + + switch ( eMode ) + { + case SignatureModeDocumentContent: + { + if (mode == OOo2Document) //that is, ODF 1.0, 1.1 + { + // 1) Main content + ImplFillElementList(aElements, rxStore, ::rtl::OUString(), false, mode); + + // 2) Pictures... + rtl::OUString aSubStorageName( rtl::OUString::createFromAscii( "Pictures" ) ); + try + { + Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ ); + ImplFillElementList(aElements, xSubStore, aSubStorageName+aSep, true, mode); + } + catch(css::io::IOException& ) + { + ; // Doesn't have to exist... + } + // 3) OLE.... + aSubStorageName = rtl::OUString::createFromAscii( "ObjectReplacements" ); + try + { + Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ ); + ImplFillElementList(aElements, xSubStore, aSubStorageName+aSep, true, mode); + xSubStore.clear(); + + // Object folders... + rtl::OUString aMatchStr( rtl::OUString::createFromAscii( "Object " ) ); + Reference < css::container::XNameAccess > xElements( rxStore, UNO_QUERY ); + Sequence< ::rtl::OUString > aElementNames = xElements->getElementNames(); + sal_Int32 nElements = aElementNames.getLength(); + const ::rtl::OUString* pNames = aElementNames.getConstArray(); + for ( sal_Int32 n = 0; n < nElements; n++ ) + { + if ( ( pNames[n].match( aMatchStr ) ) && rxStore->isStorageElement( pNames[n] ) ) + { + Reference < css::embed::XStorage > xTmpSubStore = rxStore->openStorageElement( pNames[n], css::embed::ElementModes::READ ); + ImplFillElementList(aElements, xTmpSubStore, pNames[n]+aSep, true, mode); + } + } + } + catch( com::sun::star::io::IOException& ) + { + ; // Doesn't have to exist... + } + } + else + { + // Everything except META-INF + ImplFillElementList(aElements, rxStore, ::rtl::OUString(), true, mode); + } + } + break; + case SignatureModeMacros: + { + // 1) Macros + rtl::OUString aSubStorageName( rtl::OUString::createFromAscii( "Basic" ) ); + try + { + Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ ); + ImplFillElementList(aElements, xSubStore, aSubStorageName+aSep, true, mode); + } + catch( com::sun::star::io::IOException& ) + { + ; // Doesn't have to exist... + } + + // 2) Dialogs + aSubStorageName = rtl::OUString::createFromAscii( "Dialogs") ; + try + { + Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ ); + ImplFillElementList(aElements, xSubStore, aSubStorageName+aSep, true, mode); + } + catch( com::sun::star::io::IOException& ) + { + ; // Doesn't have to exist... + } + // 3) Scripts + aSubStorageName = rtl::OUString::createFromAscii( "Scripts") ; + try + { + Reference < css::embed::XStorage > xSubStore = rxStore->openStorageElement( aSubStorageName, css::embed::ElementModes::READ ); + ImplFillElementList(aElements, xSubStore, aSubStorageName+aSep, true, mode); + } + catch( css::io::IOException& ) + { + ; // Doesn't have to exist... + } + } + break; + case SignatureModePackage: + { + // Everything except META-INF + ImplFillElementList(aElements, rxStore, ::rtl::OUString(), true, mode); + } + break; + } + + return aElements; +} + +SignatureStreamHelper DocumentSignatureHelper::OpenSignatureStream( + const Reference < css::embed::XStorage >& rxStore, sal_Int32 nOpenMode, DocumentSignatureMode eDocSigMode ) +{ + sal_Int32 nSubStorageOpenMode = css::embed::ElementModes::READ; + if ( nOpenMode & css::embed::ElementModes::WRITE ) + nSubStorageOpenMode = css::embed::ElementModes::WRITE; + + SignatureStreamHelper aHelper; + + try + { + ::rtl::OUString aSIGStoreName( RTL_CONSTASCII_USTRINGPARAM( "META-INF" ) ); + aHelper.xSignatureStorage = rxStore->openStorageElement( aSIGStoreName, nSubStorageOpenMode ); + if ( aHelper.xSignatureStorage.is() ) + { + ::rtl::OUString aSIGStreamName; + if ( eDocSigMode == SignatureModeDocumentContent ) + aSIGStreamName = DocumentSignatureHelper::GetDocumentContentSignatureDefaultStreamName(); + else if ( eDocSigMode == SignatureModeMacros ) + aSIGStreamName = DocumentSignatureHelper::GetScriptingContentSignatureDefaultStreamName(); + else + aSIGStreamName = DocumentSignatureHelper::GetPackageSignatureDefaultStreamName(); + + aHelper.xSignatureStream = aHelper.xSignatureStorage->openStreamElement( aSIGStreamName, nOpenMode ); + } + } + catch(css::io::IOException& ) + { + // Doesn't have to exist... + DBG_ASSERT( nOpenMode == css::embed::ElementModes::READ, "Error creating signature stream..." ); + } + + return aHelper; +} + +//sElementList contains all files which are expected to be signed. Only those files must me signed, +//no more, no less. +//The DocumentSignatureAlgorithm indicates if the document was created with OOo 2.x. Then +//the uri s in the Reference elements in the signature, were not properly encoded. +// For example: <Reference URI="ObjectReplacements/Object 1"> +bool DocumentSignatureHelper::checkIfAllFilesAreSigned( + const ::std::vector< ::rtl::OUString > & sElementList, + const SignatureInformation & sigInfo, + const DocumentSignatureAlgorithm alg) +{ + // Can only be valid if ALL streams are signed, which means real stream count == signed stream count + unsigned int nRealCount = 0; + for ( int i = sigInfo.vSignatureReferenceInfors.size(); i; ) + { + const SignatureReferenceInformation& rInf = sigInfo.vSignatureReferenceInfors[--i]; + // There is also an extra entry of type TYPE_SAMEDOCUMENT_REFERENCE because of signature date. + if ( ( rInf.nType == TYPE_BINARYSTREAM_REFERENCE ) || ( rInf.nType == TYPE_XMLSTREAM_REFERENCE ) ) + { + ::rtl::OUString sReferenceURI = rInf.ouURI; + if (alg == OOo2Document) + { + //Comparing URIs is a difficult. Therefore we kind of normalize + //it before comparing. We assume that our URI do not have a leading "./" + //and fragments at the end (...#...) + sReferenceURI = ::rtl::Uri::encode( + sReferenceURI, rtl_UriCharClassPchar, + rtl_UriEncodeCheckEscapes, RTL_TEXTENCODING_UTF8); + } + + //find the file in the element list + typedef ::std::vector< ::rtl::OUString >::const_iterator CIT; + for (CIT aIter = sElementList.begin(); aIter < sElementList.end(); aIter++) + { + ::rtl::OUString sElementListURI = *aIter; + if (alg == OOo2Document) + { + sElementListURI = + ::rtl::Uri::encode( + sElementListURI, rtl_UriCharClassPchar, + rtl_UriEncodeCheckEscapes, RTL_TEXTENCODING_UTF8); + } + if (sElementListURI.equals(sReferenceURI)) + { + nRealCount++; + break; + } + } + } + } + return sElementList.size() == nRealCount; +} + /*Compares the Uri which are obtained from CreateElementList with the path obtained from the manifest.xml. Returns true if both strings are equal. @@ -408,58 +405,58 @@ bool DocumentSignatureHelper::equalsReferenceUriManifestPath( const OUString & rUri, const OUString & rPath) { bool retVal = false; - //split up the uri and path into segments. Both are separated by '/'
- std::vector<OUString> vUriSegments;
- sal_Int32 nIndex = 0;
- do
- {
- OUString aToken = rUri.getToken( 0, '/', nIndex );
- vUriSegments.push_back(aToken);
- }
- while (nIndex >= 0);
-
- std::vector<OUString> vPathSegments;
- nIndex = 0;
- do
- {
- OUString aToken = rPath.getToken( 0, '/', nIndex );
- vPathSegments.push_back(aToken);
- }
- while (nIndex >= 0);
-
- //Now compare each segment of the uri with its counterpart from the path
- if (vUriSegments.size() == vPathSegments.size())
- {
- retVal = true;
- typedef std::vector<OUString>::const_iterator CIT;
- for (CIT i = vUriSegments.begin(), j = vPathSegments.begin();
- i != vUriSegments.end(); i++, j++)
- {
- //Decode the uri segment, so that %20 becomes ' ', etc.
- OUString sDecUri = ::rtl::Uri::decode(
- *i, rtl_UriDecodeWithCharset, RTL_TEXTENCODING_UTF8);
- if (!sDecUri.equals(*j))
- {
- retVal = false;
- break;
- }
- }
- }
+ //split up the uri and path into segments. Both are separated by '/' + std::vector<OUString> vUriSegments; + sal_Int32 nIndex = 0; + do + { + OUString aToken = rUri.getToken( 0, '/', nIndex ); + vUriSegments.push_back(aToken); + } + while (nIndex >= 0); + + std::vector<OUString> vPathSegments; + nIndex = 0; + do + { + OUString aToken = rPath.getToken( 0, '/', nIndex ); + vPathSegments.push_back(aToken); + } + while (nIndex >= 0); + + //Now compare each segment of the uri with its counterpart from the path + if (vUriSegments.size() == vPathSegments.size()) + { + retVal = true; + typedef std::vector<OUString>::const_iterator CIT; + for (CIT i = vUriSegments.begin(), j = vPathSegments.begin(); + i != vUriSegments.end(); i++, j++) + { + //Decode the uri segment, so that %20 becomes ' ', etc. + OUString sDecUri = ::rtl::Uri::decode( + *i, rtl_UriDecodeWithCharset, RTL_TEXTENCODING_UTF8); + if (!sDecUri.equals(*j)) + { + retVal = false; + break; + } + } + } return retVal; } -
-::rtl::OUString DocumentSignatureHelper::GetDocumentContentSignatureDefaultStreamName()
-{
- return ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "documentsignatures.xml" ) );
-}
-
-::rtl::OUString DocumentSignatureHelper::GetScriptingContentSignatureDefaultStreamName()
-{
- return ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "macrosignatures.xml" ) );
-}
-
-::rtl::OUString DocumentSignatureHelper::GetPackageSignatureDefaultStreamName()
-{
- return ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "packagesignatures.xml" ) );
-}
+ +::rtl::OUString DocumentSignatureHelper::GetDocumentContentSignatureDefaultStreamName() +{ + return ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "documentsignatures.xml" ) ); +} + +::rtl::OUString DocumentSignatureHelper::GetScriptingContentSignatureDefaultStreamName() +{ + return ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "macrosignatures.xml" ) ); +} + +::rtl::OUString DocumentSignatureHelper::GetPackageSignatureDefaultStreamName() +{ + return ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "packagesignatures.xml" ) ); +} diff --git a/xmlsecurity/source/helper/makefile.mk b/xmlsecurity/source/helper/makefile.mk index adc85e92f197..6b5a6a525e48 100644 --- a/xmlsecurity/source/helper/makefile.mk +++ b/xmlsecurity/source/helper/makefile.mk @@ -2,14 +2,10 @@ # # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # -# Copyright 2008 by Sun Microsystems, Inc. +# Copyright 2000, 2010 Oracle and/or its affiliates. # # OpenOffice.org - a multi-platform office productivity suite # -# $RCSfile: makefile.mk,v $ -# -# $Revision: 1.5 $ -# # This file is part of OpenOffice.org. # # OpenOffice.org is free software: you can redistribute it and/or modify diff --git a/xmlsecurity/source/helper/xmlsignaturehelper.cxx b/xmlsecurity/source/helper/xmlsignaturehelper.cxx index a5890544be00..dd3ae00f69c1 100644 --- a/xmlsecurity/source/helper/xmlsignaturehelper.cxx +++ b/xmlsecurity/source/helper/xmlsignaturehelper.cxx @@ -2,13 +2,10 @@ * * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * - * Copyright 2008 by Sun Microsystems, Inc. + * Copyright 2000, 2010 Oracle and/or its affiliates. * * OpenOffice.org - a multi-platform office productivity suite * - * $RCSfile: xmlsignaturehelper.cxx,v $ - * $Revision: 1.29 $ - * * This file is part of OpenOffice.org. * * OpenOffice.org is free software: you can redistribute it and/or modify diff --git a/xmlsecurity/source/helper/xmlsignaturehelper2.cxx b/xmlsecurity/source/helper/xmlsignaturehelper2.cxx index 9baa6d7061c4..4c0c847b8d54 100644 --- a/xmlsecurity/source/helper/xmlsignaturehelper2.cxx +++ b/xmlsecurity/source/helper/xmlsignaturehelper2.cxx @@ -2,13 +2,10 @@ * * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * - * Copyright 2008 by Sun Microsystems, Inc. + * Copyright 2000, 2010 Oracle and/or its affiliates. * * OpenOffice.org - a multi-platform office productivity suite * - * $RCSfile: xmlsignaturehelper2.cxx,v $ - * $Revision: 1.10 $ - * * This file is part of OpenOffice.org. * * OpenOffice.org is free software: you can redistribute it and/or modify diff --git a/xmlsecurity/source/helper/xmlsignaturehelper2.hxx b/xmlsecurity/source/helper/xmlsignaturehelper2.hxx index d386b1dbbf7a..84b45d02ba41 100644 --- a/xmlsecurity/source/helper/xmlsignaturehelper2.hxx +++ b/xmlsecurity/source/helper/xmlsignaturehelper2.hxx @@ -2,13 +2,10 @@ * * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * - * Copyright 2008 by Sun Microsystems, Inc. + * Copyright 2000, 2010 Oracle and/or its affiliates. * * OpenOffice.org - a multi-platform office productivity suite * - * $RCSfile: xmlsignaturehelper2.hxx,v $ - * $Revision: 1.6 $ - * * This file is part of OpenOffice.org. * * OpenOffice.org is free software: you can redistribute it and/or modify diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx index 159227d43fcc..bdcb0658af1e 100644 --- a/xmlsecurity/source/helper/xsecctl.cxx +++ b/xmlsecurity/source/helper/xsecctl.cxx @@ -2,13 +2,10 @@ * * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * - * Copyright 2008 by Sun Microsystems, Inc. + * Copyright 2000, 2010 Oracle and/or its affiliates. * * OpenOffice.org - a multi-platform office productivity suite * - * $RCSfile: xsecctl.cxx,v $ - * $Revision: 1.12 $ - * * This file is part of OpenOffice.org. * * OpenOffice.org is free software: you can redistribute it and/or modify diff --git a/xmlsecurity/source/helper/xsecctl.hxx b/xmlsecurity/source/helper/xsecctl.hxx index 344d41bc01ad..4a715105d044 100644 --- a/xmlsecurity/source/helper/xsecctl.hxx +++ b/xmlsecurity/source/helper/xsecctl.hxx @@ -2,13 +2,10 @@ * * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * - * Copyright 2008 by Sun Microsystems, Inc. + * Copyright 2000, 2010 Oracle and/or its affiliates. * * OpenOffice.org - a multi-platform office productivity suite * - * $RCSfile: xsecctl.hxx,v $ - * $Revision: 1.12 $ - * * This file is part of OpenOffice.org. * * OpenOffice.org is free software: you can redistribute it and/or modify diff --git a/xmlsecurity/source/helper/xsecparser.cxx b/xmlsecurity/source/helper/xsecparser.cxx index c780164ce9c5..1546acbdb4ef 100644 --- a/xmlsecurity/source/helper/xsecparser.cxx +++ b/xmlsecurity/source/helper/xsecparser.cxx @@ -2,13 +2,10 @@ * * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * - * Copyright 2008 by Sun Microsystems, Inc. + * Copyright 2000, 2010 Oracle and/or its affiliates. * * OpenOffice.org - a multi-platform office productivity suite * - * $RCSfile: xsecparser.cxx,v $ - * $Revision: 1.8 $ - * * This file is part of OpenOffice.org. * * OpenOffice.org is free software: you can redistribute it and/or modify diff --git a/xmlsecurity/source/helper/xsecparser.hxx b/xmlsecurity/source/helper/xsecparser.hxx index 5d3b5e415dbc..8de771569191 100644 --- a/xmlsecurity/source/helper/xsecparser.hxx +++ b/xmlsecurity/source/helper/xsecparser.hxx @@ -2,13 +2,10 @@ * * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * - * Copyright 2008 by Sun Microsystems, Inc. + * Copyright 2000, 2010 Oracle and/or its affiliates. * * OpenOffice.org - a multi-platform office productivity suite * - * $RCSfile: xsecparser.hxx,v $ - * $Revision: 1.4 $ - * * This file is part of OpenOffice.org. * * OpenOffice.org is free software: you can redistribute it and/or modify diff --git a/xmlsecurity/source/helper/xsecsign.cxx b/xmlsecurity/source/helper/xsecsign.cxx index 2c2883cedda1..774a07cb28f2 100644 --- a/xmlsecurity/source/helper/xsecsign.cxx +++ b/xmlsecurity/source/helper/xsecsign.cxx @@ -2,13 +2,10 @@ * * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * - * Copyright 2008 by Sun Microsystems, Inc. + * Copyright 2000, 2010 Oracle and/or its affiliates. * * OpenOffice.org - a multi-platform office productivity suite * - * $RCSfile: xsecsign.cxx,v $ - * $Revision: 1.12 $ - * * This file is part of OpenOffice.org. * * OpenOffice.org is free software: you can redistribute it and/or modify diff --git a/xmlsecurity/source/helper/xsecverify.cxx b/xmlsecurity/source/helper/xsecverify.cxx index 27c7305d3730..82210fdc91b3 100644 --- a/xmlsecurity/source/helper/xsecverify.cxx +++ b/xmlsecurity/source/helper/xsecverify.cxx @@ -2,13 +2,10 @@ * * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * - * Copyright 2008 by Sun Microsystems, Inc. + * Copyright 2000, 2010 Oracle and/or its affiliates. * * OpenOffice.org - a multi-platform office productivity suite * - * $RCSfile: xsecverify.cxx,v $ - * $Revision: 1.10 $ - * * This file is part of OpenOffice.org. * * OpenOffice.org is free software: you can redistribute it and/or modify |